Presented at NorthSec 2017
BearSSL is a novel SSL/TLS library optimised for constrained systems, aiming at small code footprint and low RAM usage. The talk is about presenting the library in its context, and delving into what makes a good SSL implementation and how BearSSL does it.
- Why SSL?
- Why yet another SSL library?
- Project goals: secure, embeddable, modular, extensible, pedagogical
- Secure crypto
- Default suite choices
- Constant-time implementations
- Catalog of SSL attacks and defences
- Implementing in fixed, small RAM
- Streaming vs buffering
- The T0 story
- X.509 certificate validation
- Why SSL sucks and how to fix it
Thomas Pornin is a prominent member of the InfoSec community, and holds a PhD in cryptography. He is the author of the BearSSL library and the TestSSLServer scanning tool; as a cryptographer, he invented the PHC candidate Makwa, and has previously participated in the AES, eSTREAM and SHA-3 competitions.