BearSSL: SSL For all Things

Presented at NorthSec 2017, Unknown date/time (Unknown duration)

BearSSL is a novel SSL/TLS library optimised for constrained systems, aiming at small code footprint and low RAM usage. The talk is about presenting the library in its context, and delving into what makes a good SSL implementation and how BearSSL does it. Talk structure: - Why SSL? - Why yet another SSL library? - Project goals: secure, embeddable, modular, extensible, pedagogical - Secure crypto - Default suite choices - Constant-time implementations - Catalog of SSL attacks and defences - Implementing in fixed, small RAM - Streaming vs buffering - The T0 story - X.509 certificate validation - Why SSL sucks and how to fix it

Presenters:

• Thomas Pornin
  Thomas Pornin is a prominent member of the InfoSec community, and holds a PhD in cryptography. He is the author of the BearSSL library and the TestSSLServer scanning tool; as a cryptographer, he invented the PHC candidate Makwa, and has previously participated in the AES, eSTREAM and SHA-3 competitions.

Links:

• https://www.nsec.io/2017/02/bearssl-ssl-for-all-things/
• https://www.youtube.com/watch?v=04ZPg1bYRu4

Similar Presentations:

• THOTCON 0x1 (2010) / How Everyone Screws Up SSL
• Notacon 8 (2011) / SSL Wars - The Dark Side of SSL
• Black Hat USA 2010 / State of SSL on the Internet: 2010 Survey, Results and Conclusions