LibreSSL 2.2.2 Released

An anonymous reader writes: LibreSSL 2.2.2 has been released. According to the release notes: "This release marks the end of the OpenBSD 5.8 development cycle, featuring expanded portable build support, code improvements, removal of obsolete workarounds....The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible." This is the first LibreSSL release that has completely removed SSLv3 support.

Is it FIPS certified?

[sinij]

It is about time we get viable alternative to OpenSSL. Unfortunately, LibreSSL is not FIPS certified, and as such won't be used for government-facing projects. This means as a system integrator I have a choice - use OpenSSL (and private label certify it) and be able to sell my product to industry and government client, or use LibreSSL and only be able to sell to industry clients.

Re:

[Anonymous Coward]

I'm no expert, but didn't LibreSSL remove support for some algorithms mandated by FIPS that are known to be insecure? I could be wrong, but I have the impression that it can't be certified because the standard itself is compromised.

Re:

[Christian Smith]

I'm no expert, but didn't LibreSSL remove support for some algorithms mandated by FIPS that are known to be insecure? I could be wrong, but I have the impression that it can't be certified because the standard itself is compromised.

As I understand it, FIPS dictates that if encryption is used, the encryption used must be FIPS certified. If they remove cipher X, then clearly you're not using cipher X and it doesn't need to be FIPS certified. I don't think FIPS dictates the list of required available ciphers, just the list of allowed ciphers.

I reserve the right to be wrong and corrected, mind.

Re:

[Anonymous Coward]

You are correct. You may not include a disallowed cipher suite, but you are free to omit any you desire if you feel them to be insecure.

Re:Is it FIPS certified?

[sinij]

You are probably thinking about Dual_EC_DRBG, support for it has been removed by NIST since 2013.

Generally, FIPS certification would only include things you do, and mandate how to do them. For example, if you implement AES256-GCM, you will have to demonstrate that it is implemented according to the standard - NIST SP 800-38D, but you don't have to implement it.

Re:Is it FIPS certified?

[kriston]

We have a viable alternative. It's called NSS from Mozilla, and it's free of all patent encumberments that have plagued LibreSSL/OpenSSL/SSLeay to this day. It also offers FIPS compliance.

https://wiki.mozilla.org/NSS [mozilla.org]

Re:

[nsuccorso]

Clue meter reading zero, sir. No outward signs of intelligence.

Re:

[kriston]

OpenSSL does have a permissive license, but several of the algorithms are inappropriately and probably illegally included in that "license" because they aren't legitimate implementations, like IDEA, RC4 (arcfour), and RC6.

Re:

[colekane7745]

I have heard about it almost year ago when I was in Poland. I remember I have taken a transfer from Krakow airport to city center [krakowdirect.com] and there - in Krakow I participated in very interesting conference organized annualy in July.

Re:

[Anonymous Coward]

OpenBSD has already said they aren't going to pay for FIPS certification. The developers have no interest. However, that does not stop interested parties from working together to fund a FIPS certification project for LibreSSL. I nominate you to start it, since you want it so badly.

Re:

[sinij]

It is all but impossible for "interested party" to do this without support of developers. You need to have at least two participants - lab and sponsor. Lab can only test and report, sponsor has to develop evidence, run test vectors and so on. Even if you could find a lab that would agree to do it for free, you still have to have someone create test harnesses, write docs and so on.

Re:

[slashdice]

> you still have to have someone create test harnesses, write docs and so on.

Right, someone like... an "interested party".

Re:

[Anonymous Coward]

No, it isn't, and it probably never will be. They've already said that they're not going to bother with pointless box-ticking exercises in security theater like FIPS.

Re:

[sinij]

I am not going to argue "pointless box-ticking exercises" point, but without FIPS certification LibreSSL adoption will always be limited.

As analogy, lets say you discovered cure for cancer that can be made at home from 5$-worth of household supplies. Until you get it FDA approved, people would still die from cancer.

Re:Is it FIPS certified?

[jandrese]

The OpenBSD guys don't care about FIPS, but if someone else does they're more than welcome to take the LibreSSL code and run it through the FIPS process. The OpenBSD team has already said that they think FIPS does more harm than good, because it locks you into exactly one version of the library which makes it difficult to apply fixes without breaking the certification. People want FIPS certification to mean "this has been proven safe", but that's not true and is impossible for non-trivial projects.

Re:

[QuietLagoon]

FIPS is the easy way for governments to instill and enforce false security. That's why governments love^H^H^H^Hrequire it.

Re:

[sinij]

I disagree. FIPS main goal is to mitigate people from making preventable mistakes from home-cooking crypto primitives. This was a big issue during early 90s. In this regard - NIST succeeded. We now have open standards, reference implementations, and openly available testing tools. You could even argue that FIPS program succeeded tot he point of becoming irrelevant. For example, hardly anyone get AES wrong these days. Do you think for a moment that if NIST were to go away and stop supporting FIPS, big corps

Re:

[QuietLagoon]

...FIPS main goal is to mitigate people from making preventable mistakes from home-cooking crypto primitives. ...

The main goal of FIPS should be secure systems in today's dynamic security environment. Note the word "dynamic". Can FIPS move quickly enough?

Re:

[QuietLagoon]

...the common flaws and big disasters of this time were those created by so-called 'security professionals'...

Watching the OpenSSL fiasco unfold, what it looked like to me was that the OpenSSL project was all but taken over by some "security professionals" who were determined to continue sucking at the teat of FIPS consulting work.

.
They had no incentive to make OpenSSL secure, the only incentive they did have was to make OpenSSL complicated enough so that FIPS consultants were needed in order to gain FIPS certification.

Re:

[Anonymous Coward]

What scares me is the number of OTHER libraries out there like this. Basically 'maintenance only'. Where the maintenance is just enough to get their next project done. We have built thousands of these little critters into our infrastructure that have not seen updates in years. The cleanup the LibreSSL guys are doing is basically dragging a project from 1992 into 2015. Using modern C constructs and a modern CRT. Throwing out CRT hacks that were needed because some platform had a crap CRT.

How many other

Re:

[Anonymous Coward]

pfft. One of the complaints about openssl was that it tacked on code just to gain FIPS certification. So it gets certified, but now is still loaded with obsolete, insecure cruft that makes it less secure and vulnerable to attacks. In which case, its FIPS certification status is meaningless in terms of providing real security.

Re:

[steelfood]

And you know what, if government red tape and paranoia against the people it was meant to serve has caused the government's systems to be more vulnurable to hackers from abroad, they got what was coming for them.

I feel bad for the government employees who had their personal information compromised. I don't feel bad for having official correspondences and documents that otherwise would be encrypted exposed due to security holes.

If the government wants their systems secure, they're going to have to work to ma

Re:

[twistedcubic]

LibreSSL is intentionally not FIPS certified. I imagine they're more concerned about security in a real sense, than a not exactly optimal government standard.

Re:

[arglebargle_xiv]

Non-FIPS-140 compliance is a feature, not a bug. FIPS 140 compliance means you've hacked your code to meet a long checklist of somewhat arbitrarily-chosen requirements, of which the majority don't make things any better (unless you had a really crappy product to start with), or even any sense in some cases, and some which make things a lot worse (e.g. mandated removal of fork-protection for the CSPRNG).

So if you want a secure alternative to OpenSSL, use LibreSSL. If you want braindead checkbox compliance

LibreTLS

[Anonymous Coward]

since they're updating the whole code and project to the modern century (and even removing SSLv3), shouldn't they really be calling the project LibreTLS?