Michał Górny notified of the decision to end support for LibreSSL as an alternative to OpenSSL. From February 1, 2021, LibreSSL and the associated USE flags will be hidden.
Advanced users can continue to use LibreSSL, but Gentoo maintainers warn that patches within the Gentoo ecosystem will no longer be accepted (downstream patches).
LibreSSL users are encouraged to switch to OpenSSL and update USE flags by that date. The official migration instructions include:
1. Removing libressl from the USE flags and from the CURL_SSL parameter 2. Download the necessary packages for migration using: emerge –fetchonly dev-libs / openssl net-misc / wget emerge – fetchonly –deep –changed-use @world
3. Rebuild packages emerge –deselect dev-libs / libressl emerge –changed-use –deep @world
Arguments are given as a justification for dropping support for LibreSSL that since its appearance in 2014, as a competitor to stagnant OpenSSL , the latter was able to restore the required pace of development. In addition, over time, LibreSSL itself has become the cause of lagging and growing problems related to incompatibility with the OpenSSL implementation. This, in turn, led to delays in the delivery of security patches and regular version updates. In addition, some projects, such as Qt, refuse to support LibreSSL, and shift the work of solving compatibility problems to the distribution developers.
According to the Gentoo maintainers, the only advantage LibreSSL currently has over OpenSSL is functionality. implemented in a separate library libtls. It will be accessible, and a ported version will be shipped as a “dev-libs / libretls” package citing OpenSSL. Fork libtls based on OpenSSL evolving a > within a separate project LibreTLS , which allows building programs written for libtls using OpenSSL and LibreTLS instead of LibreSSL.