Google exchanges OpenSSL in Chrome for its own fork

Spread the love

Google is going to swap OpenSSL for BoringSSL, its own fork of the OpenSSL project. In addition, changes in the OpenSSL code are implemented. According to Google, it is more practical to have your own fork of OpenSSL.

Until now, Google used OpenSSL, one of the widely used ssl/tls suites, in Google Chrome, Chrome OS and Android. In addition, Google itself already implemented patches that had not yet been approved by OpenSSL. However, the search giant is now taking a different approach: the company is integrating its own OpenSSL fork BoringSSL in Chrome.

In addition, the company will still implement incoming patches from the OpenSSL team, and pass on bug fixes to that same team. Also with LibreSSL, a fork of the OpenSSL project by OpenBSD, patches and bugs will be shared. It is not yet known when BoringSSL will be added in the stable version of Chrome. In time, Android should also get BoringSSL instead of OpenSSL.

It is unclear to what extent the decision was motivated by Heartbleed, a major bug in OpenSSL that allowed attackers to read the internal memory of the server. The BoringSSL project was already started before that bug came to light.

You might also like
Exit mobile version