How to replace OpenSSL with LibreSSL globally?

Asked 3 years, 1 month ago

Modified 3 years, 1 month ago

Viewed 3k times

2

In light of the upcoming critical OpenSSL 3.0.7 security fix, how do I change NixOS over to use LibreSSL globally instead of OpenSSL?

edited Oct 29, 2022 at 3:25

asked Oct 29, 2022 at 2:27

53.6k48 gold badges225 silver badges398 bronze badges

Add a comment |

1 Answer 1

Sorted by:

11

From the official GitHub page:

Compatibility with OpenSSL:

LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet present in OpenSSL. The current common API subset is OpenSSL 1.0.1.

LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily earlier releases of LibreSSL. You will need to relink your programs to LibreSSL in order to use it, just as in moving between major versions of OpenSSL. LibreSSL's installed library version numbers are incremented to account for ABI and API changes.

TLDR: You can't. That will require extensive patching of source code and recompilation.

edited Oct 31, 2022 at 8:01

53.6k48 gold badges225 silver badges398 bronze badges

answered Oct 29, 2022 at 7:01

Artem S. Tashkinov

33k5 gold badges53 silver badges93 bronze badges

Add a comment |

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.