[Toybox] [RFC] ktls is in 4.13.

Rob Landley rob at landley.net
Fri Sep 8 17:02:53 PDT 2017


On 09/07/2017 12:14 AM, scsijon wrote:
> 
>>
>> Part of my frustration is openssl and bearssl don't have quite the same
>> command line syntax. There's no standard "stunnel blah" command line I
>> can use that's implementation independent. Otherwise I'd just do the
>> "pipe it through a child process" thing and be done with it. (Might
>> still, it's just nontrivial.)
>>
>>> scsijon
> 
>>
>> Rob
>>
> 
> And just now i've found about Libressl (libressl.org) to maybe add to
> your woes, I wonder if they would be willing to work with you?

libressl and boringssl are forks of openssl that happened after
heartbleed reminded everybody OpenBSD doesn't really care about Linux
(except when it needs money).

Bearssl is independently developed (clean C, mit licensed, reasonably
usable in an embedded environment). PolarSSL used to be another one but
the company behind it changed and relicensed it and I stopped paying
attention. There are a dozen others:

  https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations

(Sadly, dropbear is not one. Many people have asked him to add it over
the years, but apparently it's significantly different plumbing. Which
makes openssh depending on openssl kinda confusing, but ok...)

Rob


More information about the Toybox mailing list