Topic: Hobby Project - OpenSSL Removal from CentOS 7 (Read 212 times)

As many are aware, the OpenBSD developers forked OpenSSL 1.0.1g a few years back to create LibreSSL.

Since then they have done many security related changes. Specifically they removed SSLv2 and SSLv3 and many features they believed were not necessary in a TLS library, such as heartbeat.

Little over a year ago I created a project called LibreLAMP that initially just existed to build a modern LAMP stack for CentOS 7 but linking against LibreSSL for the TLS library. That project expanded into many others servers.

Well I have now created a second project (though it requires LibreLAMP) - and that second project aims at the complete removal of OpenSSL.

For this second project, software that links against OpenSSL but isn't already replaced in the LibreLAMP project is rebuilt against LibreSSL.

https://pure.librelamp.com/

I have successfully removed OpenSSL from my CentOS workstation and laptop and three servers I run.

Generally that project uses the same versions of software as CentOS 7 - the why is explained there. Still have a lot of packages to rebuild and I doubt I'll ever have every CentOS/EPEP package that uses OpenSSL rebuilt, but every isn't really my goal - just enough so people who want OpenSSL removed can do so.

-=-

I appreciate the OpenSSL project and since the fork, the OpenSSL project has cleaned up a lot of the code themselves.

But the version of OpenSSL in CentOS 7 is from before that fork, and is a potential security problem, hence my desire at complete removal.