Google has launched its unique interpretation of the commonly implemented OpenSSL library, playfully designated as a “fork” and called BoringSSL. This OpenSSL alternative operates as a notable cryptographic software that gained visibility in the aftermath of the significant threat posed by the Heartbleed vulnerability to a myriad of websites.
The emergence of BoringSSL means that there are now three distinct versions of OpenSSL in operation, primarily used to initiate secure socket layer and transport layer security protocols on about half a million websites around the world. The engineers of the OpenBSD operating system introduced LibreSSL shortly after the revelation of Heartbleed. Google has taken additional measures to ensure that BoringSSL does not unjustly compete or meddle with these independent initiatives. A notable measure among others is Google’s continuous dedication to the Core Infrastructure Initiative, through which a $100,000 fund is donated to aid OpenSSL developers in modernizing their outdated code base.
Still, fully understanding the workings of these forks or deciding the correct one to use isn’t precisely straightforward. A discourse on the Hackernews forum may provide some elucidation on this subject.
The discussions in the forum highlight Google’s strategy, which has been simplified from necessitating the reapplication of patches with each new OpenSSL release, to managing their branch (BoringSSL) and drawing and merging alterations from the original OpenSSL. The other parts of the conversation revolve around the advantages and disadvantages of implementing one method over the other.
In his blog post the previous Friday, Langley represented BoringSSL as a more streamlined version of OpenSSL, which eliminated multiple APIs and ABIs. Despite initially inciting more competition for limited funding and overall public attention, the launch of BoringSSL continues to be met with positive commentary.
Updated in 2025 to align with recent developments.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
