*** Welcome to piglix ***

LibreSSL

LibreSSL
LibreSSL logo.jpg
Puffy, the mascot of OpenBSD, made to resemble Che Guevara
Original author(s) The OpenSSL Project
Developer(s) The OpenBSD Project
Initial release 2.0.0 / 11 July 2014; 2 years ago (2014-07-11)
Stable release

2.4.5 (February 1, 2017; 33 days ago (2017-02-01))

2.3.10 (February 1, 2017; 33 days ago (2017-02-01))
Preview release 2.5.1 (February 1, 2017; 33 days ago (2017-02-01))
Repository github.com/libressl-portable/portable
Development status Active
Written in C and assembly
Operating system OpenBSD, FreeBSD, NetBSD, Linux, HP-UX, Solaris, OS X, Windows and others
Type Security library
License Apache license 1.0, 4-clause BSD License, ISC license, and some are public domain
Website www.libressl.org

2.4.5 (February 1, 2017; 33 days ago (2017-02-01))

LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It was forked from the OpenSSL cryptographic software library in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation.

LibreSSL was forked from the OpenSSL library starting with the 1.0.1g branch and will follow the security guidelines used elsewhere in the OpenBSD project.

After the Heartbleed bug in OpenSSL, the OpenBSD team audited the code afresh, and quickly realised they would need to maintain a fork themselves. The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014.

In the first week of code pruning, more than 90,000 lines of C code were removed. Older or unused code has been removed, and support for some older or now-rare operating systems removed. LibreSSL was initially being developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was then ported back to other platforms once a stripped-down version of the library was stable. As of April 2014, the project was seeking a "stable commitment" of external funding.

On 17 May 2014, Bob Beck presented "LibreSSL: The first 30 days, and what the Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month, encountered issues, and implemented changes.

On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance, LibreSSL was not; Theo de Raadt accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL.


...
Wikipedia

...