发布于 2015-08-06 04:24:53 | 165 次阅读 | 评论: 0 | 来源: 网友投递
LibreSSL SSL加密安全套接字库
LibreSSL是OpenSSL加密软件库的一个分支,为一个安全套接层(SSL)和传输层安全(TLS)协议的开源实现。在OpenSSL爆出心脏出血安全漏洞之后,一些OpenBSD开发者于2014年4月创立了LibreSSL,目标是重构OpenSSL的代码,以提供一个更安全的替代品。LibreSSL复刻自OpenSSL库的1.0.1g分支,它将遵循其他OpenBSD项目所使用的安全指导原则。
LibreSSL 2.2.2 发布,最新的 OpenBSD-stable 版本是 2.1.7,最新的 OpenBSD-current 版本是 2.2.2。
下载:http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2.tar.gz
改进内容:
* Switched 'openssl dhparam' default from 512 to 2048 bits * Reworked openssl(1) option handling * More CRYPTO ByteString (CBC) packet parsing conversions * Fixed 'openssl pkeyutl -verify' to exit with a 0 on success * Fixed dozens of Coverity issues including dead code, memory leaks, logic errors and more. * Ensure that openssl(1) restores terminal echo state after reading a password. * Incorporated fix for OpenSSL Issue #3683 * LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped for each portable release. * Removed workarounds for TLS client padding bugs. * No longer disable ECDHE-ECDSA on OS X * Removed SSLv3 support from openssl(1) * Removed IE 6 SSLv3 workarounds. * Modified tls_write in libtls to allow partial writes, clarified with examples in the documentation. * Removed RSAX engine * Tested SSLv3 removal with the OpenBSD ports tree and found several applications that were not ready to build without SSLv3 yet. For now, building a program that intentionally uses SSLv3 will result in a linker warning. * Added TLS_method, TLS_client_method and TLS_server_method as a replacement for the SSLv23_*method calls. * Added initial cmake build support, including support for building with Visual Studio, currently tested with Visual Studio 2013 Community Edition. * --with-enginesdir is removed as a configuration parameter * Default cert.pem, openssl.cnf, and x509v3.cnf files are now installed under $sysconfdir/ssl or the directory specified by --with-openssldir. Previous versions of LibreSSL left these empty.
LibreSSL 由以下 4 部分组成:
openssl(1) 实用工具
LibreSSL是OpenSSL加密软件库的一个分支,为一个安全套接层(SSL)和传输层安全(TLS)协议的开源实现。在OpenSSL爆出心脏出血安全漏洞之后,一些OpenBSD开发者于2014年4月创立了LibreSSL,目标是重构OpenSSL的代码,以提供一个更安全的替代品。LibreSSL复刻自OpenSSL库的1.0.1g分支,它将遵循其他OpenBSD项目所使用的安全指导原则。