Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I get that. But then, keeping that legacy stuff running is just as problematic as rolling your own crypto. We can leave OpenSSL as it is but it shouldn't be the popular recommendation for developers.

They should have another library which, like I said, actively deprecates obsolete and insecure practices but in a way that makes the update process digestible for people depending on it.



>We can leave OpenSSL as it is but it shouldn't be the popular recommendation for developers.

OpenSSL isn't a recommendation for developers. For TLS, LibreSSL and BoringSSL are. For other stuff, libsodium is.

The only reason I've picked OpenSSL, is it has a higher level library (pyca/cryptography) that gives bindings to X448.


> I get that. But then, keeping that legacy stuff running is just as problematic as rolling your own crypto.

Both problems are from the lack of knowledge, but latter one is orders of magnitude harder to fix.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: