OpenSSL Static Library too big, any alternative or way to reduce its size?

Question

I have used pre-build static libs of OpenSSL 1.0, but it makes my binary too big, (increase its size by about 800Kb in release mode).

I do not need most of the feature of OpenSSL such as BIO, I use my own sockets, therefore in the code I am only using a couple of SSL_XXXXXXXXX calls(SSL_accept(3) or SSL_connect(3), SSL_read(3) and SSL_write(3))

My only requirement is support SSLv2/v3 with winsock on windows, and sockets on linux for both client and server side (for C++)

Is there anyway to make OpenSSL much smaller (maybe by compiling it myself) or, in last resort, any other good but more lightwight SSL library that meet my requirements? The lib must be linked staticly.

Thanks you

Answer 1

I think you want this page, particular the section on code size:

https://en.wikipedia.org/w/index.php?title=Comparison_of_TLS_implementations&oldid=585386367#Code_size_and_dependencies

(dated December 2013)

update: Alas no longer a part of the updated page.

Answer 2

You can try compiling it yourself with --ffunction-sections and --fdata-sections, which tells gcc to put each function and global data variable in a separate section inside the object.

(When using static libraries, the linker copies the entire object which contains the needed function from the archive to the application.)

Answer 3

OpenSSL does have a large number of compile-time options to control what features are built. I believe that the SSL functions use BIOs underneath, so you'll still need those, but there's a lot of other functionality you can probably go without (like ciphers you won't use, envelope encryption, S/MIME support...).

I'm not sure how much it will reduce the binary size by, but it's worth a try.