Alice Wonder Miscreations
Established Member
- Impact
- 177
https://librelamp.com/
That's my latest project - bringing the benefit of LibreSSL to RHEL / CentOS 7
Not really domain related, and not really something I can monetize, but it is the kind of thing I like to do.
For those note aware, OpenSSL is the most commonly deployed SSL/TLS library for servers. Largely because Apache and Nginx tend to use it for their needs.
LibreSSL is a fork of OpenSSL created by the OpenBSD developers after they got sick and tired of all the bloat (dangerous featured enabled by default that no one needs - like heartbeat that led to hearbleed), poor code management, and failure to address many historic bugs even though patches were sent.
OpenBSD developers ripped out about half the code in OpenSSL when they forked it, and then scrutinized what was left, fixing a lot of issues along the way.
The result, in my opinion, is a fork that is fundamentally more secure than OpenSSL.
But I don't use OpenBSD - I use CentOS for my servers, and it will be years before LibreSSL is an option for RHEL / CentOS. Hell, it may never be an option because fips support was ripped out (and justifiably so)
So I made that project to create a LibreSSL RPM for RHEL / CentOS 7 and a LAMP stack built against it, so I can start benefiting from it now.
The project also has very explicit instructions on how to properly set up an Apache web server, including sane selection of the TLS cipher suites to allow.
Anyway just thought I'd share it. Figured there are likely other geeks here too...
That's my latest project - bringing the benefit of LibreSSL to RHEL / CentOS 7
Not really domain related, and not really something I can monetize, but it is the kind of thing I like to do.
For those note aware, OpenSSL is the most commonly deployed SSL/TLS library for servers. Largely because Apache and Nginx tend to use it for their needs.
LibreSSL is a fork of OpenSSL created by the OpenBSD developers after they got sick and tired of all the bloat (dangerous featured enabled by default that no one needs - like heartbeat that led to hearbleed), poor code management, and failure to address many historic bugs even though patches were sent.
OpenBSD developers ripped out about half the code in OpenSSL when they forked it, and then scrutinized what was left, fixing a lot of issues along the way.
The result, in my opinion, is a fork that is fundamentally more secure than OpenSSL.
But I don't use OpenBSD - I use CentOS for my servers, and it will be years before LibreSSL is an option for RHEL / CentOS. Hell, it may never be an option because fips support was ripped out (and justifiably so)
So I made that project to create a LibreSSL RPM for RHEL / CentOS 7 and a LAMP stack built against it, so I can start benefiting from it now.
The project also has very explicit instructions on how to properly set up an Apache web server, including sane selection of the TLS cipher suites to allow.
Anyway just thought I'd share it. Figured there are likely other geeks here too...
