Hi all,
Le 20/08/2014 01:14, Lukas Tribus a écrit :
Hi Thomas,
In fact the boringssl build is not optimized for production use, it
would need some manual changes before building.
What about polarssl or cyassl ? Whats your opinion about that if you
going to reduce footprint (e.g. size if the lib)
I don't have a strong opinion about it, the size of the lib is usually
not a problem (expect in embedded environments).
Interesting is the per SSL/TLS session memory consumption, and this
is where I believe Cyassl may be able to challenge OpenSSL.
On the other hand we will probably not see bleeding edge cryptographic
features in Polarssl or Cyassl, while with a library that is heavily
internally used by Google and most of the CDNs you do benefit from their
development efforts.
Whats important is to have a choice, but unfortunately, applications are
strongly married to their libcrypto's because each library has its own API,
there is no standardization.
So, if we want to test application X with librcryto Z instead of the default
libcrypto Y, we need to implement libcrypto Z's API in the application first.
Benchmarking different libraries is therefor limited to application support.
Cyassl is AFAIK a possible candidate for HAProxy (as an alternative to
OpenSSL).
For the record, Emeric Brun made some experiments with CyaSSL in the
early development of SSL in haproxy 1.5.
http://permalink.gmane.org/gmane.comp.web.haproxy/10108
https://github.com/EmericBr/haproxy-yassl
--
Cyril Bonté
