BearSSL: SSL For all Things

Presented at NorthSec 2017, Unknown date/time (Unknown duration)

BearSSL is a novel SSL/TLS library optimised for constrained systems, aiming at small code footprint and low RAM usage. The talk is about presenting the library in its context, and delving into what makes a good SSL implementation and how BearSSL does it. Talk structure: - Why SSL? - Why yet another SSL library? - Project goals: secure, embeddable, modular, extensible, pedagogical - Secure crypto - Default suite choices - Constant-time implementations - Catalog of SSL attacks and defences - Implementing in fixed, small RAM - Streaming vs buffering - The T0 story - X.509 certificate validation - Why SSL sucks and how to fix it


  • Thomas Pornin
    Thomas Pornin is a prominent member of the InfoSec community, and holds a PhD in cryptography. He is the author of the BearSSL library and the TestSSLServer scanning tool; as a cryptographer, he invented the PHC candidate Makwa, and has previously participated in the AES, eSTREAM and SHA-3 competitions.


Similar Presentations: