Follow
just in case it's not painfully evident by heartbleed 2.0..
OpenSSL is crapware that none should rely on in the production, consider using LibreSSL or an alternative with better Quality Assurance #OpenSSL #SSL #LibreSSL #QA #security #cryptography #cybersecurity #xp
@kreyren what makes 'libreSSL' better?I'm interested in your thoughts.
@bryanbrake LibreSSL was created in 2014 after heartbleed 1.0 and seems to have a better quality assurance to avoid these critical issues thus why i said consider using it.
> LibreSSL removed the FIPS compliant module from its code, arguing that the FIPS 140-2 uses weak or broken ciphers and is detrimental to security
I don't have the background on why that is
@kreyren
I'm glad there are options, but like windows, you'll never get it replaced... does libreSSL have FIPS support? nope, according to this, and as long as that is true, we're stuck with it. Gov contracts require it. https://github.com/libressl-portable/portable/issues/572