Abandon Ship! It’s Time to Ditch OpenSSL

Theo de Raadt is known for general assholery, but when he says “OpenSSL is not developed by a responsible team”, there are very good reasons for him to say that. The project has been a mess for a long time, and this Heartbleed situation has brought it all to the forefront.

It’s long past time to ditch OpenSSL. Firefox and Chrome use NSS, which seems as good an alternative as any.

(Interestingly, there was a proposal to switch Chrome to OpenSSL just a few months ago. Yeah, let’s not.)

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Bookmark the permalink.

4 Responses to Abandon Ship! It’s Time to Ditch OpenSSL

  1. n0body says:

    That was my first thought as well. So goodbye mod_ssl, hello mod_nss, if only the rest of the stuff I use had that option

    • Timm Murray says:

      Been looking into it more, and it seems that NSS isn’t much better. Seems that we’re either stuck with OpenSSL and having people going over it with a fine-tooth comb, or it all needs to start from scratch with something more maintainable, testable, and verifiable.

  2. Steffen Ullrich says:

    Maybe you should read why (and how) google is from Chrome moving away from NSS and using OpenSSL.: https://docs.google.com/document/d/1ML11ZyyMpnAr6clIAwWrXD53pQgNR-DppMYwt9XvE6s/edit?pli=1#

  3. Mike S. says:

    What about GnuTLS instead of NSS? I haven’t looked at either project, but maybe it’s better?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">