Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I am a maintainer for rustls (https://github.com/ctz/rustls).
What would your team need to be able to migrate to a different TLS stack that so far has proven to be safer, and passed its first security audit with flying colors? (https://github.com/ctz/rustls/blob/main/audit/TLS-01-report....)
(I am also currently available on part-time freelance basis, feel free to contact me if you need commercial support on your endeavour to structurally address your TLS security issues.)
Somewhat ironically to this circumstance (assuming it doesn't affect LibreSSL), the Void team has just switched back away from LibreSSL which it shipped by default with for years.
Discussion: https://github.com/void-linux/void-packages/issues/20935
That's what I thought, too, but it looks like at least libsodium implements constant-time array comparison in C.
https://github.com/jedisct1/libsodium/blob/ae4add868124a32d4...