mbed TLS Integrated

mbedtls

Embedthis products including the Appweb and GoAhead web servers have supported a variety of SSL stacks for secure connectivity including: OpenSSL, mbed TLS, MatrixSSL and NanoSSL. However, this has often required separately downloading and building the SSL software. For some SSL stacks, this can be a long and non-trivial exercise to build the SSL stack for your selected operating system.

SSL is increasingly becoming mandatory and not just an option. Securely authenticating users and controlling access to a management interface requires SSL. Further, the emerging HTTP/2 protocol will use SSL by default. Consequently, we have been searching for a simpler way to offer secure SSL connectivity out-of-the-box.

Problems with some SSL Stacks

There are several problems with some existing SSL stacks, especially OpenSSL.

  • Large code size and memory footprint. OpenSSL is well over 1MB just for SSL.
  • Poorly written code that is hard to maintain. The dirty little secret is that OpenSSL has been hacked by many people over a long period of time — and it shows.
  • Hard to build on some operating systems and many embedded operating systems are not supported at all. OpenSSL is very difficult to port.

mbed TLS Advantages

mbed TLS has been designed for embedded use. It is much smaller, simpler and better written. The code is thus easier to maintain and support. Here are some of its features:

  • Small footprint (less that 20% the size of OpenSSL)
  • Simple high-level API
  • Cleanest code of any SSL stack
  • Good documentation and clear samples
  • Easy single file amalgamated build
  • Easy to port to new systems
  • Apache license that can be used in open source and commercial products

Use in Embedthis Software

By integrating mbed TLS into Embedthis products, we gain a small, fast and secure SSL capability that is configured by default. We have integrating mbed TLS into the following products:

Still want to use OpenSSL or another SSL Stack?

If you don’t want to use mbed TLS, you can use the configure program to select an SSL stack of your choice when building Embedthis products. Just use:

./configure --with openssl

or

./configure --with openssl=/path/to/openssl

References

Comments

{{comment.name}} said ...

{{comment.message}}
{{comment.date}}
Comments Closed

Learn

Engage

About Embedthis

Subscribe for News

  • The latest news, tips and articles.

© Embedthis Software® LLC. All rights reserved. Privacy Policy and Terms of Use.

Consent

This web site uses cookies to provide you with a better viewing experience. Without cookies, you will not be able to view videos, contact chat or use other site features. By continuing, you are giving your consent to cookies being used.

OK