openssl vs. libressl
Jeremy Huddleston Sequoia
jeremyhu at macports.org
Thu Nov 12 15:56:58 PST 2015
> On Nov 12, 2015, at 12:28, René J.V. Bertin <rjvbertin at gmail.com> wrote:
>
> On Thursday November 12 2015 08:45:19 Jeremy Huddleston Sequoia wrote:
>> See this ticket for details about Qt5 + Libressl:
>>
>> https://github.com/libressl-portable/openbsd/issues/33
>
> And an official statement from a highly visible Qt dev:
>
> "Our current position is "our code is written for OpenSSL". If you want to use
> something that emulates OpenSSL, the burden is on you to make sure it's a good
> emulation."
Libressl doesn't "emulate" OpenSSL. It is a derivative of OpenSSL with a focus on better architecture and security. The reason for SSLv2_client_method and et al not being part of Libressl is that they were deprecated and eventually removed because they're inherently insecure. Qt should stop using them (even with OpenSSL).
--Jeremy
More information about the macports-users
mailing list