A classic survey is available there, but of course these things tend to change over time, as the law makers try to keep pace with the unrelenting scientific and technological progress.īearSSL was written in Canada and is distributed from a server located on Canadian soil. Basically, I have put it in every source file, so just keep it there.Īpart from the usage license, BearSSL implements cryptographic algorithms for which import, export, distribution and usage is subject to many subtleties that depend on the jurisdiction. The license terms say that the copyright notice “shall be included in all copies or substantial portions of the Software”: this is how the disclaimer is “made explicit”. The only obligation that the license terms put upon you is that you acknowledge and make it clear that if anything breaks, it is not my fault, and I am not liable for anything, regardless of the type and amount of collateral damage. You can use and reuse the library as you wish, and modify it, and integrate it in your own code, and distribute it as is or in any modified form, and so on. The whole of BearSSL is published under the MIT License. Versions are “released” when some specific milestones are reached. Updates first appear in the Git repository, so cloning it is the right way to follow day-to-day development. Older releases can be obtained from the change log.įinally, the source tree can be explored through a Gitweb-powered interface. Installation instructions are contained therein.īearSSL source code for released versions can also be downloaded as an archive: bearssl-0.6.tar.gz The source code is available as a Git repository, cloneable through the following command: git clone The “patch” component of a version number is for fixes that maintain compatibility and do not add any feature. It is expected that successive 0.x versions will be incompatible with each other: API will change as some features are stabilised. The “major 0” line explicitly denies any such guarantee. Such guarantees are not offered across major version numbers. ![]() Backward compatibility, both at source and binary levels, should be maintained within the same major version this means that, for instance, version 2.17 may contain more features than 2.14, but application code written for version 2.14 should be compilable with version 2.17, and code which was compiled against version 2.14 should be linkable against version 2.17. Use in production applications is, in any case, at your own risk. There is no such thing as bug-free code, and I won’t claim that there is none in BearSSL only that I looked real hard. It is now considered beta-quality software: it successfully passes extensive test suites, and while not all intended features are present, new features should imply no breaking changes in API or ABI 1. SSL/TLS has many defined cipher suites and extensions BearSSL should implement most of them, and allow extra algorithm implementations to be added afterwards, possibly from third parties.Ĭurrent version is 0.6. BearSSL targets not only “big” operating systems like Linux and Windows, but also small embedded systems and even special contexts like bootstrap code.īe feature-rich and extensible. For instance, a minimal server implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM.īe highly portable. In particular, insecure protocol versions and choices of algorithms are not supported, by design cryptographic algorithm implementations are constant-time by default.īe small, both in RAM and code footprint. It aims at offering the following features:īe correct and secure. ![]() BearSSL is an implementation of the SSL/TLS protocol ( RFC 5246) written in C.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |