This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

LibreSSL


Isaac
 Share

Recommended Posts

I recently noticed that the OpenBSD guys have made a fork of OpenSSL. (In case you don't know, they made OpenSSH which is used by many big businesses (Apple for instance)...which apparently haven't donated http://www.openssh.com/ )


Anyways, they are known for making their stuff ridiculously secure against attacks, and have made many security changes in their SSL fork which is available - http://www.libressl.org/


Wikipedia has some nice info about it too - https://en.wikipedia.org/wiki/LibreSSL


One reason this makes me excited to see that they have made a fork of OpenSSL is because apparently the famous HeartBleed exploit could have been fairly easily prevented using their compiler methods - http://article.gmane.org/gmane.os.openbsd.misc/211963


By the way, thanks for making Mumble! :D (regardless of whether you implement LibreSSL)

Link to comment
Share on other sites

  • 4 weeks later...
  • Administrators

We wouldn't mind shipping LibreSSL, but there are some technical problems in doing it.


Right now, on Windows, we build all our dependencies from scratch using the same compiler (Visual C++ 2013 Update 4). All our dependencies are built as static libraries and linked into mumble_app.dll. Having a single DLL with all of our dependencies in it makes a lot of things easier, especially code signing, since we have full control of the names of the files we ship.


LibreSSL doesn't current build with MSVC, but only builds with GCC/MinGW on Windows. So to get it properly integrated into our build, we'd have to do some porting work. And we'd like to use the same TLS library on all platforms we ship binaries for before we make the switch.

Link to comment
Share on other sites

 Share

×
×
  • Create New...