Add libreSSL to oe-core?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Randy MacLeod <randy.macleod@windriver.com>
To: Patches and discussions about the oe-core layer
	<openembedded-core@lists.openembedded.org>
Subject: Add libreSSL to oe-core?
Date: Mon, 4 May 2015 14:45:25 -0400	[thread overview]
Message-ID: <5547BE45.2050206@windriver.com> (raw)


Should oe-core add libressl as an alternative to openssl and other
OE SSL/TLS implementations?

We had a request from a customer to add LibreSSL so I was wondering
about the plans of the Yocto community and indeed of the larger Linux
distro community.

Libressl claims (aims?) to be  a more stable, secure TLS implementation
then OpenSSL. It was initially only for OpenBSD but it supports a
variety of platforms now:
    http://www.libressl.org/releases.html
The CVE history enthusiastically summarized on Wikipedia:
    https://en.wikipedia.org/wiki/LibreSSL
does indicate that libressl has been vulnerable to fewer CVEs than
openssl so far. I quickly reviewed:
    https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
but perhaps someone on the list has more direct experience, knowledge
and/or opinions of implementations of TLS? Note that the libressl devs
has stated that they have no interest in FIPS 140-2 certification:
    http://marc.info/?l=openbsd-misc&m=139819485423701&w=2
so that could be a problem for some users.


Other than Arch, and openSUSE Factory build, it seems that no
major linux distro has added libressl:
    http://pkgs.org/search/libressl

An OE libressl recipe is not current indexed:
 
http://layers.openembedded.org/layerindex/branch/master/recipes/?q=libressl

If I search more broadly:
    http://layers.openembedded.org/layerindex/branch/master/recipes/?q=ssl

I see that the OE community does have recipes for:
   gnutls, nss, polarssl (now mbed TLS) and wolfssl.

So what do you think of libressl?

-- 
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON, 
Canada, K2K 2W5

next             reply	other threads:[~2015-05-04 18:45 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-04 18:45 Randy MacLeod [this message]
2015-05-05 19:51 ` Add libreSSL to oe-core? Richard Purdie
2015-05-05 20:05   ` Khem Raj
2015-05-05 20:05   ` Otavio Salvador
2015-05-06 15:45     ` Randy MacLeod

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5547BE45.2050206@windriver.com \
    --to=randy.macleod@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.