LibreSSL 2.2.0 发布，安全套接字库

发布于 2015-06-13 01:54:21 | 233 次阅读 | 评论: 0 | 来源: 网友投递

LibreSSL SSL加密安全套接字库

LibreSSL是OpenSSL加密软件库的一个分支，为一个安全套接层（SSL）和传输层安全（TLS）协议的开源实现。在OpenSSL爆出心脏出血安全漏洞之后，一些OpenBSD开发者于2014年4月创立了LibreSSL，目标是重构OpenSSL的代码，以提供一个更安全的替代品。LibreSSL复刻自OpenSSL库的1.0.1g分支，它将遵循其他OpenBSD项目所使用的安全指导原则。

LibreSSL 2.2.0 发布，此版本是最新的 OpenBSD-current 版本，最新的 OpenBSD-stable 版本是 2.1.7。

更新内容：

* AIX Support - thanks to Michael Felt

* Cygwin Support - thanks to Corinna Vinschen

* Refactored build macros, support packaging libtls independently.
    There are more pieces required to support building and using OpenSSL
    with libtls, but this is an initial start at providing an
    independent package for people to start hacking on.

* Removal of OPENSSL_issetugid and all library getenv calls.
    Applications can and should no longer rely on environment variables
    for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still
    supported with the openssl(1) command.

* libtls API and documentation additions

* Various bug fixes and simplifications to libssl and libcrypto

* Fixes for the following issues are integrated into
     LibreSSL 2.1.7 and 2.2.0:
    - CVE-2015-1788 - Malformed ECParameters causes infinite loop
    - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
    - CVE-2015-1792 - CMS verify infinite loop with unknown hash function
                      (this code is not enabled by default)

* The following CVEs did not apply to LibreSSL or were fixed in earlier
    releases:
    - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
    - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
    - CVE-2014-8176 - Invalid free in DTLS

* Fixes for the following CVEs are still in review for LibreSSL
    - CVE-2015-1791 - Race condition handling NewSessionTicket

LibreSSL 是一个免费版本的 SSL/TLS 协议，来自于 OpenSSL

LibreSSL 支持多平台，开发者宣称“我们不想要伤透你们的心”。

LibreSSL 2.2.0 发布，安全套接字库

LibreSSL SSL加密安全套接字库

后端技术

前端技术

数据库

热门框架

常用IDE

其他