SSL/TLS library side by side comparison

in code by DP | 9 comments

BrianĀ stumbled on thisĀ side by side comparison of SSL/TLS libraries and gave his review of it:

So in summary of what code bases I find usable from a licensing prospective:
TropicSSL and axTLS are clear winners in terms of the license
CyaSSL and PolarSSL are GPL V2 + FLOSS which is less desirable

Next I looked at the code bases.

CyaSSL looks the most complex, and that is born out in terms of the code size (27kLOC). Meanwhile PolarSSL/TopicSSL and axTLS come in at less than half of that with 12-14kLOC.

In terms of file/module organization TropicSSL/XySSL/PolarSSL looks a bit better than axTLS at least at first glance.

I conclude that if I want to have the most robust SSL/TSL I should look to port CyaSSL. If I want the freest SSL I should adopt axTLS or TropicSSL/XySSL. axTLS is still maintained by the original author while XySSL is not.

Via the forum.

This entry was posted in code and tagged , , .

Comments

  1. Roberto Lombi says:

    SChannel i guess S is for “secure”… or maybe for “strict”.

  2. Don says:

    Isn’t the title wrong – it should be SSL/TLS (Transport Layer Security) – or am I missing something?

  3. Tiersten says:

    I was confused for a minute until I read the linked forum post where Brian states that this is from the point of view of embedded systems. OpenSSL is taken out of consideration despite being BSD licensed because it only supports the big platforms like Windows, Linux etc…

  4. Drone says:

    This is missing a columnt: BEAST vulnerability!

  5. Hi!

    Nice article. Here’s some comments:

    1. Thanks go out to Nikos Mavrogianopoulus and Simon of GNU TLS fame for putting together the original unbiased comparison of TLS implementations. Chris Conlon of wolfSSL extended their work and put it up the original comparison on wikipedia. It is gratifying to us that people find it useful.

    2. In regard to CyaSSL and code size:
    a. It is correct that it is the most robust of the bunch, and hence the largest code base.
    b. CyaSSL and probably the others all have numerous build options to make them small. Those build options are not spelled out in the comparison.
    c. Conclusion: If you take a deeper look at any of the above, they can all look a lot more simple if you assess the build options. CyaSSL, for example, can get pretty tiny if you exclude all of our optional ciphers and the older versions of TLS.

    LS

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.