just in case it's not painfully evident by heartbleed 2.0..
OpenSSL is crapware that none should rely on in the production, consider using LibreSSL or an alternative with better Quality Assurance #OpenSSL #SSL #LibreSSL #QA #security #cryptography #cybersecurity #xp
I'm glad there are options, but like windows, you'll never get it replaced... does libreSSL have FIPS support? nope, according to this, and as long as that is true, we're stuck with it. Gov contracts require it. https://github.com/libressl-portable/portable/issues/572
Follow
> LibreSSL removed the FIPS compliant module from its code, arguing that the FIPS 140-2 uses weak or broken ciphers and is detrimental to security
I don't have the background on why that is
