Re: [openssl-users] Evaluation of OpenSSL stack software
On Fri, Dec 22, 2017 at 8:40 PM, Viktor Dukhovni wrote: > > > > On Dec 22, 2017, at 11:33 PM, J Decker wrote: > > > > Very similar to OpenSSL 1.0.2, plus its own extensions. That's not > exactly > > "same". > > > > The same in that I can link/compile against either and not change any > application code... not speaking of internals, just the API. > > Well, that's not actually true. There are API differences. There > is a large common intersection that covers many legacy applications, > but newer features in each library are not present in the other. > Any many current applications. This app was all done with recent docs on recent version and I found 0 incompabilities. I did run into a beta feature for 1.1.0 that was something about setting the fragment size... https://github.com/libressl-portable/portable/issues/214 but again that wasn't in 1.0 stable openssl either so... > > -- > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Evaluation of OpenSSL stack software
> On Dec 22, 2017, at 11:33 PM, J Decker wrote: > > Very similar to OpenSSL 1.0.2, plus its own extensions. That's not exactly > "same". > > The same in that I can link/compile against either and not change any > application code... not speaking of internals, just the API. Well, that's not actually true. There are API differences. There is a large common intersection that covers many legacy applications, but newer features in each library are not present in the other. -- -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Evaluation of OpenSSL stack software
On Fri, Dec 22, 2017 at 7:23 PM, Viktor Dukhovni wrote: > > > > On Dec 22, 2017, at 10:21 PM, J Decker wrote: > > > > I would also suggest check out LibreSSL which uses the same API as > OpenSSL > > Very similar to OpenSSL 1.0.2, plus its own extensions. That's not exactly > "same". > The same in that I can link/compile against either and not change any application code... not speaking of internals, just the API. > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Evaluation of OpenSSL stack software
> On Dec 22, 2017, at 10:21 PM, J Decker wrote: > > I would also suggest check out LibreSSL which uses the same API as OpenSSL Very similar to OpenSSL 1.0.2, plus its own extensions. That's not exactly "same". -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Evaluation of OpenSSL stack software
On Fri, Dec 22, 2017 at 4:44 AM, Jan Graczyk wrote: > Hello OpenSSL-Users, > > > > I am actually evaluating OpenSSL stack software to be possibly used in my > company next generation products. We would like to have a secure connection > between our device TCP/IP stack and web server which already has SSL server > running. I am looking for a benchmarks of OpenSSL client running on ARM > Cortex-M3 based processor. I would appreciate very much feedback from you. > Thank you. > > > I would also suggest check out LibreSSL which uses the same API as OpenSSL but was easier to build (not requiring perl) and supports CMake. > Best Regards > > *Jan Graczyk* > > Embedded Software Developer – Embedded Software Poland > -- > > Tel: +48 535 045 515 <+48%20535%20045%20515> > > Tel2: +49-89-673460-635 <+49%2089%20673460635> > > E-Mail: j.grac...@telic.de > > Web:www.telic.de > > *Telic AG* > > Raiffeisenallee 12b > > 82041 Oberhaching > > Germany > > [image: cid:image003.png@01D2336E.70B45010] > -- > > Local Court Munich, Register Number: HRB 143 723 | Vorstandsvorsitzender: > Dr. Ditmar Prigge; Vorstand: Frank Heineck > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Evaluation of OpenSSL stack software
Jan Graczyk wrote: > I am actually evaluating OpenSSL stack software to be possibly used in > my company next generation products. We would like to have a secure > connection between our device TCP/IP stack and web server which already > has SSL server running. I am looking for a benchmarks of OpenSSL client > running on ARM Cortex-M3 based processor. I would appreciate very much > feedback from you. Thank you. I think you'll need to be far specific. If you want to know bulk AES128 performance, then maybe this will help: https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf What compiler? What MHZ? What kind of RAM? The above paper uses mbedTLS (which used to be PolarSSL, but ARM bought it). The bulk rates are likely comparable. I don't have any data, but a google searched found a variety of papers. Fitting openssl into an M3's code space can be easy or hard depending on many factors. If you are concerned about setup times, then what method are you using to authenticate? (RSA? ECDSA? PSK? Raw Public Key) > Best Regards > Jan Graczyk > Embedded Software Developer – Embedded Software Poland > -- > Tel: +48 535 045 515 Telic AG cid:imag > Tel2: +49-89-673460-635 Raiffeisenallee 12b > E-Mail: j.graczyk@telic.de82041 Oberhaching > Web: www.telic.de Germany cid:image003.png@01D2336E.70B45010 > -- -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ signature.asc Description: PGP signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users