Abandon Ship! It's Time to Ditch OpenSSL

2014-04-09

Theo de Raadt is known for general assholery, but when he says “OpenSSL is not developed by a responsible team”, there are very good reasons for him to say that. The project has been a mess for a long time, and this Heartbleed situation has brought it all to the forefront.

It’s long past time to ditch OpenSSL. Firefox and Chrome use NSS, which seems as good an alternative as any.

(Interestingly, there was a proposal to switch Chrome to OpenSSL just a few months ago. Yeah, let’s not.)