letskencrypt is yet another Let's Encrypt client, but one with a
strong focus on security. It is still under development.
It supports the following operations:
* Account registration (see the -n flag).
* Domain certificate signing.
* Domain certificate revocation (see the -r flag).
Many parts of the process are run as jailed unprivileged processes.
Vault is a tool for securely accessing secrets. A secret is anything that you
want to tightly control access to, such as API keys, passwords, certificates,
and more. Vault provides a unified interface to any secret, while providing
tight access control and recording a detailed audit log.
<...>
ok jasper@
While this bring a nice speed improvement over libgcrypt-1.6.5, it
requires newer gcc or clang. Since libgcrypt is a requirement for
tons of ports, using clang here means that you end up building two huge
compilers before building anything useful.
pclmul alone is supported by base gcc and is still used for GCM.
ok ajacoutot@ (maintainer)
*) Prevent padding oracle in AES-NI CBC MAC check
*) Fix EVP_EncodeUpdate overflow
*) Fix EVP_EncryptUpdate overflow
*) Prevent ASN.1 BIO excessive memory allocation
*) EBCDIC overread
*) Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
*) Remove LOW from the DEFAULT cipher list, removing single DES
from the default.
*) Only remove the SSLv2 methods with the no-ssl2-method option.
When the methods are enabled and ssl2 is disabled the methods return
NULL. (i.e. restore ABI compat with pre-1.0.2g cf. SSLv2_*_method)
Those ports use bsd.obj.mk, which doesn't like it if BSDSRCDIR doesn't point
to a defined place.
(found by doing a bulk on a chroot in a somewhat more hostile setup than usual)
