Hello,
an interesting move from the OpenWRT project: > Switch from wolfssl to mbedtls as default > ========================================= > > OpenWrt has transitioned its default cryptographic library from wolfssl > to mbedtls. This shift brings several changes and implications: > > * Size Efficiency: mbedtls is considerably smaller, making it an > optimal choice for systems where storage space is paramount. > * LTS and ABI Stability: mbedtls consistently provides updates via its > Long Term Support (LTS) branch, ensuring both security and a stable > application binary interface (ABI). In contrast, wolfssl does not > offer an LTS release, and its stable ABI is limited to a specific set > of functions. > * TLS 1.3 Support: Users should be aware that mbedtls 2.28 no longer > supports TLS 1.3. > > While mbedtls is now the default, users who have specific needs or > preferences can still manually switch back to wolfssl or choose openssl. As per: http://lists.openwrt.org/pipermail/openwrt-announce/2023-October/000047.html Size Efficiency does not matter a lot in the context of haproxy, and TLSv1.3 is a must-have, but I'm surprisedFYI about the point about LTS and ABI Stability in wolfssl and I'm wondering if this is really the case? cheers, lukas
