What is a good embedded TLS library? (Cyassl vs Polarssl vs Matrixssl) [closed]

Question

I have looked around for good SSL/TLS libraries that support TLS 1.2

I also want to use this library on an embedded platform so it should be small, easy, secure and free. It should be a c/c++ library.

So far i have come across Cyassl, Polarssl Matrixssl a lot so i think that one of these should be a good choice (Openssl is way too big).

Now i would like to know why people use one over the other.

Thanks

Answer 1

Ok.. Just for starters they all do the same. All three can run on embedded platforms. The difference is where their focus is.

From my personal experience:

• PolarSSL has loads of documentation, an understandable API, examples, and gives you the ability to actually delve into the code and understand what is happening. In my experience this is a great plus in case you need to debug a specific issue. They only provide Makefile / CMake / MSVC project files, so the task to include it in your embedded environment is yours.

• Cyassl's code is harder to understand and tweak. But they have more pre-made Makefiles for specific development platforms. Depending on your environment this might weigh in (for me it rarely does). In a number of comparisons I did as a subcontractor, they are pricier than PolarSSL though.

• Pick MatrixSSL if you don't have budget constraints ;) Definitely the priciest of all and I found no specific reasons to actually use it though in comparison to the alternatives..

With the whole NSA / PRISM thing around: If you want something specifically built in the US, then Cyassl is the best choice. If you want something non-US, PolarSSL is the only sane choice.

So if by free you mean: I'm going to use it in an Open Source project, then price does not matter. The verdict from the community: PolarSSL has good adoption in OpenVPN, Cyassl in MySQL.