|Original author(s)||The OpenSSL Project|
|Developer(s)||The OpenBSD Project|
|Initial release||2.0.0 / 11 July 2014|
|Stable release||) [±]|
|Preview release||2.5.0 (September 27, 2016) [±]|
|Written in||C and assembly|
|Operating system||OpenBSD, FreeBSD, NetBSD, Linux, HP-UX, Solaris, OS X, Windows and others|
|License||Apache license 1.0, 4-clause BSD License, ISC license, and some are public domain|
LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It was forked from the OpenSSL cryptographic software library in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation.
LibreSSL was forked from the OpenSSL library starting with the 1.0.1g branch and will follow the security guidelines used elsewhere in the OpenBSD project.
- 1 History
- 2 Changes
- 3 Security and vulnerabilities
- 4 See also
- 5 Notes
- 6 References
- 7 External links
After the Heartbleed bug in OpenSSL, the OpenBSD team audited the code afresh, and quickly realised they would need to maintain a fork themselves. The libressl.org domain was registered on 11 April 2014; the project announced the name on 22 April 2014.
In the first week of code pruning, more than 90,000 lines of C code were removed. Older or unused code has been removed, and support for some older or now-rare operating systems removed. LibreSSL was initially being developed as an intended replacement for OpenSSL in OpenBSD 5.6, and was then ported back to other platforms once a stripped-down version of the library was stable. As of April 2014[update], the project was seeking a "stable commitment" of external funding.
On 17 May 2014, Bob Beck presented "LibreSSL: The first 30 days, and what the Future Holds" during the 2014 BSDCan conference, in which he described the progress made in the first month, encountered issues, and implemented changes.
On 5 June 2014, several OpenSSL bugs became public. While several projects were notified in advance, LibreSSL was not; Theo de Raadt accused the OpenSSL developers of intentionally withholding this information from OpenBSD and LibreSSL.
On 20 June 2014, Google created another fork of OpenSSL called BoringSSL, and promised to exchange fixes with LibreSSL. Google has already relicensed some of its contributions under the ISC license, as it was requested by the LibreSSL developers. On 21 June 2014, Theo de Raadt welcomed BoringSSL and outlined the plans for LibreSSL-portable. Starting on 8 July, code porting for OS X and Solaris began, while the initial porting to Linux began on 20 June.
On 11 July 2014, the first portable version of LibreSSL was released as version 2.0.0. The first release was quickly followed by 2.0.1 on 13 July, 2.0.2 on 16 July, 2.0.3 on 22 July, 2.0.4 on 3 August, and 2.0.5 on 5 August 2014. Many issues with the first portable release were fixed in the 2.0 series.
With the version 2.1.0, released on 12 October 2014, the rate of changes in LibreSSL became considerably lower and LibreSSL became a usable alternative to OpenSSL. Most of the changes in the 2.1.x versions were related to security vulnerabilities found in OpenSSL.
Version 2.2.0 was released on 11 June 2015 and introduces a preview of a new shared library libtls which aims to provide an easier to use API for SSL/TLS with default secure options. Other additions include AIX and Cygwin support. As usual simplifications and bugfixes are part of the release, many as a result of coverity scanning.
Notable changes in version 2.2 include disabling of SSLv3 and addition of the OPENSSL_NO_EGD flag which is the default for OpenSSL 1.1.0 as well.
Other notable changes in version 2.3 are the removal of SHA-0, which was withdrawn shortly after publication. Also added was OpenBSD's netcat (nc) implementation with TLS support via LibreSSL's libtls library.
Version 2.4.0 was released on 31 May 2016 and adds the official IETF ChaCha20-Poly1305 cipher suites. As of 2.4.2 (released 1 August 2016) this is the latest stable branch with the release of OpenBSD 6.0 (released 1 September 2016).
Version 2.5.0 was released on 28 September 2016 and adds ALPN and SNI support and "secure", "compat", "legacy" and "insecure" cipher suite groups to libtls. Additionally this release contains a constant-time update for CVE-2016-0702.
LibreSSL has been the default provider of TLS for:
- Alpine Linux since 10 October 2016
- Dragonfly BSD
- HardenedBSD in release 11.0
- Morpheus Linux
- OpenBSD since version 5.6
- OpenELEC since version 6.0 beta 2
- the packages of TrueOS (formerly PC-BSD) since version 10.1.2
- Void Linux since 6 August 2014
LibreSSL has been a selectable provider of TLS for:
- the packages of FreeBSD since LibreSSL-portable was added to ports using a ports option
- the packages of OPNsense since version 15.7 selectable as an option in the GUI
- the packages of Gentoo as an ebuild overlay
In more detail, some of the more notable and important changes thus far include replacement of custom memory calls to ones in a standard library (for example,
reallocarray, etc.). This process may help later on to catch buffer overflow errors with more advanced memory analysis tools or by simply observing program crashes (via ASLR, use of the NX bit, stack canaries, etc.).
Fixes for potential double free scenarios have also been cited in the VCS commit logs (including explicit assignments of NULL pointer values). There have been extra sanity checks also cited in the commit logs related to ensuring length arguments, unsigned-to-signed variable assignments, pointer values, and method returns.
In order to maintain good programming practice, a number of compiler options and flags designed for safety have been enabled by default to help in spotting potential issues so they can be fixed earlier (-Wall, -Werror, -Wextra, -Wuninitialized). There have also been code readability updates which help future contributors in verifying program correctness (KNF, white-space, line-wrapping, etc.). Modification or removal of unneeded method wrappers and macros also help with code readability and auditing (Error and I/O abstraction library references).
Changes were made to ensure that LibreSSL will be year 2038 compatible along with maintaining portability for other similar platforms. In addition,
bn_clear calls were added to prevent the compiler from optimizing them out and prevent attackers from reading previously allocated memory.
There were changes to help ensure proper seeding of random number generator-based methods via replacements of insecure seeding practices (taking advantage of features offered by the kernel itself natively). In terms of notable additions made, OpenBSD has added support for newer and more reputable algorithms (ChaCha stream cipher and Poly1305 message authentication code) along with a safer set of elliptic curves (brainpool curves from RFC 5639, up to 512 bits in strength).
Later versions added the following:
- 2.1.0: Automatic ephemeral EC keys
- 2.1.2: Built-in arc4random implementation on OS X and FreeBSD
- 2.1.2: Reworked GOST cipher suite support
- 2.1.3: ALPN support
- 2.1.3: SHA-256 Camellia cipher suites
- 2.1.4: TLS_FALLBACK_SCSV server-side support
- 2.1.4: certhash as a replacement of the c_rehash script
- 2.1.4: X509_STORE_load_mem API for loading certificates from memory (enhance chroot support)
- 2.1.4: Experimental Windows binaries
- 2.1.5: Minor update mainly for improving Windows support, first working 32- and 64-bit binaries
- 2.1.6: libtls declared stable and enabled by default
- 2.2.0: AIX and Cygwin support
- 2.2.1: Addition of EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL, initial Windows XP/2003 support
- 2.2.2: Defines LIBRESSL_VERSION_NUMBER, added TLS_*methods as a replacement for the SSLv23_*method calls, cmake build support
Old insecure features
The initial release of LibreSSL disabled a number of features by default. Some of the code for these features was later removed, including Kerberos, US-Export ciphers, TLS compression, DTLS heartbeat, SSL v2 and SSL v3.
Later versions disabled more features:
- 2.1.1: Following the discovery of the POODLE vulnerability in the legacy SSL 3.0 protocol, LibreSSL now disables the use of SSL 3.0 by default.
- 2.1.3: GOST R 34.10-94 signature authentication
- 2.2.1: Removal of Dynamic Engine and MDC-2DES support
- 2.2.2: Removal of SSLv3 from the openssl binary, removal of Internet Explorer 6 workarounds, RSAX engine.
- 2.3.0: Complete removal of SSLv3, SHA-0 and DTLS1_BAD_VER
- In response to Heartbleed, the heartbeat functionality was one of the first features to be removed
- Unneeded platforms (Classic Mac OS, NetWare, OS/2, VMS, 16-bit Windows, etc.)
- Support for platforms that do not exist, such as big-endian i386 and amd64
- Support for old compilers
- The IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines were removed due to irrelevance of hardware or dependency on non-free libraries
- The OpenSSL PRNG was removed (and replaced with ChaCha20-based implementation of arc4random)
- Preprocessor macros that have been deemed unnecessary or insecure or were already deprecated in OpenSSL for a long time (e.g. des_old.h)
- Older unneeded files for assembly language, C, and Perl (e.g. EGD)
- MD2, SEED functionality
- SSLv3, SHA-0, DTLS1_BAD_VER
The Dual_EC_DRBG algorithm, which is suspected of having a back door, was cut along with support for the FIPS 140-2 standard that required it. Unused protocols and insecure algorithms have also been removed, including the support for FIPS 140-2, MD4/MD5 J-PAKE, and SRP.
One of the complaints of OpenSSL was the number of open bugs reported in the bug tracker that had gone unfixed for years. Older bugs are now being fixed in LibreSSL.
Security and vulnerabilities
Total vulnerabilities between the release of LibreSSL and the release of OpenSSL 1.0.2:
Since the release of OpenSSL 1.0.2
13 July 2014
Shortly after the first portable release, LibreSSL's PRNG was found to not always reseed the PRNG when forking new processes, and to have low entropy for the seed when /dev/urandom was not available as might happen in a chroot jail. LibreSSL refers to this as the 'Linux forking and PID wrap issue'. This was fixed in LibreSSL 2.0.2.
This vulnerability does not apply to OpenSSL and is a result of the refactoring of the PRNG code in LibreSSL.
|- (LibreSSL)||Linux forking and PID wrap issue||not affected||Low,[a] fixed|
6 August 2014
|CVE-2014-3510 (OpenSSL)||Flaw handling DTLS anonymous EC(DH) ciphersuites||medium||fixed|
|CVE-2014-3508 (OpenSSL)||Information leak in pretty printing functions||medium||partially vulnerable, fixed|
|CVE-2014-3509 (OpenSSL)||Race condition in ssl_parse_serverhello_tlsext||medium||fixed|
|CVE-2014-3505 (OpenSSL)||Double Free when processing DTLS packets||medium||not vulnerable|
|CVE-2014-3506 (OpenSSL)||DTLS memory exhaustion||medium||fixed|
|CVE-2014-3507 (OpenSSL)||DTLS memory leak from zero-length fragments||medium||fixed|
|CVE-2014-3511 (OpenSSL)||OpenSSL TLS protocol downgrade attack||medium||fixed|
|CVE-2014-5139 (OpenSSL)||Crash with SRP ciphersuite in Server Hello message||medium||Fixed in 2.0.4 by removing code during the embargo|
|CVE-2014-3512 (OpenSSL)||SRP buffer overrun||high||Fixed in 2.0.4 by removing code during the embargo |
15 October 2014
|CVE-2014-3568 (OpenSSL)||Build option no-ssl3 is incomplete||low||Fixed in 2.3.0 (11 months later) by removing all SSLv3 code|
|CVE-2014-3513 (OpenSSL)||SRTP Memory Leak||high||Fixed in 2.0.2 (3 months earlier)|
|CVE-2014-3567 (OpenSSL)||Session Ticket Memory Leak||medium||Not vulnerable, fixed before first release|
|? (OpenSSL)||SSL 3.0 Fallback protection||medium||LibreSSL disables SSLv3|
Note: LibreSSL reluctantly added TLS_SCSV_FALLBACK in version 2.1.4 "for compatibility with various auditor and vulnerability scanners".
8 January 2015
OpenSSL publishes 8 vulnerabilities discovered by the OpenSSL code review and released version 1.0.1k fixing the vulnerabilities. LibreSSL releases 2.1.4 with fixes for the CVEs that were applicable to LibreSSL.
|CVE-2014-8275 (OpenSSL)||Certificate fingerprints can be modified||low||Fixed|
|CVE-2014-3572 (OpenSSL)||ECDHE silently downgrades to ECDH [Client]||low||Fixed|
|CVE-2014-3570 (OpenSSL)||Bignum squaring may produce incorrect results||low||Fixed|
|CVE-2015-0205 (OpenSSL)||DH client certificates accepted without verification [Server]||low||Fixed|
|CVE-2015-0206 (OpenSSL)||DTLS memory leak in dtls1_buffer_record||moderate||Not vulnerable, fixed before first release|
|CVE-2014-3571 (OpenSSL)||DTLS segmentation fault in dtls1_get_record||moderate||unfixed|
|CVE-2014-3569 (OpenSSL)||no-ssl3 configuration sets method to NULL||low||Not vulnerable|
|CVE-2015-0204 (OpenSSL)||RSA silently downgrades to EXPORT_RSA (FREAK) [Client]||high||Fixed in 2.1.2 (a month earlier)|
19 March 2015
OpenSSL publishes 14 vulnerabilities discovered by the OpenSSL code review and releases versions 1.0.1m and 1.0.2a with fixes for the vulnerabilities. LibreSSL confirms that 5 of these vulnerabilities apply to LibreSSL as well. notably not CVE-2015-0291 which has the highest possible impact rating for OpenSSL since the code was new in the 1.0.2 branch. LibreSSL released 2.1.6 to fix these security issues.
|CVE-2015-0286 (OpenSSL)||Segmentation fault in ASN1_TYPE_cmp||moderate||Fixed|
|CVE-2015-0287 (OpenSSL)||ASN.1 structure reuse memory corruption||moderate||Fixed|
|CVE-2015-0288 (OpenSSL)||X509_to_X509_REQ NULL pointer deref||moderate||Fixed|
|CVE-2015-0289 (OpenSSL)||PKCS7 NULL pointer dereferences||moderate||Fixed|
|CVE-2015-0209 (OpenSSL)||Use After Free following d2i_ECPrivatekey error||low||Fixed|
|CVE-2015-0291 (OpenSSL)||ClientHello sigalgs DoS (1.0.2 only)||high||Affected code is not present|
|CVE-2015-0207 (OpenSSL)||Segmentation fault in DTLSv1_listen (1.0.2 only)||moderate||Not vulnerable|
|CVE-2015-0208 (OpenSSL)||Segmentation fault for invalid PSS parameters (1.0.2 only)||moderate||Affected code is not present|
|CVE-2015-0290 (OpenSSL)||Multiblock corrupted pointer (1.0.2 only)||moderate||Affected code is not present|
|CVE-2015-0292 (OpenSSL)||Base64 decode||moderate||OpenSSL fixed this 9 months earlier, LibreSSL fixed in 10 months earlier before the first release.|
|CVE-2015-0293 (OpenSSL)||DoS via reachable assert in SSLv2 servers||moderate||Affected code is not present|
|CVE-2015-0285 (OpenSSL)||Handshake with unseeded PRNG||low||Not vulnerable (LibreSSL PRNG needs no seeding)|
|CVE-2015-1787 (OpenSSL)||Empty CKE with client auth and DHE (1.0.2 only)||moderate||Not vulnerable (fixed 8 months earlier, before first release)|
11 June 2015
OpenSSL publishes seven vulnerabilities. and releases versions 1.0.1n and 1.0.2b with fixes for the vulnerabilities. LibreSSL confirms that three of these vulnerabilities apply to LibreSSL as well and one is still under review, releases 2.1.7 and 2.2.0.
|CVE-2015-1788 (OpenSSL)||Malformed ECParameters causes infinite loop||medium||Fixed|
|CVE-2015-1789 (OpenSSL)||Exploitable out-of-bounds read in X509_cmp_time||medium||Fixed|
|CVE-2015-1790 (OpenSSL)||PKCS7 crash with missing EnvelopedContent||medium||unfixed|
|CVE-2015-1792 (OpenSSL)||CMS verify infinite loop with unknown hash function||medium||Fixed|
|CVE-2015-1791 (OpenSSL)||Race condition handling NewSessionTicket||low||unfixed|
|CVE-2014-8176 (OpenSSL)||Invalid free in DTLS||medium||Not vulnerable|
|CVE-2015-4000 (OpenSSL)||DHE man-in-the-middle protection (Logjam)||medium||Fixed in 2.1.5 (3 months earlier)|
Note: CVE-2015-4000 was assigned with the second fix for this issue.
9 July 2015
|CVE-2015-1793 (OpenSSL)||Alternative chains certificate forgery||high||Not affected|
15 October 2015
|CVE-2015-5333 (LibreSSL)||Memory leak in OBJ_obj2txt()||not affected||fixed|
|CVE-2015-5334 (LibreSSL)||Buffer overflow in OBJ_obj2txt()||not affected||fixed|
3 December 2015
OpenSSL publishes five vulnerabilities. and releases versions 1.0.1q and 1.0.2e with fixes for the vulnerabilities. OpenBSD announced  to which they were vulnerable and released 2.2.5 and 2.1.9 containing fixes.
|CVE-2015-3193 (OpenSSL)||BN_mod_exp may produce incorrect results on x86_64 (1.0.2 only)||Moderate||not affected (recent mistake in OpenSSL)|
|CVE-2015-3194 (OpenSSL)||Certificate verify crash with missing PSS parameter||Moderate||fixed|
|CVE-2015-3195 (OpenSSL)||X509_ATTRIBUTE memory leak||Moderate||fixed (Not reachable from TLS/SSL)|
|CVE-2015-3196 (OpenSSL)||Race condition handling PSK identify hint||low||Fixed in 2.0.1 (PSK code deleted 18 months earlier)|
|CVE-2015-1794 (OpenSSL)||Anon DH ServerKeyExchange with 0 p parameter (1.0.2 only)||low||not affected|
28 January 2016
OpenSSL publishes two vulnerabilities and updates an earlier vulnerability and releases versions 1.0.1r and 1.0.2f with fixes for the vulnerability. LibreSSL releases versions 2.3.2, 2.2.6 and 2.1.10 containing corrections for the two vulnerabilities.
|CVE-2016-0701 (OpenSSL)||DH small subgroups (1.0.2 only)||High||not affected|
|CVE-2015-3197 (OpenSSL)||SSLv2 doesn't block disabled ciphers||Low||not affected (SSLv2 code deleted 21 months earlier)|
|CVE-2015-4000 (OpenSSL)||Update on DHE man-in-the-middle protection (Logjam)||medium||not affected|
1 March 2016
On 1 March 2016 the OpenSSL project announced releases 1.0.1s and 1.0.2g addressing several security issues.
|CVE-2016-0702 (OpenSSL)||Side channel attack on modular exponentiation||low||unfixed|
|CVE-2016-0703 (OpenSSL)||Divide-and-conquer session key recovery in SSLv2||high||not affected (SSLv2 deleted 2 years earlier)|
|CVE-2016-0704 (OpenSSL)||Bleichenbacher oracle in SSLv2||moderate||not affected (SSLv2 deleted 2 years earlier)|
|CVE-2016-0705 (OpenSSL)||Double free in DSA key parsing||low||Fixed in 2.0.2 (fixed 2 years earlier)|
|CVE-2016-0797 (OpenSSL)||BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption||low||fixed|
|CVE-2016-0798 (OpenSSL)||Memory leak in SRP database lookup||low||Fixed in 2.0.4 (SRP deleted 17 months earlier)|
|CVE-2016-0799 (OpenSSL)||Fix memory issues in BIO_*printf functions||low||not affected (fixed 2 years earlier)|
|CVE-2016-0800 (OpenSSL)||Cross-protocol attack on TLS using SSLv2||high||not affected (SSLv2 deleted 2 years earlier)|
3 May 2016
On 3 May 2016 the OpenSSL project announced releases 1.0.1t and 1.0.2h addressing several security issues.
|CVE-2016-2108 (OpenSSL)||Memory corruption in the ASN.1 encoder||high||fixed in 2.2.7/2.3.4 |
|CVE-2016-2107 (OpenSSL)||Padding oracle in AES-NI CBC MAC check||high||fixed in 2.2.7/2.3.4|
|CVE-2016-2106 (OpenSSL)||EVP_EncodeUpdate overflow||low||fixed in 2.2.7/2.3.4|
|CVE-2016-2109 (OpenSSL)||ASN.1 BIO excessive memory allocation||low||fixed in 2.2.7/2.3.4|
|CVE-2016-2176 (OpenSSL)||EBCDIC overread||low||not affected|
22 September 2016
On 22 September 2016 the OpenSSL project announced releases 1.0.1u, 1.0.2i and 1.1.0a addressing several security issues.
|CVE-2016-6304 (OpenSSL)||OCSP Status Request extension unbounded memory growth||high||fixed in 2.4.3/2.5.0|
|CVE-2016-6305 (OpenSSL)||SSL_peek() hang on empty record||moderate||not affected (bug introduced in 1.1) |
|CVE-2016-2183 (OpenSSL)||SWEET32 Mitigation||low|
|CVE-2016-6303 (OpenSSL)||OOB write in MDC2_Update()||low|
|CVE-2016-6302 (OpenSSL)||Malformed SHA512 ticket DoS||low|
|CVE-2016-2182 (OpenSSL)||OOB write in BN_bn2dec()||low|
|CVE-2016-2180 (OpenSSL)||OOB read in TS_OBJ_print_bio()||low|
|CVE-2016-2177 (OpenSSL)||Pointer arithmetic undefined behaviour||low|
|CVE-2016-2178 (OpenSSL)||Constant time flag not preserved in DSA signing||low||fixed in 2.3.6/2.4.1 |
|CVE-2016-2179 (OpenSSL)||DTLS buffered message DoS||low|
|CVE-2016-2181 (OpenSSL)||DTLS replay protection DoS||low|
|CVE-2016-6306 (OpenSSL)||Certificate message OOB reads||low|
|CVE-2016-6307 (OpenSSL)||Excessive allocation of memory in tls_get_message_header()||low|
|CVE-2016-6308 (OpenSSL)||Excessive allocation of memory in dtls1_preprocess_fragment()||low|
26 September 2016
On 26 September 2016 the OpenSSL project announced releases 1.0.2j and 1.1.0b addressing several security issues introduced by regressions in the 22 September 2016 release.
|CVE-2016-6309 (OpenSSL)||Fix Use After Free for large message sizes||critical||not affected|
|CVE-2016-7052 (OpenSSL)||Missing CRL sanity check||moderate||not affected|
10 November 2016
On 10 November 2016 the OpenSSL project announced the following CVEs
|CVE-2016-7054 (OpenSSL)||CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack||high||not affected |
|CVE-2016-7053 (OpenSSL)||Applications parsing invalid CMS structures can crash with a NULL pointer dereference.||moderate||not affected|
|CVE-2016-7055 (OpenSSL)||Carry propagating bug in the Broadwell-specific Montgomery multiplication||low||not affected|
- No official rating for this vulnerability is available, however another PRNG seeding issue, CVE-2015-0285 "Handshake with unseeded PRNG", has been rated as low.
- "LibreSSL: Releases". 2016-11-06. Retrieved 2016-11-29.
- "LibreSSL: Releases". 2016-09-27. Retrieved 2016-10-08.
- "LibreSSL Releases".
- Unangst, Ted (22 April 2014). "Origins of libressl". flak. Retrieved 24 April 2014.
- Kemer, Sean Michael (22 April 2014). "After Heartbleed, OpenSSL Is Forked Into LibreSSL". eWeek. Retrieved 24 April 2014.
- "Not Just a Cleanup Any More: LibreSSL Project Announced". Slashdot. 22 April 2014. Retrieved 24 April 2014.
- M, Constantine (17 May 2014). Soulskill, ed. "30-Day Status Update On LibreSSL". Slashdot.
- Seltzer, Larry (21 April 2014). "OpenBSD forks, prunes, fixes OpenSSL". Zero Day. ZDNet. Retrieved 21 April 2014.
- Hessler, Peter (15 April 2014). "OpenBSD has started a massive strip-down and cleanup of OpenSSL". OpenBSD Journal. Retrieved 24 April 2014.
- Brodkin, Jon (22 April 2014). "OpenSSL code beyond repair, claims creator of "LibreSSL" fork". Ars Technica. Retrieved 24 April 2014.
- McCallion, Jane (22 April 2014). "Heartbleed: LibreSSL scrubs "irresponsible" OpenSSL code". PC Pro. Retrieved 23 April 2014.
- Larabel, Michael (9 May 2014). "OpenBSD Affirms That LibreSSL Will Be Portable". Phoronix. Retrieved 30 May 2014.
- Beck, Bob (17 May 2014). "LibreSSL: The first 30 days, and what the Future Holds Slides". Retrieved 17 May 2014.
- "Re: OpenSSL seven security fixes". oss-sec (Mailing list). 5 June 2014. Retrieved 9 June 2014.
- de Raadt, Theo (5 June 2014). "Re: new OpenSSL flaws". openbsd-misc (Mailing list). Retrieved 9 June 2014.
- Langley, Adam (20 June 2014). "BoringSSL (20 Jun 2014)". ImperialViolet. Retrieved 21 June 2014.
- Goodin, Dan (20 June 2014). "Google unveils independent "fork" of OpenSSL called "BoringSSL"". Ars Technica. Retrieved 21 June 2014.
- Sing, Joel (21 June 2014). "OpenBSD — lib/libssl/src/crypto/evp evp_aead.c e_chacha20poly1305.c". Retrieved 21 June 2014.
- de Raadt, Theo (21 June 2014). "Boringssl and such". openbsd-tech (Mailing list). Retrieved 28 October 2015.
- Beck, Bob (8 July 2014). "OpenBSD - lib/libcrypto/crypto getentropy_osx.c getentropy_solaris.c".
- Beck, Bob (20 June 2014). "OpenBSD — lib/libcrypto/crypto getentropy_linux.c".
- "Index of /pub/OpenBSD/LibreSSL". 11 July 2014. Retrieved 11 July 2014.
- Beck, Bob (11 July 2014). "First release of LibreSSL portable is available". openbsd-announce (Mailing list). Retrieved 11 July 2014.
- Beck, Bob (13 July 2014). "LibreSSL 2.0.1 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Beck, Bob (16 July 2014). "LibreSSL portable 2.0.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Beck, Bob (22 July 2014). "LibreSSL 2.0.3 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Beck, Bob (3 August 2014). "LibreSSL 2.0.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (8 August 2014). "LibreSSL 2.0.5 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Unangst, Ted (28 September 2014). "LibreSSL: More Than 30 Days Later". Retrieved 9 June 2014.
- Beck, Bob (12 October 2014). "LibreSSL 2.1.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (11 June 2015). "LibreSSL 2.1.7 and 2.2.0 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (23 September 2015). "LibreSSL 2.3.0 released". openbsd-announce (Mailing list).
- Cook, Brent (1 June 2016). "LibreSSL 2.4.0/2.3.5/2.2.8 Released". openbsd-announce (Mailing list).
- Cook, Brent (28 September 2016). "LibreSSL 2.5.0/2.4.3/2.3.8 Released". openbsd-announce (Mailing list).
- "Alpine edge has switched to libressl". Natanael Copa. Retrieved 10 October 2016.
- "[Beta] git: Switch base to use private LibreSSL libaries [sic]". John Marino. Retrieved 7 September 2016.
- "LibreSSL Enabled By Default". Shawn Webb. Retrieved 16 September 2016.
- Jacoutot, Antoine (1 November 2014). "OpenBSD 5.6 Released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- "PC-BSD Evolves into TrueOS". Retrieved 16 September 2016.
- Mark VonFange. "PC-BSD 10.1.2: an Interview with Kris Moore". Official PC-BSD Blog. Retrieved 15 October 2015.
- "LibreSSL enabled by default". Void Linux. Retrieved 15 October 2015.
- "Add DEFAULT_VERSIONS=ssl=XXX".
- "OPNsense version 15.7 Released". OPNsense. Retrieved 15 October 2015.
- "Project:LibreSSL - Gentoo".
- Orr, William (23 April 2014). "A quick recap over the last week". OpenSSL Valhalla Rampage. Retrieved 30 April 2014.[self-published source?]
- "OpenBSD LibreSSL CVS Calloc Commits".
- "OpenBSD LibreSSL CVS Double Free Commits".
- "OpenBSD LibreSSL CVS insecure seeding".
- "OpenBSD LibreSSL CVS Kernel Seeding".
- "LibreSSL-portable ChangeLog". LibreSSL.
- Beck, Bob (9 December 2014). "LibreSSL 2.1.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (22 January 2015). "LibreSSL 2.1.3 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (4 March 2015). "LibreSSL 2.1.4 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (17 March 2015). "LibreSSL 2.1.5 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (19 March 2015). "LibreSSL 2.1.6 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (9 July 2015). "LibreSSL 2.2.1 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Cook, Brent (6 August 2015). "LibreSSL 2.2.2 released". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- Beck, Bob (16 October 2014). "LibreSSL 2.1.1 released".
- "OpenBSD LibreSSL CVS OPENSSL_NO_HEARTBEATS".
- Miod Vallat. "Remove support for big-endian i386 and amd64".
- Perlroth, Nicole (10 September 2013). "Government Announces Steps to Restore Confidence on Encryption Standards". The New York Times. Retrieved 9 May 2014.
- "The future (or lack thereof) of LibreSSL's FIPS Object Module".
- Vallat, Miod (10 November 2014). "Re: CVS: cvs.openbsd.org: src". openbsd-cvs (Mailing list). Retrieved 28 October 2015.
- Ayer, Andrew (13 July 2014). "LibreSSL's PRNG is Unsafe on Linux".
- "OpenSSL Security Advisory [6 Aug 2014]". 6 August 2014.
- "Remove SRP code". 28 July 2014.
- "OpenSSL Security Advisory [15 Oct 2014]". 15 October 2014.
- Sing, Joel (15 October 2015). "Disable SSLv3 by default.". openbsd-cvs (Mailing list). Retrieved 28 October 2015.
- "OpenSSL Security Advisory [08 Jan 2015]". 8 January 2015.
- Reclassified from low to high
- "OpenSSL Security Advisory [19 Mar 2015]". 19 March 2015.
- Beck, Bob (19 March 2015). "Official word outbound: Of the 13 CVE's only 5 affect #LibreSSL".
- "OpenSSL Security Advisory [11 Jun 2015]". 11 June 2015.
- "OpenSSL Security Advisory [09 Jul 2015]". 9 July 2015.
- Beck, Bob (9 July 2015). "#LibreSSL is not vulnerable to CVE-2015-1793".
- "Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)". oss-security (Mailing list). 15 October 2015. Retrieved 28 October 2015.
- OpenSSL does not contain these
- Unangst, Ted (15 October 2015). "Oct 15 OpenBSD errata and LibreSSL releases". openbsd-announce (Mailing list). Retrieved 28 October 2015.
- "OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015]". 4 December 2015.
- "OpenBSD errata, Dec 3, 2015" (Mailing list). 3 December 2015.
- "LibreSSL 2.2.5 and 2.1.9 released" (Mailing list). 8 December 2015.
- "OpenSSL Security Advisory [28 Jan 2016]". 28 January 2016.
- "LibreSSL 2.3.2, 2.2.6, and 2.1.10 released". 28 January 2016.