iTnews

Google forks OpenSSL into BoringSSL

By Juha Saarinen, iTnews on Jun 23, 2014 5:00AM
Google forks OpenSSL into BoringSSL

Will continue to fund Core Infrastructure Initiative.

Google will develop its own version of the OpenSSL open source Secure Sockets Layer/Transport Layer Security (SSL/TLS) cryptographic library used to authenticate and secure internet traffic.

Adam Langley, a security engineer with the web services giant, announced the "forking" of OpenSSL into BoringSSL, saying Google will continue to use the code from the former and contribute its own.

Langley said Google had been using a number of patches on top of OpenSSL, with some being accepted into the main code repository of the open source cryptographic library. Others however are too experimental to fit in with OpenSSL's application programming and binary interfaces (API and ABI) stability.

... as Android, Chrome and other products have started to need some subset of these patches, things have grown very complex. The effort involved in keeping all these patches (and there are more than 70 at the moment) straight across multiple code bases is getting to be too much. - Langley

Another fork of OpenSSL, created after Heartbleed, by the OpenBSD secure operating system team is LibreSSL. Langley said BoringSSL will import changes from LibreSSL and that they too can take code from the Google project.

To this end, Google has re-licensed its earlier OpenSSL contributions under the Internet Software Consortium license, as requested by those maintaining LibreSSL.

The BoringSSL name is "aspirational and not yet a promise", Langley wrote.

Langley also said Google will continue to fund the Core Infrastructure Initiative, which in May this year announced it would support the OpenSSL project in the wake of the Heartbleed security issue.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
heartbleed info libressl openbsd openssl sec security software ssl tls

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Juha Saarinen, iTnews
Jun 23 2014
5:00AM
0 Comments

Related Articles

  • Salesforce open sources malicious server scanner
  • Mimecast says hackers hijacked its products
  • Apple loses court case against security vendor Corellium
  • Experts who wrestled with SolarWinds hackers say cleanup could take months
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.