1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-23 21:02:09 +00:00
seirdy.one/content/notes/using-boringssl.md
Rohan Kumar 9184e7897c
Normalize lobste.rs reply permalinks
Lobste.rs replies have real permalinks that are sort of hidden, which
work better than anchor links for IndieWeb purposes.
2024-05-24 10:48:25 -04:00

1.5 KiB

title date lastMod replyURI replyTitle replyType replyAuthor replyAuthorURI syndicatedCopies
Using BoringSSL 2022-10-30T13:10:29-07:00 2023-05-27T03:57:41Z https://lobste.rs/comments/sk5f3v/reply “BoringSSL…is not intended for general use” Comment AJ Jordan https://strugee.net/
title url
The Fediverse https://pleroma.envs.net/notice/AUjf1wCr0xk0yCVpKK
title url
Lobsters https://lobste.rs/comments/lreowa/reply

Despite BoringSSL's "not intended for general use" warning, it's used by many projects:

  • The "ring" rust crate's crypto primitives (used by Rustls)
  • Cloudflare: used everywhere, including Quiche.
  • Apple's Secure Transport (it's in both major mobile OSes!)
  • Optionally: Nginx, libcurl
  • (Update ) Apple's SwiftNIO SSL
  • (Update ) AWS libcrypto is based on BoringSSL
  • (Update ) the Envoy proxy uses BoringSSL

I use nginx-quic with BoringSSL without issue, although I did have to use a separate script to manage the OCSP cache. The script manages the cache better than Nginx ever did, so I recommend it; it should be trivial to switch it from OpenSSL to LibreSSL.