LibreSSL 3 cryptographic library release

Google

Switch from libressl to open SSL.

The developers of the Openbsd project presented the release of the portable version of the Libressl 3.1.1 package, which develops a fork of Openssl aimed at providing a higher level of security. The Libressl project is focused on high-quality support of SSL/TLS protocols, removing redundant functionality, adding additional security features, and performing significant cleaning and code base processing. Libressl 3.1.1 is marked as the first stable version of the 3.1 branch, which will be part of the Openbsd 6.7 release expected in the coming days.

Libressl features 3.1.1:

• The implementation of TLS 1.3 is ready on the basis of the new end machine and recording subsystem. By default only the client part of TLS 1.3 is enabled, and the server part plans to activate by default in a future release. The Openssl TLS 1.3 API is not yet available.

• The processing of encryption sets is extended by automatically activating the algorithms required for Tlsv1.3 if they are not explicitly mentioned in the connection agreement;

• Provided aliases of cipher names from the Tlsv1.3 set defined in RFC 8446;

• RSA-PSS and RSA-OAEP were transferred from Openssl 1.1.1;

• From Openssl 1.1.1 the CMS implementation (Cryptographic Message Syntax) is ported and enabled by default;

• The "cms" command is added to the openssl utility, as well as the options "req -addext" and "s_server -groups". The "-tlsextdebug" option added support for Tlsv1.3 extension types;

• Improved compatibility with Openssl 1.1.1;

• Close to Openssl behavior Evp_cha20();

• The code was cleaned, and improvements were made to the functions of memory management and protocol review.