1libtls(7) BSD Miscellaneous Information Manual libtls(7)
2
4 LibreTLS — libtls for OpenSSL
5
7 LibreTLS is a port of libtls from LibreSSL to OpenSSL. libtls:
8 https://man.openbsd.org/tls_init.3
9 is “a new TLS library, designed to make it easier to write foolproof
10 applications”.
11 libtls provides an excellent new API, but LibreSSL can be difficult to
13 install on systems which already use OpenSSL. LibreTLS aims to make the
14 libtls API more easily and widely available.
15 Releases
17 LibreTLS is based on LibreSSL-portable:
18 https://www.libressl.org/releases.html
19 sources. LibreTLS releases track LibreSSL releases, starting with ver‐
20 sion 3.2.0. If patches must be released between LibreSSL releases, the
21 letter ‘p’ followed by an increasing digit starting from 1 will be added
22 to the version number.
23 LibreTLS release tarballs are available from .:
25 https://causal.agency/libretls/
26 Compatibility
28 The libtls provided by LibreTLS is ABI-compatible with the libtls pro‐
29 vided by the corresponding LibreSSL release.
30 The behaviour of LibreTLS and LibreSSL differs in how the root certifi‐
32 cates are loaded by default. LibreSSL uses a hardcoded path to a CA bun‐
33 dle file, while LibreTLS uses the default CA locations of OpenSSL, which
34 may include a CA directory. To restore the behaviour of LibreSSL, call
35 tls_config_set_ca_file(3) with the path returned by
36 tls_default_ca_cert_file(3). All other behaviour should be identical.
37 LibreTLS targets the OpenSSL 1.1.1 series. Due to a bug in OpenSSL, only
39 versions 1.1.1b and newer are known to work.
40 Platform Support
42 LibreTLS should work on the same platforms as LibreSSL-portable:
43 https://www.libressl.org/releases.html,
44 though it has not been thoroughly tested on platforms other than Linux,
45 FreeBSD and macOS.
46 License
48 libtls consists of all new code developed as part of OpenBSD under
49 OpenBSD's preferred license:
50 https://www.openbsd.org/policy.html
51 of ISC. Some compat sources are under the 3-clause BSD license or the
52 MIT license.
53 LibreTLS is not encumbered by the dual-licensing of OpenSSL under both
55 the OpenSSL license and the original SSLeay license, which are incompati‐
56 ble with the GNU General Public License. When OpenSSL 3.0 is released
57 under the Apache 2.0 license, software under the GPLv3 will be able to
58 link against LibreTLS and OpenSSL without additional permissions.
59
61 To install from a release tarball, run the following:
62 ./configure
64 make all
65 make install
66 To install from a git checkout, autoconf, automake and libtool are
68 required. Run the following before continuing with the steps above:
69 autoreconf -fi
71
73 LibreTLS is maintained by June Bug <june@causal.agency>.
74 LibreSSL is developed by The OpenBSD project: https://www.openbsd.org.
76Causal Agency August 3, 2020 Causal Agency