Michael Peters

LibreSSL on Linux

Discussion created by Michael Peters on Aug 2, 2015
Latest reply on Sep 4, 2015 by Michael Peters



I run CentOS 7 for all my servers (and my desktop and laptop). I'm also very proficient with the RPM package manager.


I gather that TLS 1.3 is currently in draft, I don't know when it will be released, but I would kins of like to be an early adopter - at least for my web servers. Early adopter and RHEL/CentOS don't exactly go together - but I can build a newer version of OpenSSL or LibreSSL and put it in /opt for Apache and friends to link against w/o conflicting with the OS OpenSSL library.


I'm leaning towards LibreSSL even though it is primarily being developed for OpenBSD. I run CentOS but I trust their developers more than I trust the OpenSSL developers and it looks like they have made a LOT of improvements since starting LibreSSL.


I already have a working RPM for LibreSSL - it builds no problem, but I am curious as to opinions of others here who have experience, what their thoughts are.


When TLS 1.3 is out of draft and has been incorporated into both OpenSSL and LibreSSL, are there any reasons anyone can specify why I should stick with OpenSSL instead of LibreSSL ?


What really attracts me to LibreSSL is the shrinking of the codebase. Smaller codebase for example is why I prefer NSD over BIND. Smaller codebase often seems to have less frequent critical drop everything and patch moments.


I know there were a few critical issues with LibreSSL with the port to Linux when it first was made available, but I *think* those were all ironed out. Thoughts from others would be appreciated.


I would be building a modern Apache against it, as well as modern PHP (I already build modern PHP against stock apache / opennsl)


Thank you for any feedback.