Hello,
New releases of the following packages are available:
* skalibs-2.4.0.2
---------------
Bugfix release. It is necessary to upgrade to this release for the new
version of s6-networking to work.
http://skarnet.org/software/skalibs/
git://git.skarnet.org/skalibs
* s6-networking-2.2.1.0
---------------------
This release of s6-networking comes with 4 optional new binaries:
s6-tlsclient, s6-tlsserver, s6-tlsc, s6-tlsd. Those binaries implement
secure connections via the TLS protocol. s6-tlsclient and s6-tlsserver
act like s6-tcpclient and s6-tcpserver respectively; s6-tlsc and s6-tlsd
are the "tlsify" blocks that put themselves between the network
and the cleartext-speaking application.
Building those binaries requires an additional dependency to a SSL
library, called a "backend". After installing the chosen backend, you
can tell s6-networking to use it by giving the "--enable-ssl=$backend"
option to configure.
There are two supported values for $backend:
* "libressl" . This requires installing LibreSSL 2.4.4 or later.
This is the default, safe choice.
* "bearssl". This requires installing BearSSL 0.1 or later. BearSSL is
a new SSL library being developed by Thomas Pornin, a renowned
cryptologist. Choosing BearSSL is still experimental (it will only be
considered production-ready by its author when it reaches version 1.0),
but it's working for me successfully. The reason to choose BearSSL over
LibreSSL is that BearSSL's design is incredibly high-quality. It is much
more maintainable than the OpenSSL/LibreSSL code base; it requires a
ridiculously small amount of RAM to run; static x86_64 executables for
s6-tlsc and s6-tlsd are, when linked against BearSSL, 10% of the size
they are when using LibreSSL. (Yes, that's a 90% size reduction.)
Given that LibreSSL is ubiquitous and BearSSL already looks amazing and
will likely be production-ready next year, there are no plans to add
further backends.
http://skarnet.org/software/s6-networking/
git://git.skarnet.org/s6-networking
https://libressl.org/
https://bearssl.org/
Enjoy,
Bug-reports *especially* welcome. I spent a long time ironing out small
issues in s6-tlsc and s6-tlsd, but if any problems remain, it is
particularly important to handle them quickly.
--
Laurent
Received on Sun Dec 04 2016 - 14:35:50 UTC