libressl vs openssl

Gustaf Neumann neumann at
Wed Jan 10 10:02:46 UTC 2018

Am 09.01.18 um 18:24 schrieb Perry E. Metzger:
> On Mon, 8 Jan 2018 18:47:14 +0100 Jan Stary <hans at> wrote:
>> Hi Jeremy,
>>> On Sat, Dec 02, 2017 at 06:03:17AM -0800, Jeremy Huddleston
>>> Sequoia wrote:
>>>> There are some things that I want to do to the port (and
>>>> OpenSSL)
>> It would be very nice if all ports currently depending on openssl
>> would build against libressl, and we could get rid of openssl
>> in favor of the way-superior libressl (until Apple replaces
>> it system wide. ha ha ha.)
> I'm not sure I agree with the claim that libressl is necessarily
> better.
i would as well be cautions with the term "superior", at least when the 
are not clear.

In the past i have provided support for OpenSSL 1.0.* and 1.1.* and
LibreSSL 2.6.3 and 2.6.4 for non-trivial projects , and from my experience
this is not a simple drop-in replacement in general. One pain is that 
changed some calls between 1.0 and 1.1, and another one is that
LibreSSL claims to  be OpenSSL 2.* (via |OPENSSL_VERSION_NUMBER|)
which confuses source code that has to compare for version numbers
for the above reasons.

The process is doable (see e.g. HardenedBSD [1], OpenBSD 5.6), but
cooperation with upstream projects is probably required for some packages.

all the best

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the macports-dev mailing list