LibreSSL: a cleaned version of OpenSSL (OpenBSD project)

    The participants in the OpenBSD project, who developed the operating system of the same name, as well as various tools such as OpenSSH, OpenBGPD, OpenNTPD and OpenSMTPD, launched the LibreSSL project . This is a cleaned up, simpler version of OpenSSL.

    Theo de Raadt, founder and project manager of OpenBSD and OpenSSH, said they had already managed to get rid of approximately 90,000 lines of C code and 150,000 lines of content in general. Removed support for MacOS, Netware, OS / 2, VMS and Windows, as few people need it all.

    “We are trying to make the code more understandable. 99.99% of the community do not need VMS support, and 98% do not need Windows support, says Theo de Raadt. “They need POSIX support so that Unix and Unix derivatives can run.” People don't care about FIPS. The code should be simple. Even after all the changes, the code base is still compatible with the API. Our whole collection of ports (8700 applications) continues to compile and work, after all the changes. ”

    OpenSSL is considered the standard library for cryptographic traffic protection using SSL / TLS protocols. But the reputation of this program was greatly tarnished by the Heartbleed bug. As it turned out, about two-thirds of the “secure” Internet sites over the past two years have been open to listening. Experts suggestthat the leading intelligence agencies of the world learned about this vulnerability within a few weeks after its appearance in 2012, since the intelligence agencies have special departments for searching for bugs in open source programs.


    The workplace of an NSA headquarters employee in Fort Meade, Maryland.

    The incident provoked widespread criticism of the quality of OpenSSL code, poorly documented and sometimes poorly written, see the article “Monkeys OpenSSL .

    The LibreSSL project should be a worthy alternative. Among the fragments that were removed in the OpenSSL fork is code that the OpenSSL developers themselves planned to delete, but never did.

    Also popular now: