Menu
Google develops own 'boring' version of OpenSSL

Google develops own 'boring' version of OpenSSL

A Google engineer wrote the project isn't designed to replace OpenSSL

Google is developing its own version of OpenSSL that will be more appropriate for its own software products, which have been using the critical encryption component for years with customized patches.

The project, tentatively dubbed "BoringSSL," isn't designed to replace OpenSSL, wrote Adam Langley, a Google software engineer, on his personal blog. Google will contribute its changes to the OpenSSL open-source project and use bug fixes from that team, he wrote.

OpenSSL is widely used software code that encrypts content between a client and a server. OpenSSL's code is undergoing a close examination after a vulnerability nicknamed "Heartbleed" was disclosed on April 7 that could potentially allow hackers to steal data or compromise the encrypted connection.

Google has developed its own patches for OpenSSL, but those patches weren't always compatible with APIs (application programming interfaces) and ABIs (application binary interfaces), Langely wrote.

Products such as Android and Chrome have needed subsets of those patches, and now there are as many as 70 patches across multiple code bases which has become too complex, Langley wrote.

"So we're switching models to one where we import changes from OpenSSL rather than rebasing on top of them," he wrote. "The result of that will start to appear in the Chromium repository soon and, over time, we hope to use it in Android and internally too."

Google's version of OpenSSL still won't necessarily support the APIs and ABIs in OpenSSL, he wrote.

The company will also incorporate code changes from LibreSSL, a fork of OpenSSL started after the Heartbleed by some developers dissatisfied with OpenSSL. LibreSSL has undertaken a large project examining OpenSSL's code for flaws and making improvements.

Concern was raised following the Heartbleed flaw about the dependence of many operating systems and software products on OpenSSL and the relative little funding behind the project. Since then, major technology companies launched the Core Infrastructure Initiative, which is aimed at shoring up underfunded open-source projects and employing full-time developers.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Googlesecuritysoftwareencryptiondata protection

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments