Hello, New releases of the following packages are available:
* skalibs-2.4.0.2 --------------- Bugfix release. It is necessary to upgrade to this release for the new version of s6-networking to work. http://skarnet.org/software/skalibs/ git://git.skarnet.org/skalibs * s6-networking-2.2.1.0 --------------------- This release of s6-networking comes with 4 optional new binaries: s6-tlsclient, s6-tlsserver, s6-tlsc, s6-tlsd. Those binaries implement secure connections via the TLS protocol. s6-tlsclient and s6-tlsserver act like s6-tcpclient and s6-tcpserver respectively; s6-tlsc and s6-tlsd are the "tlsify" blocks that put themselves between the network and the cleartext-speaking application. Building those binaries requires an additional dependency to a SSL library, called a "backend". After installing the chosen backend, you can tell s6-networking to use it by giving the "--enable-ssl=$backend" option to configure. There are two supported values for $backend: * "libressl" . This requires installing LibreSSL 2.4.4 or later. This is the default, safe choice. * "bearssl". This requires installing BearSSL 0.1 or later. BearSSL is a new SSL library being developed by Thomas Pornin, a renowned cryptologist. Choosing BearSSL is still experimental (it will only be considered production-ready by its author when it reaches version 1.0), but it's working for me successfully. The reason to choose BearSSL over LibreSSL is that BearSSL's design is incredibly high-quality. It is much more maintainable than the OpenSSL/LibreSSL code base; it requires a ridiculously small amount of RAM to run; static x86_64 executables for s6-tlsc and s6-tlsd are, when linked against BearSSL, 10% of the size they are when using LibreSSL. (Yes, that's a 90% size reduction.) Given that LibreSSL is ubiquitous and BearSSL already looks amazing and will likely be production-ready next year, there are no plans to add further backends. http://skarnet.org/software/s6-networking/ git://git.skarnet.org/s6-networking https://libressl.org/ https://bearssl.org/ Enjoy, Bug-reports *especially* welcome. I spent a long time ironing out small issues in s6-tlsc and s6-tlsd, but if any problems remain, it is particularly important to handle them quickly. -- Laurent
