Moderators: fgagnon, nikos, Site Mods
I run it on FreeBSD where it seems to work (except for some occasional patches in various ports) rather well. No worries, I don't use the broken Linux.snemarch wrote:As for running LibReSSL... it's a very good initiative, but I certainly don't hope you're running it in production yet - especially not if you're running it on anything but OpenBSD.
No, just on its API which is matched by several libraries.snemarch wrote:there's also a lot of critical infrastructure depending on OpenSSL.
"Seems to work" doesn't go very well with security. While FreeBSD is obviously closer to OpenBSD than linux is, do keep in mind that LibReSSL is still quite in flux, and depends heavily on OS APIs being 100% correctly implemented before shims are done for other OSes. Even on OpenBSD, I wouldn't use LibRe in production yet. It's the SSL project I believe most in, but the OpenBSD developers still need to deem it ready.Tuxman wrote:I run it on FreeBSD where it seems to work (except for some occasional patches in various ports) rather well. No worries, I don't use the broken Linux.snemarch wrote:As for running LibReSSL... it's a very good initiative, but I certainly don't hope you're running it in production yet - especially not if you're running it on anything but OpenBSD.
The company I work for is currently running parts of pretty damn critical infrastructure for .dk, and without breaking any NDAs, I can certainly tell you that OpenSSL is involved, not just the API.Tuxman wrote:No, just on its API which is matched by several libraries.snemarch wrote:there's also a lot of critical infrastructure depending on OpenSSL.
Depends if you otherwise know the sources.snemarch wrote:"Seems to work" doesn't go very well with security.
And while LibreSSL worked from the first day on FreeBSD, Linux required heavy kernel patches to make Linux "more BSD-ish".snemarch wrote:do keep in mind that LibReSSL is still quite in flux, and depends heavily on OS APIs being 100% correctly implemented before shims are done for other OSes.
There is no bug-free software.snemarch wrote:It's the SSL project I believe most in, but the OpenBSD developers still need to deem it ready.
Just reading the specs.snemarch wrote:Which experience do you base your claims on?
No, it doesn't - security needs to be bloody well tested, especially for critical infrastructure code. Yes, the OpenBDS developers are pretty damn good, and I have a lot of confidence in them - but they're making aggressive changes to a very complex and fragile codebase.Tuxman wrote:Depends if you otherwise know the sources.snemarch wrote:"Seems to work" doesn't go very well with security.
Define "worked"Tuxman wrote:And while LibreSSL worked from the first day on FreeBSD, Linux required heavy kernel patches to make Linux "more BSD-ish".snemarch wrote:do keep in mind that LibReSSL is still quite in flux, and depends heavily on OS APIs being 100% correctly implemented before shims are done for other OSes.
. Keep in mind that the OpenBSD development process is to make something that works on OpenBSD, and when satisfied with that result, write shims for other systems. They don't limit themselves to POSIX APIs when those APIs aren't good enough... AFAIK there have been no "heavy kernel patches" to Linux, but there was a LibReSSL bug for a semi-theoretical PID clash problem, which resulted in a suggestion for kernel getrandom syscall (which also helps avoid another semi-theoretical problem with FD exhaustion and inavailability of /dev/random). But perhaps there's some other issues I've missed or forgotten?Which is true, but not an excuse to deploy in-heavy-flux code to production servers. A philosophy the OpenBSD guys follow.Tuxman wrote:There is no bug-free software.snemarch wrote:It's the SSL project I believe most in, but the OpenBSD developers still need to deem it ready.
I was referring to the real-world usage of OpenSSL in critical infrastructure, which your selective quoting doesn't include - you didn't answer my question.Tuxman wrote:Just reading the specs.snemarch wrote:Which experience do you base your claims on?
My private server (where I run LibreSSL on) is mainly a playfield without much SSL-related stuff. Critical infrastructure is housed on other servers (primarily running FreeBSD with OpenSSL).snemarch wrote:security needs to be bloody well tested, especially for critical infrastructure code.
Aggressive but well-thought and well-audited changes nevertheless.snemarch wrote:but they're making aggressive changes to a very complex and fragile codebase.
AFAICS the FreeBSD "port" was mainly a new Makefile, while the Linux port was, uhm, annoying.snemarch wrote:Define "worked"
Actually, that's even the main part. LibreSSL made Linux get a sane random pool, it forced Linux developers to fix breakages inside their kernel. There surely are some more (reading the LKML not everything is patched yet), but obviously "the BSDs" share a security system Linux still lacks.snemarch wrote:AFAIK there have been no "heavy kernel patches" to Linux, but there was a LibReSSL bug for a semi-theoretical PID clash problem, which resulted in a suggestion for kernel getrandom syscall (which also helps avoid another semi-theoretical problem with FD exhaustion and inavailability of /dev/random). But perhaps there's some other issues I've missed or forgotten?
That's why people shouldn't use third-party wrappers for core components. I, for one, do.snemarch wrote:The OpenBSD developers warned people not to try writing these if they didn't know what they were doing, but that didn't stop people from writing some very very terribad implementations that were a lot less secure than standard OpenSSL.
I may be too pragmatic on that, but if I have the choice between "stable" and "secure", I choose security.snemarch wrote:Which is true, but not an excuse to deploy in-heavy-flux code to production servers. A philosophy the OpenBSD guys follow.
I never had to. My company's projects are mainly developed within the intranet, the main project I'm working on would gather nothing from just having OpenSSL.snemarch wrote:I was referring to the real-world usage of OpenSSL in critical infrastructure
