BearSSL is a novel SSL/TLS library optimised for constrained systems, aiming at small code footprint and low RAM usage. The talk is about presenting the library in its context, and delving into what makes a good SSL implementation and how BearSSL does it.
– Why SSL?
– Why yet another SSL library?
– Project goals: secure, embeddable, modular, extensible, pedagogical
– Secure crypto
– Default suite choices
– Constant-time implementations
– Catalog of SSL attacks and defences
– Implementing in fixed, small RAM
– Streaming vs buffering
– The T0 story
– X.509 certificate validation
– Why SSL sucks and how to fix it
Thomas Pornin is a prominent member of the InfoSec community, and holds a PhD in cryptography. He is the author of the BearSSL library and the TestSSLServer scanning tool; as a cryptographer, he invented the PHC candidate Makwa, and has previously participated in the AES, eSTREAM and SHA-3 competitions.