MbedTLS Support
Embedthis products including the Appweb and GoAhead web servers have supported a variety of SSL stacks for secure connectivity including: OpenSSL, MbedTLS, MatrixSSL and NanoSSL. However, this has often required separately downloading and building the SSL software. For some SSL stacks, this can be a long and non-trivial exercise to build the SSL stack for your selected operating system.
SSL is increasingly becoming mandatory and not just an option. Securely authenticating users and controlling access to a management interface requires SSL. Further, the emerging HTTP/2 protocol will use SSL by default. Consequently, we have been searching for a simpler way to offer secure SSL connectivity out-of-the-box.
Problems with some SSL Stacks
There are several problems with some existing SSL stacks, especially OpenSSL.
- Large code size and memory footprint. OpenSSL is well over 1MB just for SSL.
- Poorly written code that is hard to maintain. The dirty little secret is that OpenSSL has been hacked by many people over a long period of time — and it shows.
- Hard to build on some operating systems and many embedded operating systems are not supported at all. OpenSSL is very difficult to port.
MbedTLS Advantages
MbedTLS has been designed for embedded use. It is much smaller, simpler and better written. The code is thus easier to maintain and support. Here are some of its features:
- Small footprint (less that 20% the size of OpenSSL)
- Simple high-level API
- Cleanest code of any SSL stack
- Good documentation and clear samples
- Easy single file amalgamated build
- Easy to port to new systems
- Apache license that can be used in open source and commercial products
Use in Embedthis Software
By integrating MbedTLS into Embedthis products, we gain a small, fast and secure SSL capability that is configured by default. We have integrating MbedTLS into the following products:
- Appweb Web Server
- GoAhead Web Server
- Ejscript JavaScript
- ESP Web Framework
- Makeme Build Tool
- Pak Package Manager
- Expansive Web Tooling
Still want to use OpenSSL or another SSL Stack?
If you don’t want to use MbedTLS, you can use the configure program to select an SSL stack of your choice when building Embedthis products. Just use:
./configure --with openssl
or
./configure --with openssl=/path/to/openssl
Update
If you like Appweb, you’ll love our newest EmbedThis Ioto device agent. It incorporates everthing we’ve learned from Appweb over 20 years of developing device management software. We now recommend all customers with new devices use Ioto for local and cloud-based device management needs.
{{comment.name}} said ...
{{comment.message}}