> On Jan 9, 2018, at 9:24 AM, Perry E. Metzger <pe...@piermont.com> wrote: > > On Mon, 8 Jan 2018 18:47:14 +0100 Jan Stary <h...@stare.cz> wrote: >> Hi Jeremy, >> >>> On Sat, Dec 02, 2017 at 06:03:17AM -0800, Jeremy Huddleston >>> Sequoia wrote: >>>> There are some things that I want to do to the port (and >>>> OpenSSL) >> >> It would be very nice if all ports currently depending on openssl >> would build against libressl, and we could get rid of openssl >> in favor of the way-superior libressl (until Apple replaces >> it system wide. ha ha ha.) > > I'm not sure I agree with the claim that libressl is necessarily > better. There are certainly SSL libraries out there like BoringSSL > that probably are better, but I am not sure it is particularly safe > switching to them.
Yeah, I BorgingSSL website says this: https://boringssl.googlesource.com/boringssl/ "Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.” If projects link statically against an SSL library, then BoringSSL maybe fine, but probably not as a shared library used by many packages. Blair
