LibreSSL languishes on Linux

Posted Jan 5, 2021 13:23 UTC (Tue) by cortana (subscriber, #24596)
In reply to: LibreSSL languishes on Linux by dannyobrien
Parent article: LibreSSL languishes on Linux

In the most recent Cryptographic Right Answers, one (group of) cryptographers simply has this to say:

Use AWS ALB/ELB or OpenSSL, with LetsEncrypt.
If you can pay AWS not to care about this problem, we recommend you do that.
Otherwise, there was a dark period between 2010 and 2016 where OpenSSL might not have been the right answer, but that time has passed. OpenSSL has gotten better, and, more importantly, OpenSSL is on-the-ball with vulnerability disclosure and response.
Using anything besides OpenSSL will drastically complicate your system for little, no, or even negative security benefit. So just keep it simple.
Speaking of simple: LetsEncrypt is free and automated. Set up a cron job to re-fetch certificates regularly, and test it.
Avoid: offbeat TLS libraries like PolarSSL, GnuTLS, and MatrixSSL.

Latacora recommendation 2018 not considering Mbed TLS

Posted Jan 5, 2021 15:43 UTC (Tue) by ber (subscriber, #2142) [Link]

Seems their recommendation update 2018 did not consider progress on https://en.wikipedia.org/wiki/Mbed_TLS since 2014, because that is the year where it was renamed from PolarSSL.