mbed TLS
Lua error in package.lua at line 80: module 'strict' not found.
| Developer(s) | Paul Bakker |
|---|---|
| Stable release | 2.2.1 (January 4, 2016 [1]) [±] 2.1.4 (January 4, 2016 [1]) [±] |
| Preview release | 1.4 DTLS preview (February 16, 2015[2]) [±] |
| Written in | C |
| Operating system | Multi-platform |
| Type | Security library |
| License | Apache 2.0 (GPLv2 is still available that was the default previously or proprietary; PolarSSL has a GPL linking exception for free software.[3] |
| Website | https://tls.mbed.org/ |
mbed TLS (previously PolarSSL) is a dual-licensed Apache 2.0 (with GPLv2 also available) implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. Since version 2.0, SSL is disabled by default. Stated on the website is that mbed TLS aims to be "easy to understand, use, integrate and expand".
Contents
History
The PolarSSL SSL library is the official continuation fork of the XySSL SSL library. XySSL was created by the French "white hat hacker" Christophe Devine and was first released on November 1, 2006, under GPL and BSD licenses. In 2008, Christophe Devine was no longer able to support XySSL and allowed Paul Bakker to create the official fork, named PolarSSL.[4] In November 2014, PolarSSL was acquired by ARM Holdings.[5]
In 2011, the Dutch government approved an integration between OpenVPN and PolarSSL, which is named OpenVPN-NL. This version of OpenVPN has been approved for use in protecting government communications up to the level of Restricted.[6]
As of the release of version 1.3.10, PolarSSL has been rebranded to mbed TLS to better show its fit inside the mbed ecosystem.[7] It was also announced that the licence would change from GPL to Apache License later in 2015 (with a goal of before October).[8]
Library
The core SSL library is written in the C programming language and implements the SSL module, the basic cryptographic functions and provides various utility functions. Unlike OpenSSL and other implementations of TLS, mbed TLS is designed to fit on small embedded devices, with the minimum complete TLS stack requiring under 60KB of program space and under 64 KB of RAM. It is also highly modular: each component, such as a cryptographic function, can be used independently from the rest of the framework. Versions are also available for Microsoft Windows and Linux. Because mbed TLS is written in the C programming language, without external dependencies, it works on most operating systems and architectures without any trouble.
Later versions of PolarSSL than 1.3.0, add abstraction layers for memory allocation and threading to the core "to support better integration with existing embedded operating systems".[9]
Design priorities
The mbed TLS library expresses a focus on readability of the code, documentation, automated regression tests, a loosely coupled design and portable code.[10]
Development documentation
The following documentation is available for developers:
- High Level Design;[11] This document provides a high level description of the different modules inside the library, with UML diagrams, use cases and interactions in common scenarios.
- API documentation;[12] The API documentation is Doxygen-generated documentation from the header files of the library.
- Source code documentation;[13] The source code of the library is documented to clarify structures, decisions and code constructs.
Automated testing
mbed TLS provides automated testing of the code and of PolarSSL's compatibility as follows:
- A test framework is included with the source code that contains over 5000 automated tests (based on the number of tests in version 1.3.2 of the library) to test for regressions and compatibility on different platforms.
- A continuous integration system based on Buildbot[14]
- A compatibility script (compat.sh[15]) that tests compatibility of SSL communication with OpenSSL.
Use
mbed TLS is used as the SSL component in large open source projects:
- OpenVPN and OpenVPN-NL
- Hiawatha
- PowerDNS
- Monkey HTTP Server
Platforms
mbed TLS is currently available for most Operating Systems including Linux, Microsoft Windows, OS X, OpenWrt, Android, iOS and FreeRTOS. Chipsets supported at least include ARM, x86, PowerPC, MIPS.
Algorithms
mbed TLS supports a number of different cryptographic algorithms:
- Ciphers
- AES, Camellia, DES, RC4, RC5, Triple DES, XTEA, Blowfish
- Cryptographic hash functions
- MD5, MD2, MD4, SHA-1, SHA-2
- Public-key cryptography
- RSA, Diffie-Hellman key exchange, Elliptic curve cryptography (ECC), Elliptic curve Diffie–Hellman (ECDH), Elliptic Curve DSA (ECDSA)
See also
.svg){kind=logo}
- Transport Layer Security
- Comparison of TLS implementations
- POSSE project
- GnuTLS
- Network Security Services
- wolfSSL (previously CyaSSL)
- MatrixSSL
- OpenSSL
References
- ↑ 1.0 1.1 1.2 1.3 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ https://tls.mbed.org/foss-license-exception
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ [1][dead link]
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
External links
| Email clients | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Secure Messaging |
|
||||||||||||||
| Disk encryption (Comparison) |
|||||||||||||||
| Anonymity | |||||||||||||||
| Cryptographic file systems | |||||||||||||||
| Educational | |||||||||||||||
| Related topics | |||||||||||||||
