

LibreSSL on Gentoo - stefantalpalaru
https://blog.hboeck.de/archives/851-LibreSSL-on-Gentoo.html

======
mpyne
The interaction between OpenSSH portable and LibreSSL portable is especially
amusing.

~~~
derefr
It sounds like there should be something like a libopenbsdcompat containing
arc4random et al., which both these packages would then import+depend on.

~~~
AlyssaRowan
Now that the glibc leadership changes have taken place, hopefully we can see
functions like arc4random, explicit_bzero, timingsafe_bcmp, reallocarray and
the other stuff actually appear in glibc where they belong, so no glue will be
required.

They are pretty damn useful when you're trying to do secure programming.

(Of course, arc4random should use ChaCha20.)

~~~
dobbsbob
the function name is arc4random but it's chacha20
[http://marc.info/?l=openbsd-
cvs&m=138065251627052&w=2](http://marc.info/?l=openbsd-
cvs&m=138065251627052&w=2)

~~~
AlyssaRowan
Indeed, that's my point: don't forget that the name is legacy and slightly
misleading.

RC4 is about to get another public result against it, btw.

------
swills
FreeBSD already has it in ports:

[http://www.freshports.org/security/libressl](http://www.freshports.org/security/libressl)

And there is work underway to make it an option for things that use OpenSSL
currently.

------
daurnimator
Only tangential to the article, but only now (via the link to the apache
patch) did I realise it was libReSSL. Makes the name so much more interesting!

~~~
currysausage
It was LibReSSL for a while, but it seems they changed it back to LibreSSL:
[http://www.libressl.org/](http://www.libressl.org/)

------
click170
Did anyone else get a blue bar in the middle of the text while trying to read
fr mobile?

~~~
hannob
Hello, I'm the owner of the blog, I have changed the blue bar now to be only
in the header, should improve things and no longer get into the content.

I need to look into this in detail at some point, but for now it should be
readable.

~~~
crishoj
Another issue:

    
    
      The page at 'https://blog.hboeck.de/archives/851-LibreSSL-on-Gentoo.html' 
      was loaded over HTTPS, but displayed insecure content from 
      'http://vg07.met.vgwort.de/na/4f1f65b6b6e4419c97ea81e7d27cc0a0': 
      this content should also be loaded over HTTPS.

~~~
JohnTHaller
You'll see this often on sites that use CDNs to server images. Adding SSL to a
CDN at levels used by smaller sites easily doubles the cost.

