Google Unveils BoringSSL, Another Flavor of OpenSSL
2014-06-23, 04:03 PM,
#1
[Image: BoringSSL-Openssl.jpg]

Quote:The open source encryption protocol, OpenSSL, which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data, came to everybody's attention following the Heartbleed vulnerability, a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not intend to reveal.
Now, the biggest Internet giant Google is launching a new fork of OpenSSL, which they dubbed as BoringSSL, developed by its own independent work with the code.

"We have used a number of patches on top of OpenSSL for many years," Adam Langley, a cryptography engineer and Google employee, wrote in a blog post introducing BoringSSL. "Some of them have been accepted into the main OpenSSL repository, but many of them don't mesh with OpenSSL's guarantee of API and ABI stability and many of them are a little too experimental."

So, from now on, the websites have three choices from three separate versions of OpenSSL to implement the secure socket layer and transport layer security protocols in order to enable secure connections while transmitting data.

Till now, Google makes use of its modified version of OpenSSL in its different products such as Chrome, Android, and various other things, that has been substantially rewritten and audited for potential security vulnerabilities.

But, now in an effort to integrate its code into a single and consistent library and to handle its massive amount of in-house patches, Google is releasing BoringSSL that can be easily distributed across many of its independent projects.

"But we’ll also be more able to import changes from LibreSSL and they are welcome to take changes from us," said Langley. "We have already relicensed some of our prior contributions to OpenSSL under an ISC license at their request and completely new code that we write will also be so licensed."

A few weeks after the terror of Heartbleed bug, the developers of OpenBSD operating system took initiative and announced LibreSSL under its new project Theo de Raadt. The OpenBSD project aims to provide a more trustworthy platform.

Along with its own fork of OpenSSL, Google will continue to contribute the OpenBSD foundation and the Core Infrastructure Initiative, which is at least $100,000 a year for at least three years in funding to OpenSSL developers so that they can improve OpenSSL’s badly written code base.

According to the blog post, BoringSSL is developed in such a way that strips out a number of Application Programing Interfaces (APIs) and Application Binary Interfaces (ABIs), and will change a much of its current code so that it's more readable and easier to maintain.

"There are no guarantees of API or ABI stability with this code: we are not aiming to replace OpenSSL as an open-source project," he wrote. "We will still be sending them bug fixes when we find them and we will be importing changes from upstream. Also, we will still be funding the Core Infrastructure Initiative and the OpenBSD Foundation."

This is really a good initiative taken by Google to build a strong community by putting up an enough of its initial efforts to get the ball rolling.
"We know you all want this tomorrow," the project's homepage states. "We are working as fast as we can but our primary focus is good software that we trust to run ourselves. We don't want to break your heart."

Source
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Can you live without google lizha11 11 157 2017-08-29, 04:27 PM
Last Post: kickstart
  How many times do you use google in a day? salen72 24 739 2017-07-12, 12:22 PM
Last Post: kreema
  Google fined a record €2.4 billion by the EU for manipulating search results HawkEye 13 448 2017-07-11, 02:43 AM
Last Post: skop88ka
  Google CEO received nearly US $200 million salary last year Samarbete 8 402 2017-05-04, 02:23 AM
Last Post: bratt01
  Google is planning to add adblocker in there chrome browser shahanavaasu 6 325 2017-05-03, 11:43 AM
Last Post: pantrish




About Us | Contact Us | CPA Elites | Advertise | Stats | Staff Team

© 2013-2017 CPA Elites Ltd
Enhanced by MyBB and WallBB
Return to top