Which is better between libreSSL vs openSSL?

1.1K    Asked by ankur_3579 in Cyber Security , Asked on Feb 25, 2022

What are the main advantages of using LibreSSL vs OpenSSL?

As I understood LibreSSL is a fork of OpenSSL: LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.


Seems like a good idea to use it.


Is this library widely used? Why would server administrators choose LibreSSL over OpenSSL?

Answered by Ankit yadav

LibreSSL vs OpenSSL

While the OpenSSL project was busy missing the OpenSSL 3 release date by several years, firing multiple project managers in the process, the LibreSSL developers have started to replace large swaths of the OpenSSL codebase with new ISC-licensed code, while maintaining compatibility with the majority of OpenSSL 1.0 and 1.1 APIs. LibreSSL also has not fired any project managers or missed any key deadlines. And, as noted above, the LibreSSL developers are willing to collaborate on missing functionality as needed. I do not think we can expect such levels of collaboration with the OpenSSL team, even if their project had healthy governance: they appear to have intentionally installed multiple layers of red tape between themselves and the community.

FIPS mode One major issue that would require addressing is that LibreSSL has removed FIPS mode, while we have end users who require FIPS mode for compliance reasons. One possibility could be to reintroduce FIPS mode as a set of configurations which restrict ciphersuites to ones that have been approved for use under FIPS. In the past, however, this led to OpenSSL being used for some packages in lieu of LibreSSL so that those users could make use of a FIPS module. Discussing FIPS compliance functionality with LibreSSL developers would be considered a task item if we looked in this direction.



Your Answer

Interviews

Parent Categories