Google Forks OpenSSL
Google has announced a fork of the OpenSSL code base, which they have dubbed "BoringSSL." Secure Sockets Layer (SSL) adds encrypted communication to the TCP/IP protocol that gives life to the Internet. The recent Heartbleed exploit and other high-profile vulnerabilities have exposed some fundamental problems with SSL. The Linux Foundation and other organizations have responded by launching the Core Infrastructure Initiative, with the goal of updating SSL and other important Internet tools.
Google has maintained a customized SSL for many years in order to support Android, Chrome, and other Internet-ready products. According Google developer Adam Langley, some of the Google patches have been accepted into the OpenSSL respository, and others have not. By forking their own project, they save the trouble of having to reintegrate their own customizations with each OpenSSL release.
One could easily interpret the move as a challenge or a vote of no confidence for the Core Infrastructure Iniaitive, but actually, Google is one of the founding contributors of the Core Infrastructure Iniative and publically supports the effort to ungrade OpenSSL. In this case, the goals appear to be more technical than political, but it is possible that if these customizations are already built into Chrome and Android, Google does not want to risk the instability that might follow a major upgrade to the OpenSSL code base.
The characterization of the code as "boring" presumably implies that the project intends to fix SSL, so it will no longer be fodder for the headlines. According Langley, the name is "aspirational and not yet a promise."
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.