BearSSL - SSL for All Things

Explore the innovative BearSSL SSL/TLS library optimized for constrained systems in this comprehensive conference talk. Delve into the context of BearSSL, examining what constitutes a good SSL implementation and how BearSSL achieves it. Learn about the project's goals, including security, embeddability, modularity, extensibility, and pedagogical aspects. Discover the importance of SSL, the rationale behind creating a new SSL library, and the implementation of secure cryptography. Examine default suite choices, constant-time implementations, and a catalog of SSL attacks and defenses. Understand the challenges of implementing SSL in fixed, small RAM environments, comparing streaming vs buffering approaches. Investigate the T0 story, X.509 certificate validation, and critically analyze SSL's shortcomings and potential solutions.

Thomas Pornin - BearSSL: SSL For all Things