Hacker News new | past | comments | ask | show | jobs | submit login

Last I looked, BoringSSL[1] was a drop-in replacement for 1.1, as long as:

1. Your usecases intersect with Google's (they removed bunch of stuff during the initial forking phase).

2. You can handle the following:

   > Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
[1]: https://boringssl.googlesource.com/boringssl/



What about libreSSL, the other fork?

https://www.libressl.org/

https://github.com/libressl/portable#compatibility-with-open...


Initially the idea seemed to be Libressl has better development practices => fewer bugs. The idea was this pays for a compatibility price. I think that didn't pan out very well longer term.


It's also not finished, and that is constrained by developer time and availability.

https://marc.info/?l=openbsd-misc&m=168674593912952&w=2

and the reply:

https://marc.info/?l=openbsd-misc&m=168675478419177&w=2

Edit: certainly, if you don't need what isn't there, LibreSSL could be a viable replacement.


I think it did in absolute terms, but didn't relatively - as a response to all the noise and forks, openssl did improve a lot as well.


Can you be specific about what improved? After peeking at the repo, the biggest improvement seems to have been reindenting it.


I think the idea of using their new libTLS api alongside it was there early on. Adding "easier, foolproof api => even fewer bugs" to the mix. But that didn't seem to get much uptake.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: