Post AP6Vse3theROp5lSEq by bryanbrake@mastodon.social
 (DIR) More posts by bryanbrake@mastodon.social
 (DIR) Post #AP6RebABHemfxikYsq by kreyren@qoto.org
       2022-10-30T19:43:25Z
       
       0 likes, 0 repeats
       
       just in case it's not painfully evident by heartbleed 2.0..OpenSSL is crapware that none should rely on in the production, consider using LibreSSL or an alternative with better Quality Assurance #OpenSSL #SSL #LibreSSL #QA #security #cryptography #cybersecurity #xp
       
 (DIR) Post #AP6Vse3theROp5lSEq by bryanbrake@mastodon.social
       2022-10-30T20:04:43Z
       
       0 likes, 0 repeats
       
       @kreyren I'm glad there are options, but like windows, you'll never get it replaced... does libreSSL have FIPS support? nope, according to this, and as long as that is true, we're stuck with it. Gov contracts require it. https://github.com/libressl-portable/portable/issues/572
       
 (DIR) Post #AP8KOmvzRNWcTPXvNY by kreyren@qoto.org
       2022-10-31T17:31:27Z
       
       0 likes, 0 repeats
       
       @bryanbrake LibreSSL was created in 2014 after heartbleed 1.0 and seems to have a better quality assurance to avoid these critical issues thus why i said consider using it.
       
 (DIR) Post #AP8KYhJdBZGPwXKTTM by kreyren@qoto.org
       2022-10-31T17:33:20Z
       
       0 likes, 0 repeats
       
       @bryanbrake > LibreSSL removed the FIPS compliant module from its code, arguing that the FIPS 140-2 uses weak or broken ciphers and is detrimental to securityI don't have the background on why that is