On Mon, 2004-10-11 at 14:19, Jon Bendtsen wrote:
> Den 11. okt 2004, kl. 13:54, skrev Jörn Hartmann:
> > Maybe I'm wrong, but I think think it's hardly possible to strip
> > openssl down to less than 32K and keep full SSL functionality. You
> > might have more luck in writing your own SSL implementation. That will
> > be tough enough assuming you got only a fraction of the 32K left for
> > the encryption part.
>
> i know, and i might consider making a broken SSL implementation, such
> that only some clients can connect, and stuff like that. Further more
> i do not need to generate a certificate inside the device. I was
> thinking of keeping:
> one of AES/blowfish/3DES (depending on what browsers support).
> RSA
> certificate checking
> CRL checking
Even with some heavy chainsaw work on OpenSSL, I don't think you'll
manage getting down to 32KB. I saw some numbers on the list in the past
of people targetting embedded platforms, but they were of several 100KB.
I suspect a lot of people would be interested in a version of OpenSSL
supporting the subset and sizes you are talking about. Unfortunately
this means a lot more work than not compiling some unnecessary fetures.
If you don't mind working with GPL code, you should look at
http://www.matrixssl.org/ because they are down to the order of magitude
you are talking about (http://www.matrixssl.org/docs.html). If GPL is an
issue for your work, you can buy a licence from them. Or from other
proprietary editors: Mocana (http://www.mocana.com/ssl.html), Spyrus
(http://www.spyrus.com/content/products/DeviceSSL_N7.asp), etc...
Sincerely,
--
Mathias Brossard <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
