libressl - An SSL/TLS protocol implementation

Distribution: openSUSE 42.2
Repository: openSUSE Update Oss all
Package name: libressl
Package version: 2.3.4
Package release: 3.1
Package architecture: x86_64
Package type: rpm
Installed size: 528.70 KB
Download size: 243.89 KB
Official Mirror:
LibreSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It derives from OpenSSL, with the aim of refactoring the OpenSSL code so as to provide a more secure implementation.



  • config(libressl) = 2.3.4-3.1
  • libressl = 2.3.4-3.1
  • libressl(x86-64) = 2.3.4-3.1


  • openssl


    Install Howto

    Install libressl rpm package:

    # zypper install libressl


    • /etc/ssl/openssl.cnf
    • /etc/ssl/x509v3.cnf
    • /usr/bin/openssl
    • /usr/share/doc/packages/libressl/COPYING
    • /usr/share/man/man1/openssl.1ssl.gz


    2017-01-23 - - Add ecs.diff [bnc#1019334]

    2016-05-04 - - Update to new upstream release 2.3.4 [boo#978492, boo#977584] * Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.

    2016-03-23 - - Update to new upstream release 2.3.3 * cert.pem has been reorganized and synced with Mozilla's certificate store

    2016-02-02 - - Update to new upstream release 2.3.2 * Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD construction introduced in RFC 7539, which is different than that already used in TLS with EVP_aead_chacha20_poly1305(). * Avoid a potential undefined C99+ behavior due to shift overflow in AES_decrypt. - Remove 0001-Fix-for-OpenSSL-CVE-2015-3194.patch, 0001-Fix-for-OpenSSL-CVE-2015-3195.patch (included)

    2015-12-11 - - Add 0001-Fix-for-OpenSSL-CVE-2015-3194.patch, 0001-Fix-for-OpenSSL-CVE-2015-3195.patch [boo#958768]

    2015-11-04 - - Update to new upstream release 2.3.1 * ASN.1 cleanups and RFC5280 compliance fixes. * Time representations switched from "unsigned long" to "time_t". LibreSSL now checks if the host OS supports 64-bit time_t. * Changed tls_connect_servername to use the first address that resolves with getaddrinfo(). * Fixed a memory leak and out-of-bounds access in OBJ_obj2txt, * Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of sizeof(RC4_CHUNK). - Drop CVE-2015-5333_CVE-2015-5334.patch (merged)

    2015-10-16 - - Security update for libressl: * CVE-2015-5333: Memory Leak [boo#950707] * CVE-2015-5334: Buffer Overflow [boo#950708] - adding CVE-2015-5333_CVE-2015-5334.patch

    2015-09-24 - - Update to new upstream release 2.3.0 * SSLv3 is now permanently removed from the tree. * libtls API: The read/write functions work correctly with external event libraries. See the tls_init man page for examples of using libtls correctly in asynchronous mode. * When using tls_connect_fds, tls_connect_socket or tls_accept_fds, libtls no longer implicitly closes the passed in sockets. The caller is responsible for closing them in this case. * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no longer supported. * SHA-0 is removed, which was withdrawn shortly after publication 20 years ago.

    2015-08-30 - - Update to new upstream release 2.2.3 * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted. This release corrects the handling of such messages.

    2015-08-17 - - drop /etc/ssl/cert.pem