1libtls(7) BSD Miscellaneous Information Manual libtls(7)
2
4 LibreTLS — libtls for OpenSSL
5
7 LibreTLS is a port of libtls from LibreSSL to OpenSSL. libtls:
8 https://man.openbsd.org/tls_init.3 is “a new TLS library, designed to
9 make it easier to write foolproof applications”.
10 libtls provides an excellent new API, but LibreSSL can be difficult to
12 install on systems which already use OpenSSL. LibreTLS aims to make the
13 libtls API more easily and widely available.
14 Releases
16 LibreTLS is based on LibreSSL-portable:
17 https://www.libressl.org/releases.html sources. LibreTLS releases track
18 LibreSSL releases, starting with version 3.2.0. If patches must be re‐
19 leased between LibreSSL releases, the letter ‘p’ followed by an increas‐
20 ing digit starting from 1 will be added to the version number.
21 LibreTLS release tarballs are available from
23 https://causal.agency/libretls/
24 Compatibility
26 The libtls provided by LibreTLS is ABI-compatible with the libtls pro‐
27 vided by the corresponding LibreSSL release.
28 The behaviour of LibreTLS and LibreSSL differs in how the root certifi‐
30 cates are loaded by default. LibreSSL uses a hardcoded path to a CA bun‐
31 dle file, while LibreTLS uses the default CA locations of OpenSSL, which
32 may include a CA directory. To restore the behaviour of LibreSSL, call
33 tls_config_set_ca_file(3) with the path returned by
34 tls_default_ca_cert_file(3). All other behaviour should be identical.
35 LibreTLS targets the OpenSSL 1.1.1 series. Due to a bug in OpenSSL, only
37 versions 1.1.1b and newer are known to work. LibreTLS is compatible with
38 OpenSSL 3.0.0 but hasn't been ported away from deprecated APIs.
39 Platform Support
41 LibreTLS should work on the same platforms as LibreSSL-portable:
42 https://www.libressl.org/releases.html, though it has not been thoroughly
43 tested on platforms other than Linux, FreeBSD and macOS.
44 License
46 libtls consists of all new code developed as part of OpenBSD under
47 OpenBSD's preferred license: https://www.openbsd.org/policy.html of ISC.
48 Some compat sources are under the 3-clause BSD license or the MIT li‐
49 cense.
50 LibreTLS is not encumbered by the dual-licensing of OpenSSL under both
52 the OpenSSL license and the original SSLeay license, which are incompati‐
53 ble with the GNU General Public License. When OpenSSL 3.0 is released
54 under the Apache 2.0 license, software under the GPLv3 will be able to
55 link against LibreTLS and OpenSSL without additional permissions.
56
58 To install from a release tarball, run the following:
59 ./configure
61 make all
62 make install
63 To install from a git checkout, autoconf, automake and libtool are re‐
65 quired. Run the following before continuing with the steps above:
66 autoreconf -fi
68
70 LibreTLS is maintained by June McEnroe <june@causal.agency>.
71 LibreSSL is developed by The OpenBSD project: https://www.openbsd.org
73Causal Agency February 27, 2022 Causal Agency