Amazon have just announced a completely new implementation of TLS. By avoiding all the history and ignoring features that they don't need the code has been cut by a factor of 10 when compared with the equivalent part of OpenSSL. OpenSSL or some other crypto library is still needed, but this is surely worth a look for future use with LDAP:
http://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a-N... https://github.com/awslabs/s2n/blob/master/README.md
Andrew
Andrew Findlay wrote:
Amazon have just announced a completely new implementation of TLS. By avoiding all the history and ignoring features that they don't need the code has been cut by a factor of 10 when compared with the equivalent part of OpenSSL. OpenSSL or some other crypto library is still needed, but this is surely worth a look for future use with LDAP:
http://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a-N... https://github.com/awslabs/s2n/blob/master/README.md
I've used PolarSSL in the past, for tighter memory constrained projects. They're so good at what they do that ARM bought them.
It's also a complete crypto library, not just the TLS protocol implementation.
Kinda wonder why Amazon wasted their time on this one. libcurl currently supports 11 different TLS implementations (and I wrote the modular framework for all of them). The world really didn't need another one.
On Thu, 2 Jul 2015 16:21:04 +0100 Howard Chu wrote:
Kinda wonder why Amazon wasted their time on this one. libcurl currently supports 11 different TLS implementations (and I wrote the modular framework for all of them). The world really didn't need another one.
Google is just copying a chapter out of Microsoft's play book. They take a standard, rewrite it under the guise of "improving and furthering its development" and then by virtue of their size, force everyone else to follow.
It seems that while Microsoft has been moving away from this process, Google has decided to embrace it.
Just one more reason I avoid Google whenever possible,
On 02/07, Jerry wrote:
On Thu, 2 Jul 2015 16:21:04 +0100 Howard Chu wrote:
Kinda wonder why Amazon wasted their time on this one. libcurl currently supports 11 different TLS implementations (and I wrote the modular framework for all of them). The world really didn't need another one.
Google is just copying a chapter out of Microsoft's play book. They take a standard, rewrite it under the guise of "improving and furthering its development" and then by virtue of their size, force everyone else to follow.
It seems that while Microsoft has been moving away from this process, Google has decided to embrace it.
Just one more reason I avoid Google whenever possible,
Uh.. where did /anyone/ say anything about Google in this thread about Amazon's new TLS implementation?
openldap-technical@openldap.org
-
Andrew Findlay -
Howard Chu -
Jerry -
Johannes Löthberg