@kkarhan @animemer @thecatcollective

#openBSD runs servers and computers at #banks and other high-reliability-requirement institutions.

It gave rise to #openSSH and #libreSSL which I believe windows 10 uses to improve your parents' security online.

#ada was #DOD developed for defence application and now runs everything from #missiles to #railway signalling networks to #autopilots

The same is also true for #freeRTOS and #RTEMS which drive rockets into space. There are many #openSource programs involved in rocketry at the highest levels, both civil and martial.

Perhaps most importantly to parents, these are things you can exploit freely, a torch passed to you by others, free as in speech, a tool to better command whatever hardware you elect to use.

I hope you succeed in providing some food for thought about different ways to achieve success ;)

@stefano #FreeBSD, mostly because I tried it, liked it, even started contributing to it quickly and never felt the need to look at a different one so far 🙈

I even use a customized build (leaving out things from base I don't use like e.g. sendmail or tcsh) and build all ports using #LibreSSL instead of #OpenSSL, both is perfectly supported (except for the occassional build issues of some ports with LibreSSL, which are most of the time an easy fix....)

O-Ha! #OpenSSL has published an update release v1.1.1u some days ago too.
Old OpenSSL is the only library I can use to support antique platforms like #WinXP or #WinCE with their native compilers without additional patches.
Support for 1.1.1 will be dropped this year, and for all new stuff I already use #libreSSL.

I saw a macro named OPENSSL_SYS_UEFI during review for the first time. So they already have pure #UEFI builds somewhere.

How could I have missed that so long?
I need to catch up. 👀

@mirabilos @fbievan @pixelherodev @Anachron @sirber @sotolf @benjaminhollon

#OpenSSL, not #LibreSSL?

I thought the whole point of LibreSSL was to be a more carefully audited and maintained fork of Open (although I understand that it doesn't have all of Open's features)

The maintainers of Dragora, a fully free distro that uses #LinuxLibre and #LibreSSL, have recently announced the latest release "dragora 3.0-beta2." Read the release notes and download it for yourself: https://u.fsf.org/3zk

PR submitted to update MacPorts' libressl to 3.7.3 here:

https://github.com/macports/macports-ports/pull/18842

CI/build bot checks passed!

It's up to someone else to merge it.

Next to submit a PR for 2.33 for the snac MacPort.

#LibreSSL #MacPorts #TLS #OpenSource #OpenSSL

OK, PR submitted to update MacPorts' libressl-devel to 3.8.0 here:

https://github.com/macports/macports-ports/pull/18841

CI/build bot checks passed!

It's up to someone else to merge it.

Next to submit a PR for 3.7.3 for the stable libressl MacPort.

#LibreSSL #MacPorts #libresslーdevel

Meanwhile, Brent Cook updated the SHA256 and SHA256.sig so now signify output looks less sus:

signify -C -p libressl.pub -x SHA256.sig libressl-3.6.3.tar.gz
Signature Verified
libressl-3.6.3.tar.gz: OK

signify -C -p libressl.pub -x SHA256.sig libressl-3.7.3.tar.gz
Signature Verified
libressl-3.7.3.tar.gz: OK

signify -C -p libressl.pub -x SHA256.sig libressl-3.8.0.tar.gz
Signature Verified
libressl-3.8.0.tar.gz: OK

huzzah!

#LibreSSL #signify #TLS #OpenSource #OpenSSL

LibreSSL version 3.6.3 (legacy, not an official term, just more or less what it represents) 3.7.3 (stable) and 3.8.0 (development) have been released!

Release notes for 3.6.3:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt

Release notes for 3.7.3:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt

Release notes for 3.8.0:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.8.0-relnotes.txt

I am preparing PRs for 3.8.0 for libressl-devel and 3.7.3 for libressl MacPorts already.

However, note that the SHA256 and SHA256.sig on the main distribution site and mirrors, though they have today (2023-05-27)'s date as their time stamp, they do not list any versions more recent than 3.7.2 so signify will produce a FAIL because it has nothing to check against in the new releases. I have brought this to the attention of Brent Cook et al and hopefully that will be rectified soon.

#LibreSSL #MacPorts #OpenSource #OpenBSD #TLS #OpenSSL

The maintainers of Dragora, a fully free distro that uses #LinuxLibre and #LibreSSL, have recently announced the latest release "dragora 3.0-beta2." Read the release notes and download it for yourself: https://u.fsf.org/3zk

The maintainers of Dragora, a fully free distro that uses #LinuxLibre and #LibreSSL, have recently announced the latest release "dragora 3.0-beta2." Read the release notes and download it for yourself: https://u.fsf.org/3zk

@mgorny

it seems to install urllib3-2.0.2 on #openbsd 7.3

# python3 --version
Python 3.10.11

openssl version
LibreSSL 3.7.2
.2

so #urllib3 is just broken for systems that use #Libressl now?

The Road to Secure Cryptography: Understanding and Preventing Common Misuses

"Do not invent your own crypto":
A whole talk to #security by #obscurity 💪 ☺️

#talk #ssh #libressl #cryptography

https://media.ccc.de/v/glt23-374-the-road-to-secure-cryptography-understanding-and-preventing-common-misuses

I'm writing on a talk about using OpenSSH in industrial environments, and there is a slide that says: Where do you know SSH from?

My question is, where do YOU know OpenSSH from?

Answers appreciated :)

#ssh #openssh #it #operations #raspi #security #libressl

OpenBSD: #LibreSSL 3.7.2 Released

https://undeadly.org/cgi?action=article;sid=20230409110709

@SpaceLifeForm @Perl This isn’t just shelling out to #curl or #wget (which core tools like #CPAN already fall back on). This is about in-process #TLS, which is currently best supported in #Perl by IO::Socket::SSL and its dependency Net::SSLeay, which in turn depends on either #OpenSSL or #LibreSSL with development header files.

There are modules that wrap #libcurl and other interfaces, but the more popular HTTP and other client modules don’t use them.

I should be asleep, but just saw email that thanks to Herby Gillot, those two PRs are now merged!

Phew.

Hopefully I will rest with less stress over #OpenSSH and #LibreSSL and #MacPorts?

LibreSSL 3.5.4 and 3.6.2 released https://undeadly.org/cgi?action=article;sid=20230208062247 #libressl #openbsd #tls #crypto #cryptography #security

(continued):

"LibreSSL 3.5.4 also includes the following reliability fix:

* An uninitialized variable was used in ASN1_STRING_to_UTF8() to decide whether the no-op freezero(NULL, 0) should be called."

#LibreSSL

Via Brent Cook on the LibreSSL mailing list:

"We have released LibreSSL 3.5.4 and 3.6.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon.

They include the following security fix:

* A malicious certificate revocation list or timestamp response token
would allow an attacker to read arbitrary memory."

#LibreSSL