Google is dropping OpenSSL in its latest beta of Chrome. The company is switching to its own forked version, called BoringSSL, in an attempt to streamline security patches and offer better protection to its users.
OpenSSL is the software that’s used online for secure connections: the type you need when using online banking, or transferring information securely. It’s created and maintained as open source software and updated mostly through the work of volunteers.
Despite that it’s one of the most important pieces of software online, and when something goes wrong – such as the recent case of the Heartbleed bug - everyone takes notice.
Google is saying that with all the recent security patches that have been added on to OpenSSL the software was becoming too convoluted to be implemented in Chrome, and as such they’ve opting for their own in-house developed version, BoringSSL. Interested folks will be able to test out this new implementation through the Chromium dev channel.
Finally Google says it’s not trying to replace OpenSSL and that they’ll continue to support and donate to the open project as well as exchange bug fixes and security patches going forward.
43 Comments - Add comment