6

I am researching different SSL/TLS library for embedded devices.

I would like to know what people think the pros and cons for each of these libraries would be, and if there are specific use cases for any of these libraries.

Kajal S
  • 69
  • 1
  • 3
  • You asked exactly the same question some days ago and it was closed as off-topic. What makes you think that it gets suddenly on-topic? – Steffen Ullrich Apr 22 '21 at 05:02
  • 4
    @SteffenUllrich I don't know what you mean by off-topic, it was closed because Stack-overflow does not allow questions to directly ask for software recommendations, however it said I could edit the question to make sure it's not asking for a recommendation. That's what I did, I don't think I did anything wrong. It hasn't been closed again so I think that means it's on-topic. – Kajal S Apr 27 '21 at 16:34
  • SO is about addressing more specific question, typically something not working is expected or maybe no idea on what the best approach to a problem is from a choice of several etc. Your question is a very broad one instead. It is not about solving a problem, it is about others collecting all the information for you about the various SSL libraries and on top of this also giving opinions about it (which is also off-topic). This is not *"I am researching"* but this is expecting others do the research for you. – Steffen Ullrich Apr 27 '21 at 16:55

1 Answers1

6

To start out, all three libraries will accomplish the same things, just one might be better served for your use case. All three are open source, will run on embedded systems and, with the exception of Mbed TLS, support TLS 1.3.

OpenSSL

  • Supports TLS 1.3
  • Runs on higher-end embedded systems but has a much larger codebase and was not designed with embedded systems in mind. Some porting may be required depending on the platform.

Mbed TLS

  • Does not support TLS 1.3
  • Has good documentation and is more intuitive than OpenSSL.
  • Easy to understand and use API.

wolfSSL

  • Supports TLS 1.3
  • Intended for embedded systems so the codebase is much smaller.
  • Great documentation with prebuilt examples for various platforms.
  • Most up to date project with constant updates and security fixes.
ethan129
  • 61
  • 1
  • 5
    Probably worth mentioning that if end-product is intended for commercial use (not open source), as of Aug 2021, wolfSSL [requires obtaining a commercial license per each SKU](https://www.wolfssl.com/license/), while others don't require any payments. – Nik Aug 30 '21 at 11:37
  • An opinion of author of Lighttpd webserver: "In my personal opinion (intentionally repeating that), the mbedTLS code is much higher quality, though mbedTLS is admittedly behind the competition in not currently supporting TLS 1.3 and OCSP stapling." https://github.com/openwrt/packages/issues/18851#issuecomment-1172971889 – Sergey Ponomarev Jul 07 '22 at 11:23
  • The MbedTLS also has a licensing problem https://github.com/OpenVPN/openvpn/commit/110eee0288cff0720952a2cf16c4fb191d0bd616 – Sergey Ponomarev Jul 07 '22 at 11:24
  • 2
    I think Mbed TLS supports TLS 1.3 now. – Mihir Luthra Apr 24 '23 at 23:15