libressl - An SSL/TLS protocol implementation

Distribution: openSUSE 42.1
Repository: openSUSE Update Oss all
Package name: libressl
Package version: 2.3.0
Package release: 10.1
Package architecture: x86_64
Package type: rpm
Installed size: 528.70 KB
Download size: 242.71 KB
Official Mirror:
LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation.



  • config(libressl) = 2.3.0-10.1
  • libressl = 2.3.0-10.1
  • libressl(x86-64) = 2.3.0-10.1


  • openssl


    Install Howto

    Install libressl rpm package:

    # zypper install libressl


    • /etc/ssl/openssl.cnf
    • /etc/ssl/x509v3.cnf
    • /usr/bin/openssl
    • /usr/share/doc/packages/libressl/COPYING
    • /usr/share/man/man1/openssl.1ssl.gz


    2017-01-23 - - Add ecs.diff [bnc#1019334]

    2015-12-11 - - Add 0001-Fix-for-OpenSSL-CVE-2015-3194.patch, 0001-Fix-for-OpenSSL-CVE-2015-3195.patch [bsc#958768]

    2015-10-16 - - Security update for libressl: * CVE-2015-5333: Memory Leak [boo#950707] * CVE-2015-5334: Buffer Overflow [boo#950708] - adding CVE-2015-5333_CVE-2015-5334.patch

    2015-09-24 - - Update to new upstream release 2.3.0 * SSLv3 is now permanently removed from the tree. * libtls API: The read/write functions work correctly with external event libraries. See the tls_init man page for examples of using libtls correctly in asynchronous mode. * When using tls_connect_fds, tls_connect_socket or tls_accept_fds, libtls no longer implicitly closes the passed in sockets. The caller is responsible for closing them in this case. * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no longer supported. * SHA-0 is removed, which was withdrawn shortly after publication 20 years ago.

    2015-08-30 - - Update to new upstream release 2.2.3 * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted. This release corrects the handling of such messages.

    2015-08-17 - - drop /etc/ssl/cert.pem

    2015-08-17 - - Avoid file conflict with ca-certificates by dropping /etc/ssl/certs

    2015-08-09 - - Update to new upstream release 2.2.2 * Incorporated fix for OpenSSL issue #3683 [malformed private key via command line segfaults openssl] * Removed workarounds for TLS client padding bugs, removed SSLv3 support from openssl(1), removed IE 6 SSLv3 workarounds, removed RSAX engine. * Modified tls_write in libtls to allow partial writes, clarified with examples in the documentation. * Building a program that intentionally uses SSLv3 will result in a linker warning. * Added TLS_method, TLS_client_method and TLS_server_method as a replacement for the SSLv23_*method calls. * Switched `openssl dhparam` default from 512 to 2048 bits * Fixed `openssl pkeyutl -verify` to exit with a 0 on success * Fixed dozens of Coverity issues including dead code, memory leaks, logic errors and more.

    2015-07-13 - - Update to new upstream release 2.2.1 [bnc#937891] * Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API * Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL * Removed Dynamic Engine support * Removed unused and obsolete MDC-2DES cipher * Removed workarounds for obsolete SSL implementations * Fixes and changes for plaforms other than GNU/Linux

    2015-06-12 - - Update to new upstream release 2.2.0 * Removal of OPENSSL_issetugid and all library getenv calls. Applications can and should no longer rely on environment variables for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still supported with the openssl(1) command. * libtls API and documentation additions * fixed: * CVE-2015-1788: Malformed ECParameters causes infinite loop * CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time * CVE-2015-1792: CMS verify infinite loop with unknown hash function (this code is not enabled by default) * already fixed earlier, or not found in LibreSSL: * CVE-2015-4000: DHE man-in-the-middle protection (Logjam) * CVE-2015-1790: PKCS7 crash with missing EnvelopedContent * CVE-2014-8176: Invalid free in DTLS