Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That logic might hold for a container platform meant to run other peoples code, but it’s one of the best reasons to not use it in other contexts like load balancers.


My logic is that you probably want a proven, up-to-date crypto/TLS library with a 'standard' API whatever the application.


I thought heartbleed proved this appeal to authority wrong causing liressl to exist in the first place.


OpenSSL is continuously scrutinised and has resources and pressure to fix issues.

A less ubiquitous library is not as scrutinised (so who knows what vulnerabilities lie within?) and has probably not the same resources/pressure to fix.

Forks are often political before anything else.

Fragmentation is not a good thing.


I’m not suggesting you fork it yourself, write your own, or use Joe Schmoe’s SSL library. There are other major implementations such as Amazon’s s2n that have many eyeballs on them daily.

Diversity of infrastructure components confers similar resistance as DNA diversity in the wild.

https://github.com/awslabs/s2n


Go use OpenSSL, see the absolutely horrendous API and then come back and see if you recommend it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: