OpenBSD Journal

LibreSSL 2.1.7 and 2.2.0 Released

Contributed by tj on from the logjammin' dept.

Brent Cook (bcook@) has announced the latest LibreSSL releases, which contain fixes for several CVEs:

We have released LibreSSL 2.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is the first from the OpenBSD 5.8 development tree and
features mainly on build system improvements and new OS support.

We have also released LibreSSL 2.1.7, which contains additional security
fixes.

Of special note is the upcoming removal of SSLv3:

Note: This will likely be the last 2.2.x release with support for SSLv3,
as it will be removed entirely from the main LibreSSL tree.

(Comments are closed)


Comments
  1. By Jorden Verwer (145.131.158.89) on

    In other words, LibreSSL will drop support for SSL. ;)

    Comments
    1. By Anonymous Coward (209.181.89.124) on

      > In other words, LibreSSL will drop support for SSL. ;)

      Does that mean SSLv3 just needs more work to go back in, or does that mean the standard itself is broken and needs to be avoided?

      Comments
      1. By Anonymous Coward (80.44.54.27) on

        > > In other words, LibreSSL will drop support for SSL. ;)
        >
        > Does that mean SSLv3 just needs more work to go back in, or does that mean the standard itself is broken and needs to be avoided?

        SSLv3 as a standard is broken. Weaknesses have been discovered...

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]