Bearssl

Jul 20, 2023

Implementation of TLS/SSL in C

BearSSL is an implementation of the SSL/TLS protocol RFC 5246 written in C. It aims at offering the following features

  • Be correct and secure. In particular, insecure protocol versions and choices of algorithms are not supported, by design; cryptographic algorithm implementations are constant-time by default.

  • Be small, both in RAM and code footprint. For instance, a minimal server implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM.

  • Be highly portable. BearSSL targets not only “big” operating systems like Linux and Windows, but also small embedded systems and even special contexts like bootstrap code.

  • Be feature-rich and extensible. SSL/TLS has many defined cipher suites and extensions; BearSSL should implement most of them, and allow extra algorithm implementations to be added afterwards, possibly from third parties.



Checkout these related ports:
  • Zzuf - Transparent application input fuzzer
  • Zlint - X.509 certificate linter
  • Zeronet - Decentralized websites using Bitcoin crypto and BitTorrent network
  • Zenmap - GUI frontend for the Nmap scanning utility
  • Zeek - System for detecting network intruders in real-time
  • Zaproxy - The OWASP zed attack proxy
  • Yubioath-desktop - GUI for displaying OATH codes with a Yubikey
  • Yubikey-personalization-gui - Graphical YubiKey personalization tool
  • Yubikey-manager-qt - Cross-platform application for configuring any YubiKey
  • Yubikey-agent - Seamless ssh-agent for YubiKeys
  • Yubico-piv-tool - Yubico PIV tool
  • Ylva - Command line password manager and file encryption program
  • Ykpers - Library and tool for personalization of Yubico's YubiKey
  • Ykclient - Yubico C client library
  • Yersinia - Layer 2 vulnerability scanner (switches, spanning tree, 802.1q ...)