[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A new open-source TLS implementation

To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>, openldap-technical@openldap.org
Subject: Re: A new open-source TLS implementation
From: Howard Chu <hyc@symas.com>
Date: Thu, 2 Jul 2015 16:21:04 +0100
In-reply-to: <20150702135201.GA19787@slab.skills-1st.co.uk>
References: <20150702135201.GA19787@slab.skills-1st.co.uk>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Andrew Findlay wrote:

Amazon have just announced a completely new implementation of TLS.
By avoiding all the history and ignoring features that they don't need
the code has been cut by a factor of 10 when compared with the equivalent
part of OpenSSL. OpenSSL or some other crypto library is still needed,
but this is surely worth a look for future use with LDAP:

http://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a-New-Open-Source-TLS-Implementation
https://github.com/awslabs/s2n/blob/master/README.md

I've used PolarSSL in the past, for tighter memory constrained projects.They're so good at what they do that ARM bought them.


https://tls.mbed.org/

It's also a complete crypto library, not just the TLS protocol implementation.

Kinda wonder why Amazon wasted their time on this one. libcurl currentlysupports 11 different TLS implementations (and I wrote the modular frameworkfor all of them). The world really didn't need another one.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: A new open-source TLS implementation
  - From: Jerry <jerry@seibercom.net>

References:
- A new open-source TLS implementation
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: A new open-source TLS implementation
Next by Date: Re: A new open-source TLS implementation
Index(es):
- Chronological
- Thread