Management Portal

OpenBSD Team Launches "LibreSSL" fork of OpenSSL in light of HeartBleed

libressl-feat

OpenBSD Team Launches “LibreSSL” fork of OpenSSL in light of HeartBleed

openbsd_autresThe folks over at OpenBSD have been working hard on their own version of OpenSSL by ripping out unnecessary code, fixing bugs, and increasing security. Fueled by the massive number of security implications brought upon the web by the HeartBleed bug, they were previously unsure how their version of OpenSSL would play out (it seemed unlikely that it would be adopted by the OpenSSL upstream due to the number of changes they were making), they decided to launch their version as “LibreSSL”. The OpenBSD group promises that LibreSSL will be included in OpenBSD version 5.6 (version 5.4 was released November 1, 2013). We can likely expect that version 5.6 will be released around November 2014, as OpenBSD follows a strict 6 month release cycle, which includes 4-5 months of development and 1-2 months of testing.

The project is currently located at http://www.libressl.org/ and has a temporary website available while the developers are hard at work writing code.

From the changelog thus far, we can expect that LibreSSL is going to be a significant improvement over its OpenSSL parent.