Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

False sense of security? They provided the best SSL stack for years, and for free. Everybody knew for long that OpenSSL was a mess, and the harsh reality is that no one wanted to take care of it beside the few (almost benevolent) OpenSSL developers.

So now, the OpenBSD guys come in with their almighty attitude, while they knew about it for years and didn't bother to do anything about it before. No one wanted to do that job before Heartbleed, so yeah, it's really uncalled for to be that rude. We should all be grateful the OpenSSL team did what they did for so long.



You must been living on an island over the last years. "OpenSSL was the best SSL stack for years?" Best no, only fast.

PolarSSL (now "mbed TLS") is the best, to the best definition of best.

Still better than OpenSSL, which was known to be fast but insecure and poorly managed, are the stacks used the biggest clients:

  * NSS used by Chrome, Mozilla, et al 
  * GnuTLS used by exim, GNOME, et al.
I'm not at all grateful to the OpenSSL team for using horrible software practices and putting their clients into danger.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: