mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-23 21:02:09 +00:00
1.5 KiB
1.5 KiB
title | date | replyURI | replyTitle | replyType | replyAuthor | replyAuthorURI | syndicatedCopies | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Using BoringSSL | 2022-10-30T13:10:29-07:00 | https://lobste.rs/s/9eas9d/you_should_prepare_for_openssl_3_x_secvuln#c_sk5f3v | “BoringSSL…is not intended for general use” | Comment | AJ Jordan | https://strugee.net/ |
|
Despite BoringSSL's "not intended for general use" warning, it's used by many projects:
- The "ring" rust crate's crypto primitives (used by Rustls)
- Cloudflare: used everywhere, including Quiche.
- Apple's Secure Transport (it's in both major mobile OSes!)
- Optionally: Nginx, libcurl
- (Update ) Apple's SwiftNIO SSL
- (Update ) AWS libcrypto is based on BoringSSL
- (Update ) the Envoy proxy uses BoringSSL
I use nginx-quic with BoringSSL without issue, although I did have to use a separate script to manage the OCSP cache. The script manages the cache better than Nginx ever did, so I recommend it; it should be trivial to switch it from OpenSSL to LibreSSL.