# Looks like we have BearSSL coming to FreeBSD 12.1



## Phishfry (Oct 7, 2019)

Here is a short explanation on what BearSSL does.


			Import BearSSL ? (Adding verification to loader)
		



			BSDCan2019: Improving security of the FreeBSD boot process


----------



## CoTones (Oct 8, 2019)

No wonder its Juniper Co... great influence on FreeBSD... BearSSL vs LibreSSL:

Current version is 0.6. It is now considered beta-quality software.
The whole of BearSSL is published under the MIT License.

LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014.
License    Apache License 1.0, 4-clause BSD license, ISC license, public domain.


----------



## Beastie (Oct 8, 2019)

Still, this looks interesting. But I very much doubt it'll be part of 12.1R.


----------



## Phishfry (Oct 8, 2019)

FreeBSD 12.1-RELEASE Release Notes
					

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.




					www.freebsd.org
				





> BearSSL has    been imported to the base system. [r343281]





CoTones said:


> BearSSL vs LibreSSL:


Did you read the literature? Totally different use cases.


----------



## CoTones (Oct 8, 2019)

Well
"All the code to do signature verification, fingerprint matching etc,
in fact the entire mini-veriexec for the loader adds only about 80K.
Last I looked at trying to achieve the same using OpenSSL - I gave up at
6M"

Don't know for sure if the same can be made with LibreSSL. Quite probably. If not - please share your knowledge.

Still, Juniper and FreeBSD for security purposes want to use probably very talented guys crypto project that's in beta. Great.


----------



## Phishfry (Oct 8, 2019)

This will be in base but only in the /src tree.
Not built by default but another tool that can be used.
I look at it like all other tools in the /src/tools/ directory.
Some are rather dated and creaky. So a beta grade project that brings us secure boot process is better than no software whatsoever.
I am sure with time this project will mature.
My comments about LibreSSL were more focused on the nature.
LibreSSL is meant to be a drop in replacement for OpenSSL.
BearSSL has another focus.


----------

