Two years of LibreSSL

Speaker: Bernard Spil

Abstract

LibreSSL is a version of the TLS/crypto stack forked from OpenSSL by OpenBSD in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes. As a fork of OpenSSL 1.0.1g it is mostly a drop-in replacement.

With the modernization of the codebase, a number of features found in OpenSSL have been removed. I will address the challenges of using LibreSSL in the real world. This addresses the major changes and benefits you get from replacing OpenSSL with LibreSSL.

Included are fun examples of a major project (Apache, OpenLDAP, etc) not working and requiring old and deprecated security mechanisms. Additionally the talk will address what it means to replace OpenSSL with LibreSSL in an operating system (FreeBSD, HardenedBSD, PC-BSD)

Biography

Bernard Spil is an enterprise IT architect by day and a FreeBSD ports committer (a.o. maintainer of OpenSSL and LibreSSL ports) by night. He is known for his authoritative repository of LibreSSL patches and making all ports in FreeBSD work with LibreSSL. Recently work was completed to replace OpenSSL in the FreeBSD base system completely for HardededBSD and TrueOS.