LibreSSL Portable is a free version of the SSL/TLS protocol forked from OpenSSL, and developed by the OpenBSD project. LibreSSL is developed as part of the OpenBSD system, with lots of ancient cruft and security woes already fixed. The portable version for other Unices is developed alongside.
documentation, documentation,: Other than the version number, it is identical to LibreSSL 3.3.2.It includes the following changes from LibreSSL 3.2.2:New Features.Support for DTLSv1.2.Continued rewrite of the record layer for the legacy stack.Numerous and interoperability were in the new verifier. Afew and incompatibilities remain, so this release uses the old verifierby default.The OpenSSL 1.1 TLSv1.3 API is not yet available.Portable Improvements.Added '--enable-libtls-only' build option, which builds and installs astatically-linked libtls, skipping libcrypto and libssl. This is useful forsystems that ship with OpenSSL but wish to also package libtls.Update getentropy on Windows to use Cryptography Next Generation (CNG).wincrypt is deprecated and no longer works with newer Windows environments,such as in Windows Store apps.API and Documentation Enhancements.Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360,draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds.Add support for SSL_get_shared_ciphers(3) with TLSv1.3.Add DTLSv1.2 methods.Implement SSL_is_dtls(3) and use it internally in place of the SSL_IS_DTLSmacro.Provide EVP_PKEY_new_CMAC_KEY(3).Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h.Add DTLSv1.2 to openssl(1) s_server and s_client protocol message logging.Provide SSL_use_certificate_chain_file(3).Provide SSL_set_hostflags(3) and SSL_get0_peername(3).Provide various DTLSv1.2 specific functions and defines.Document meaning of '*' in the genrsa output.Updated documentation for SSL_get_shared_ciphers(3).Add documentation for SSL_get_finished(3).Document EVP_PKEY_new_CMAC_key(3).Document SSL_use_certificate_chain_file(3).Document SSL_set_hostflags(3) and SSL_get0_peername(3).Update SSL_get_version(3) manual for DTLSv.1.2 support.Make supported protocols and options for DHE params more prominent intls_config_set_protocols(3).Various documentation improvements around TLS methods.Compatibility Changes.Make openssl(