Reputation: 323
I have looked around for good SSL/TLS libraries that support TLS 1.2
I also want to use this library on an embedded platform so it should be small, easy, secure and free. It should be a c/c++ library.
So far i have come across Cyassl, Polarssl Matrixssl a lot so i think that one of these should be a good choice (Openssl is way too big).
Now i would like to know why people use one over the other.
Upvotes: 20
Views: 19188
Reputation: 796
Ok.. Just for starters they all do the same. All three can run on embedded platforms. The difference is where their focus is.
From my personal experience:
PolarSSL has loads of documentation, an understandable API, examples, and gives you the ability to actually delve into the code and understand what is happening. In my experience this is a great plus in case you need to debug a specific issue. They only provide Makefile / CMake / MSVC project files, so the task to include it in your embedded environment is yours.
Cyassl's code is harder to understand and tweak. But they have more pre-made Makefiles for specific development platforms. Depending on your environment this might weigh in (for me it rarely does). In a number of comparisons I did as a subcontractor, they are pricier than PolarSSL though.
Pick MatrixSSL if you don't have budget constraints ;) Definitely the priciest of all and I found no specific reasons to actually use it though in comparison to the alternatives..
With the whole NSA / PRISM thing around: If you want something specifically built in the US, then Cyassl is the best choice. If you want something non-US, PolarSSL is the only sane choice.
So if by free you mean: I'm going to use it in an Open Source project, then price does not matter. The verdict from the community: PolarSSL has good adoption in OpenVPN, Cyassl in MySQL.
Upvotes: 22