A Comparison of Popular Open Source Libraries Implementing the SSL/TLS Protocols with Particular Focus on Compatibility, Security, and Performance

A Comparison of Popular Open Source Libraries Implementing the SSL/TLS Protocols With Particular Focus on Compatibility, Security, and Performance.

u Richard Joy Motivation

u Open source software is a valuable resource for developers. Open source software is usually:

u Free

u Financial

u Usage u Compatible

u Source can be compiled for many platforms u Verifiab le

u Source can be reviewed by anyone Motivation

u TLS (and previously, SSL) is widely used for encrypted communications across networks

u Web sites

u VPN

u SSH u Evolution over time

u SSL->SSLv2->SSLv3->TLS->TLS1.1->TLS1.2 u Different “flavors”

u Key exchange

u Symmetric algorithms used Implementations

u OpenSSL – Most popular u GnuTLS – Written to comply with the GPL u NSS – Maintained by Mozilla (Firefox) u MatrixSSL – Designed for embedded systems u JSSE – Java implementation (mobile devices) Criteria

u Compatibility

u Licensing

u Prerequisites u Security

u Accredited

u Remediation u Performance

u Common operations Compatibility

License Type Technical Dependencies

OpenSSL Dual (OpenSSL/Eric Standard C libraries Young)

GnuTLS LGPLv2.1 Standard C libraries, nettle, gmplib

NSS MPLv2 Netscape Portable Runtime (NSPR)

JSSE GPLv2 (OpenJDK) JVM

MatrixSSL GPL or Commercial Reduced set of standard C libraries Common Licensing Requirements u Source code must be provided u Copyright notices must be included u Must obey export restrictions u Derivative works placed under the same license Security - Contributors

u OpenSSL – Maintained by the OpenSSL Foundation

u Contributions are accepted by review process u GnuTLS - Copyright held by the Free Software Foundation

u Currently maintained by Nikos Mavrogiannopoulos

u Multiple other contributors u NSS – Maintained by Mozilla u MatrixSSL – Maintained by PeerSec Networks u JSSE – Maintained by Oracle under the OpenJDK project

u Multiple other contributors Security – NIST FIPS 140-2

u OpenSSL provides a FIPS 140-2 accredited module.

u Must be built and used in exactly the way it was evaluated by NIST.

u Difficult to use without re-accreditation

u Expensive ($50,000+) Security – NIST RSA Validation u Per implementation – Implementations have been validated using:

u OpenSSL

u GnuTLS

u NSS

u MatrixSSL

u JSSE (Java) Security – NIST AES Validation u Per Implementation – Implementations have been validated using:

u OpenSSL

u GnuTLS

u NSS

u MatrixSSL

u JSSE (Java) Performance - Asymmetric

Signing a message using SHA256 and a 2048-bit RSA key Performance – Symmetric, Short

Encrypting a 127-bit message with AES, using a 256-bit key Performance – Symmetric, Medium

Encrypting a 1024-bit message with AES, using a 256-bit key Performance – Symmetric, Long

Encrypting a 65536-bit message with AES, using a 256-bit key Conclusions

u Similar licensing schemes

u Differ largely in how derivative works are licensed u Dependencies widely available

u Embedded applications may not have standard system calls

u Mobile devices more likely to be compatible with JSSE Conclusions

u All backed by cohesive organization

u NSS and MatrixSSL show limited evidence of outside contributors u Standard Validations

u OpenSSL provides FIPS 140-2 module

u JSSE not specifically mentioned by NIST, some Java projects have been validated Conclusions

u OpenSSL performed well in symmetric and asymmetring testing u MatrixSSL was a disappointing performer.