Announcement

Collapse
No announcement yet.

LibreSSL 2.3 Released: Completely Nukes SSLv3 Support

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    LibreSSL 2.3 Released: Completely Nukes SSLv3 Support

    Phoronix: LibreSSL 2.3 Released: Completely Nukes SSLv3 Support

    The OpenBSD crew has released version 2.3.0 of their forked OpenSSL project, the widely-known LibreSSL...

    LibreSSL 2.3 Released: Completely Nukes SSLv3 Support - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=LibreSSL-2.3-Released
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Woah, someone was using the toy crypto hash SHA-0 in a real system? That was proven insecure in 2004!

    The heck with backwards compatability, you might as well not be using crypto if that's all you can do.
    • Likes 1

    Comment

    • #3
      Originally posted by willmore View Post
      Woah, someone was using the toy crypto hash SHA-0 in a real system? That was proven insecure in 2004!

      The heck with backwards compatability, you might as well not be using crypto if that's all you can do.
      If it is all the server can do and it enforces SSL you now can't access it.

      Comment

      • #4
        Originally posted by AJenbo View Post

        If it is all the server can do and it enforces SSL you now can't access it.
        Better to break loudly than quietly...

        Comment

        • #5
          Originally posted by cb88 View Post

          Better to break loudly than quietly...
          I would prefer rejecting connection by default, but with an option to force it. There are some really outdated corporate servers out there.
          • Likes 1

          Comment

          • #6
            Originally posted by AJenbo View Post

            I would prefer rejecting connection by default, but with an option to force it. There are some really outdated corporate servers out there.
            Part of me agrees with you, and part of me would gladly shame the corporate servers that don't bother with security updates.

            Comment

            • #7
              The great thing about LibreSSL is that is is new, has less shit code in it (because they got rid of a lot of it) and is now probably a lot more secure due to the improved focus on OpenSSL/BoringSSL/LibreSSL

              Now to keep those servers of yours up to date sysadmins, you have no excuses!
              • Likes 2

              Comment

              • #8
                So in other words, no more SSL support?

                Shouldn't it be LibreTLS then?

                Comment

                Previous template Next
                Working...
                X