I can’t deliberately explain why you’d REALLY need this, as I’m not that super-much of a security guy. Anyway, I’ve been told by my teacher at the University of Amsterdam to move over to LibreSSL when using implementations of OpenSSL as LibreSSL supposedly contains dramatically less security flaws.
Erm so move away from a mainstream lib that HAS had some issues just becuase to a minor lib
again no app is totally secure
there are flaws in almost all of the apps we use today its just a matter of finding em, so i rather stick with the devil and the known issues that openssl has then go to a lesser fork with lesser devs.
the statistics do show quite a difference. Just from looking at numbers, without any context, I can see where the teacher is coming from. Like I said, I’m not a security guy. But I can imagine that LibreSSL being rewritten, modern techniques may be applied for snappier software.
Good point, but this should implicitly mean that, since openssl is a broader used implementation of TLS, you’d be relatively safer by using something that’s less used (and thus less likely to be targeted to hackers) whilst being even “better” (core is the same, openssl patches are nearly instantly applied and ‘recent programming techniques’ are applied)
I don’t subscribe to the idea of security by obscurity.
I keep an eye on these things, and right now I would say that OpenSSL will see more vigorous real world testing than LibreSSL. OpenSSL also has more stable development at the moment
Sam