SSL/TLS library side by side comparison

in code by DP | 8 comments

BrianĀ stumbled on thisĀ side by side comparison of SSL/TLS libraries and gave his review of it:

So in summary of what code bases I find usable from a licensing prospective:
TropicSSL and axTLS are clear winners in terms of the license
CyaSSL and PolarSSL are GPL V2 + FLOSS which is less desirable

Next I looked at the code bases.

CyaSSL looks the most complex, and that is born out in terms of the code size (27kLOC). Meanwhile PolarSSL/TopicSSL and axTLS come in at less than half of that with 12-14kLOC.

In terms of file/module organization TropicSSL/XySSL/PolarSSL looks a bit better than axTLS at least at first glance.

I conclude that if I want to have the most robust SSL/TSL I should look to port CyaSSL. If I want the freest SSL I should adopt axTLS or TropicSSL/XySSL. axTLS is still maintained by the original author while XySSL is not.

Via the forum.

This entry was posted in code and tagged , , .


  1. Roberto Lombi says:

    SChannel i guess S is for “secure”… or maybe for “strict”.

  2. Don says:

    Isn’t the title wrong – it should be SSL/TLS (Transport Layer Security) – or am I missing something?

  3. Tiersten says:

    I was confused for a minute until I read the linked forum post where Brian states that this is from the point of view of embedded systems. OpenSSL is taken out of consideration despite being BSD licensed because it only supports the big platforms like Windows, Linux etc…

  4. Drone says:

    This is missing a columnt: BEAST vulnerability!

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.