Looking for a High Level C++ SSL Library

Question

I checked out quite a few SSL librarys tonight. OpenSSL looks good but lacks documentation, as most of them do. I thought I hit the jackpot when I found NetSieben's SSL C++ Library (http://www.netsieben.com/products/ssh/index.phtml) but after hours, I am unable to get it to compile. It says it needs Botan's lib, but absolutely no information how to link it to Botan or anything.

So I am looking for a fairly easy to use SSL library. I am just using it for a client application to connect to an already existing server.

For C++, I believe your two choices are Crypto++ and Botan. Crypto++ and Botan are similar. Botan has TLS (which Crypto++ lacks), and Botan is C++11. I think Botan is a little cleaner than Crypto++, but Crypto++ is better documented. Crypto++ supports more platforms, but Botan is a strong second. I cut-in Solaris support for Crypto++ and helped with Botan. I also helped cut-in ARM support for both. Both are very good libraries. — jww, Jan 26 '17 at 11:58

David R. · Answer 1 · 2013-07-15T11:49:44.003

To give a more thorough answer: There are a number of SSL libraries that are better documented than OpenSSL, which is notoriously bad.

If you look at the grand picture, the real alternatives as an SSL library are Botan, PolarSSL, Mozilla NSS, Wolf and GnuTLS.

All except Botan are not C++ specific so they do not have nice C++ objects and resource management.

My personal preference for SSL library is PolarSSL, because of the readability of the code, in-header API documentation and just general good experiences with it. It is used in some large FOSS projects and they have some kind of government accreditation.

I'm not a real fan of the wrappers like Boost.Asio as they still lack the proper documentation for the more in depth things. Boost.Asio itself is quiet ok and the examples are pretty decent though. If you only need a simple client, this might be the way to go.

Mozilla NSS is one of the older ones, but it does not support the newer TLS 1.1 and TLS 1.2 standards, which they actually should.

Both Botan and CyaSSL are good alternatives too. Botan documentation is thorough on some parts and perhaps a bit lacking on other parts, but some large open source projects include Botan and have good experiences with it.

In general, you can do a lot better than OpenSSL with any of these.

Hope this helps!

Mozilla's NSS is still actively updated and currently supports TLS v1.1, v1.2 and v1.3. — Adrian B., Aug 20 '20 at 23:33

score 9 · Answer 2 · answered Nov 21 '10 at 14:48

9

Boost.Asio provides SSL capabilities by wrappering OpenSSL. The examples are fairly straightforward, for client-code it looks something like this

ssl::context ctx(my_io_service, ssl::context::sslv23);
ctx.set_verify_mode(ssl::context::verify_peer);
ctx.load_verify_file("ca.pem");

ssl::stream<ip::tcp::socket> ssl_sock(my_io_service, ctx);
ip::tcp::socket::lowest_layer_type& sock = ssl_sock.lowest_layer();
sock.connect(my_endpoint);
sock.handshake();
sock.write(...);

note there are asynchronous methods async_connect and async_handshake and async_write too.

answered Nov 21 '10 at 14:48

Sam Miller

23,808
4
67
87

we use Asio; MbedTLS is an excellent library by itself; wondering if anyone did a port of Asio for using a TLS library other than OpenSSL (there is a WolfSSL port) https://www.wolfssl.com/wolfssl-support-asio-boost-asio-c-libraries/ – Pedro Vicente May 18 '20 at 17:44
@PedroVicente Here's a GnuTLS port of Boost Asio SSL: https://github.com/paullouisageneau/boost-asio-gnutls – ruben2020 Oct 17 '21 at 15:40

score 6 · Answer 3 · answered Dec 14 '12 at 08:12

6

For a simple well-documented SSL library, you could look at https://polarssl.org.

PolarSSL has full API documentation and example clients on its source page.

Disclaimer: I'm the lead-maintainer for PolarSSL

answered Dec 14 '12 at 08:12

Paul

1,337
11
11

score 3 · Answer 4 · answered Nov 21 '10 at 05:06

3

Mozilla NSS is a relatively better documented set of libraries.

answered Nov 21 '10 at 05:06

wkl

77,184
16
165
176

Also cross-platform and well supported. It is not a C++ library though so you'll have to live with ugly error-prone C-style resource management unless you write your own wrapper classes. – President James K. Polk Nov 21 '10 at 13:01

score 0 · Accepted Answer · edited Feb 04 '13 at 22:12

0

You might like CyaSSL, which is another SSL implementation. You can download it at http://www.yassl.com.

edited Feb 04 '13 at 22:12

Max MacLeod

26,115
13
104
132

answered Nov 21 '10 at 19:42

Larry

40
1

2

He asked for a C++ library, not an embedded C library. – jww Jan 26 '17 at 11:58

Looking for a High Level C++ SSL Library

5 Answers5

Linked