OpenSSL 1.0.2 Released 97
kthreadd writes The OpenSSL project has released its second feature release of the OpenSSL 1.0 series, version 1.0.2 which is ABI compatible with the 1.0.0 and 1.0.1 series. Major new features in this release include Suite B support for TLS 1.2 and DTLS 1.2 and support for DTLS 1.2. selection. Other major changes include TLS automatic EC curve selection, an API to set TLS supported signature algorithms and curves, the SSL_CONF configuration API, support for TLS Brainpool, support for ALPN and support for CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
libressl-2.1.3 (Score:2, Informative)
libressl-2.1.3.tar.gz 21-Jan-2015 2.7M [openbsd.org]. For you non Open BSD users: portability wrappers [github.com]. Full Source [github.com].
Re:libressl-2.1.3 (Score:5, Insightful)
libressl is NOT portable. Supporting BSD and Linux is not the definition of "portable" (see also: "We play both types of music: Country and Western"). The libressl code depends on the non-standard #include_next preprocessor directive, so it can only build with GCC (and probably clang, which emulates many GCC-isms). Forget about building on Windows using Microsoft's C compiler.
OpenSSL remains the only portable SSL library that can be used by both open source and commercial developers alike. Which is really a shame, because OpenSSL sucks. All the bad things the libressl people have said about OpenSSL are absolutely true.
Re: (Score:3, Insightful)
NOT portable .... Forget about building on Windows using Microsoft's C compiler.
Just because one compiler for one platform fails to support a popular C extension doesn't mean the library isn't portable.
You can always choose to complie on that platform using one of the compliers that *does* support the extension.
Re: (Score:2)
Just because one compiler for one platform fails to support a popular C extension doesn't mean the library isn't portable.
Except that the one platform is Windows, which accounts for the vast majority of desktop PC's and laptops, and a significant chunk of servers. And the one compiler is the standard for Windows, used by the vast majority of Windows developers.
You don't have to like this, but it is the truth.
In my opinion, any software that can't compile on Windows using the native toolchain doesn't qualify as "portable". That doesn't make it bad software. It just isn't "portable" software.
Re: (Score:2)
one compiler is the standard for Windows
That sounds like the source of the portability issues right there.
Perhaps that OS vendor could encourage more complier writers to support compliers for that platform.
Re: (Score:2)
libressl supports pretty much any unix-like OS
Oh good, both Country and Western.
I know there's a guy working on Windows support as well.
Let me know what the guy working on Windows support actually gets it working. Until then it doesn't count. And by "working", I mean working with the Microsoft toolchain, which like it or not, is the official and most widely used toolchain for Windows.
Re:libressl-2.1.3 (Score:5, Informative)
Re: (Score:3)
Re: (Score:2)
I'm not sure IRIX will ever work right
That matches my memory of trying to build things with the IRIX C compiler too, especially in 64-bit mode. Or were you talking about libressl specifically?
Re: (Score:2)
Re: (Score:3)
OpenSSL remains the only portable SSL library that can be used by both open source and commercial developers alike
Kind of. Its license actually isn't compatible with the GPL, so there's a whole lot of Free Software developers that can't use it.
Re:libressl-2.1.3 (Score:5, Interesting)
OpenSSL remains the only portable SSL library that can be used by both open source and commercial developers alike. Which is really a shame, because OpenSSL sucks. All the bad things the libressl people have said about OpenSSL are absolutely true.
We have GnuTLS [gnutls.org] which is only one year younger than OpenSSL, has a nicer API, is portable to Windows, has a better track record with regard to binary compatibility, a better build system, and can be used by commercial software (it’s LGPLv2.1). Comparison of features with other SSL libraries [wikipedia.org].
Re: (Score:3)
OpenSSL remains the only portable SSL library that can be used by both open source and commercial developers alike. Which is really a shame, because OpenSSL sucks. All the bad things the libressl people have said about OpenSSL are absolutely true.
We have GnuTLS [gnutls.org] which is only one year younger than OpenSSL, has a nicer API, is portable to Windows, has a better track record with regard to binary compatibility, a better build system, and can be used by commercial software (it’s LGPLv2.1). Comparison of features with other SSL libraries [wikipedia.org].
It also has a much worse track record in security, which is why no one uses it as the a primary SSL library and only as a library for operating on certificates.
Re: (Score:1)
Care to provide any actual statistics for that claim, or are you just one of those annoying morons with a habit of being FUDsy against anything with "Gnu" in the name?
Re: (Score:2)
Care to provide any actual statistics for that claim, or are you just one of those annoying morons with a habit of being FUDsy against anything with "Gnu" in the name?
No, I prefer GPL when other choices are equal. GnuTLS has just never had a very good reputation, and even from the most optimistic point of view, it has always been secondary to OpenSSL just by having fewer users and fewer developers. I would be great if it was better, but it has had some unfortunately design choice and a long string of serious vulnerabilities. Just look it up.
nss, gnutls, libreopenssl - rundown? (Score:2)
Re: (Score:2)
Forget about building on Windows using Microsoft's C compiler.
not my fault your shitty OS doesn't run our security tools. as far as GCC, GCC compiles for almost every platform under the sun, including windows. So the fact it doesn't compile with MS C is a moot point. heck, I can even cross compile for windoze in GNU/Linux
Obligatory reminder that an alternative exists (Score:3, Informative)
http://www.libressl.org/ [libressl.org]
Re:Obligatory reminder that an alternative exists (Score:4, Interesting)
http://www.libressl.org/ [libressl.org]
That site doesn't support SSL...
Re: (Score:3, Informative)
SSL is broken anyhow. The feds have all the top level keys and can listen with impunity.
Re:Obligatory reminder that an alternative exists (Score:4, Insightful)
Re:Obligatory reminder that an alternative exists (Score:5, Informative)
You _can_ do so, but the hardcoded reliance on the master signature authorities in nearly every popular software tool makes such efforts problematic. It's exceedingly difficult to _excise_ these master keys, or to display them as "not trusted due to federal key access", without breaking many tools.
Re: (Score:2)
Re: (Score:2)
Hard coded may be too strong. They're certainly the mandated defaults at installation time. Extracting them is a laborious and painful manual process, likely to be overwritten by the very next security update in most packages with most installers. Disabling them disables hosts of automated tools which rely on ordinary HTTPS, and there are certainly core software repositories which rely extensively on ordinary root authorities to verify their SSL signatures. These include Github, bitbucket, sourceforge, and
Re: (Score:2)
Because it doesn't need it.
Re: (Score:2)
It's back to the future, future year, WTH isn't every communication secure? It's not a problem with overhead anymore.
Re: (Score:2)
Two reasons:
a) Not everything needs to be secure. Some things definitely. More things than we have now certainly. But not everything.
b) Things break. For example virtual hosting breaks. You can only properly do SSL over virtual hosting if you have an SSL certificate covering all virtual hosts, and those are not free or cheap. Proxying and Caching has issues too. Yes you can do something and there are workarounds, but currently the security arsenal we have is not suitable for the wide variety of applications
Re: (Score:2)
Re: (Score:2)
A site where I'm supposed to get the core of my security from? If this doesn't need some way to ensure that I really connect with it instead of an intercepting mitm that injects its own version, what does?
Re: (Score:2)
The download link is an external FTP server. So, no, you aren't supposed to download anything from that site.
Re: (Score:2)
If this doesn't need some way to ensure that I really connect with it instead of an intercepting mitm that injects its own version, what does?
In what universe do you live in that SSL prevents a MITM attack? MITM attacks exist in order to allow an attacker to monitor and modify your supposedly "secure" connections. You ensure that what you downloaded is what you meant to download by using the signify utility as mentioned on the page and verify that the package you download was signed by the OpenSSL devs.
Re: (Score:2)
And to head off the obvious rejoinder, yes, their private key can be compromised to allow an attacker to sign malicious packages. But if that is a genuine concern, why would you possibly trust the security of the SSL connection to their site?
Re: (Score:2)
LibreSSL files signed using OpenSSL's private key? In what universe do YOU live?
Re: (Score:1)
OpenBSD is what I obviously meant.
Re:Obligatory reminder that an alternative exists (Score:5, Informative)
Why start with something bad to make something good. If you want a good SSL library, try PolarSSL [polarssl.org]. It's a quite unknown, but great library. Unlike OpenSSL, this one has good documentation. The Hiawatha webserver [hiawatha-webserver.org] uses it and it easily gives me an A+ score at SSL labs [ssllabs.com].
Re:Obligatory reminder that an alternative exists (Score:5, Informative)
We tried contacting the PolarSSL developers about contributing code to fix their random number problem. No response. No random numbers -> no security.
No matter what the security problem, it's always the random numbers, or lack thereof that is the problem.
Re: (Score:2)
And they got swallowed up by ARM, so don't count on cross platform compatibility.
With any security software, just because it runs, it doesn't mean it works.
Re: (Score:1)
No matter what the security problem, it's always the random numbers, or lack thereof that is the problem.
(checks apt-get before making a fool of himself) ... Why the hell hasn't somebody made libRNG?
p.s. Seriously, how hard could it be to split out the RNG code of openssl or libressl and make it the gold standard? Yeah, I know it's generally unproductive to ask such rhetorical questions. Yes, I'm a coder that could do it (never looked at openssl code, but I'm sure I've dealt with worse, so I know it's possible), but I have no desire to become the owner of such a project, so I won't even bother to look at the e
Re: (Score:2)
Why the hell hasn't somebody made libRNG?
.. no desire to become the owner of such a project..
You do realize that you answered your own question right there?
Re: (Score:2)
No matter what the security problem, it's always the random numbers, or lack thereof that is the problem.
(checks apt-get before making a fool of himself) ... Why the hell hasn't somebody made libRNG?
p.s. Seriously, how hard could it be to split out the RNG code of openssl or libressl and make it the gold standard? Yeah, I know it's generally unproductive to ask such rhetorical questions. Yes, I'm a coder that could do it (never looked at openssl code, but I'm sure I've dealt with worse, so I know it's possible), but I have no desire to become the owner of such a project, so I won't even bother to look at the effort required. Nor will you, probably. I have plenty of other things occupying my time. Maybe in another 20 years, if I'm retired by then...
Because on a unix system you just read from /dev/random anyway. Random seeds is an operating system responsibility, you can not make good random numbers without a little good random seed.
Re: (Score:2)
That's at least three sorts of nonsense:
https://www.fourmilab.ch/hotbi... [fourmilab.ch]
https://www.random.org/ [random.org]
http://random.hd.org/ [hd.org]
The OS has no magic either, or are you saying that it's random seeds all the way down?
Rgds
Damon
Re: (Score:2)
That's at least three sorts of nonsense:
https://www.fourmilab.ch/hotbi... [fourmilab.ch]
https://www.random.org/ [random.org]
http://random.hd.org/ [hd.org]
The OS has no magic either, or are you saying that it's random seeds all the way down?
Rgds
Damon
Yes. There is for thing dedicated random number hardware and there is hardware that can produce partially random data, such as network cards and radios, but the latter are only really good when combined with eachother and with a random number tracker, which is something the OS can do.
Re: (Score:2)
If you look at my code for example at random.hd.org then you'll notice that it's something that user space can do just as well. The kernel has no magic other than direct access to a few more noisy things.
Rgds
Damon
Re: (Score:2)
Re: (Score:2)
Yes, when I get back in the office and get the details. In hand wavey terms, 0 entropy in specfic VMs on specific headless servers, because it trusts the kernel to get it right.
Re: (Score:2)
Re: (Score:2)
The issue is the source of entropy, not the post processing.
Re: (Score:2)
Wow is supports Windows and OpenVMS?
Re: (Score:2)
Re:Do you really trust the OpenSSL Corporation? (Score:5, Insightful)
Do you think the absence of documentation is due only to laziness?
Yes. "Never attribute to malice that which can be explained by incompetence." Not every fuckup is a conspiracy.
I don't know any programmers who like writing documentation. Start with that, and add that the OpenSSL code is complicated and poorly written, and it's no wonder the documentation is lacking.
Re:Do you really trust the OpenSSL Corporation? (Score:4, Insightful)
Sorry but that's all just pure baseless speculation on your part and fear mongering. The NSA can snoop SSL traffice regardless of ssl library simply by doing a man in the middle attack. And you'd never know it either, since they would be using a recognized root certificate. So I don't see what this issue has to do with openssl. And If they can brute force sniff SSL, I don't see how other ssl libraries are much safer.
Several of the OpenSSL developers have commented here on slashdot and expressed chagrin combined with determination to fix the problems which years ago were not considered problems--they were bad but accepted solutions for the portability problem. But times have changed, and openssl is changing too. As others have said it's still the most portable, and it is a good choice, and I do trust it. I think their response to heartbleed was admirable. They acknowledged and fixed the problem promptly.
Re: Hey Dice you dumb fucks (Score:3)
If a browser crashes because of a site, it's the browser's developers fault.
Re: (Score:2)
If a browser crashes because of a site, it's the browser's developers fault.
You must have been deprived of Last Measure as a child.
Re: (Score:2)
Happily.
Re: (Score:2)
Major new feature that's missing (Score:2)
Re: (Score:2)
OpenSSL and the Internet (Score:2, Insightful)
It's an affront to common sense that the Internet's security largely relies on this wretched library, with its utterly dismal coding standards, its hideously, and unnecessarily, baroque and complex API, and its pathetic documentation.
Re: (Score:1)
It's an affront to common sense to put security as an afterthought on top of another protocol instead of making it an intrinsic part of the protocol. But that's what you get when you use ancient technology (and yes, TCP is ancient by computer standards) and simply refuse to accept that it is necessary to invest into it.
But security does not sell. Only now people finally start to slowly catch on and realize that there might be a reason for security. They still don't know jack about it. They only know they "k
Re: (Score:3)
This is stupid.
If there's one lesson in the history of computing, it's that every type of possible side-channel leaks information like crazy if not properly controlled. So in what world does it make sense to mix up your application or transport protocol with your security protocol? The examples you give have nothing to do with the underlying transport protocols, or overlaying application protocols that have been in use.
Re: (Score:2)
+1
The security should work independently of details of the underlying medium and without relying on its exact implementation. A byte stream (observed or not) is just that. Likewise an unreliable packet stream.
This is what we have abstraction for.
Rgds
Damon
Re: (Score:2)
It makes sense that a library that exists (duh, but was anything else available in 1998?), is free of charge, and does its job will become widely used. Has a technically superior future alternative ever taken over something that was available when needed? Makes me think of IPv6, but I'm not sure the comparison works.
Wasn't the NSA behind the CURVE algorithm?? (Score:2)
The Ellipse has been broken and is a major security risk
A different perspective (Score:2)
First of full disclosure...I am a member of the OpenSSL development team.
I've read a lot of anti-OpenSSL comments here along with some fairly amusing conspiracy theories! Some criticism is fair but much is not in my view.
OpenSSL is a very different project to what it was a year ago. This time last year the development team was very small (6 people...not all of whom were active coders, most of whom were doing it in their spare time). Supporting the project was (and still is) a thankless task, and they did th
Re: (Score:2)
Re: (Score:2)