A Comparison of Popular Open Source Libraries Implementing the SSL/TLS Protocols With Particular Focus on Compatibility, Security, and Performance. u Richard Joy Motivation u Open source software is a valuable resource for developers. Open source software is usually: u Free u Financial u Usage u Compatible u Source can be compiled for many platforms u Verifiab le u Source can be reviewed by anyone Motivation u TLS (and previously, SSL) is widely used for encrypted communications across networks u Web sites u VPN u SSH u Evolution over time u SSL->SSLv2->SSLv3->TLS->TLS1.1->TLS1.2 u Different “flavors” u Key exchange u Symmetric algorithms used Implementations u OpenSSL – Most popular u GnuTLS – Written to comply with the GPL u NSS – Maintained by Mozilla (Firefox) u MatrixSSL – Designed for embedded systems u JSSE – Java implementation (mobile devices) Criteria u Compatibility u Licensing u Prerequisites u Security u Accredited u Remediation u Performance u Common operations Compatibility License Type Technical Dependencies OpenSSL Dual (OpenSSL/Eric Standard C libraries Young) GnuTLS LGPLv2.1 Standard C libraries, nettle, gmplib NSS MPLv2 Netscape Portable Runtime (NSPR) JSSE GPLv2 (OpenJDK) JVM MatrixSSL GPL or Commercial Reduced set of standard C libraries Common Licensing Requirements u Source code must be provided u Copyright notices must be included u Must obey export restrictions u Derivative works placed under the same license Security - Contributors u OpenSSL – Maintained by the OpenSSL Foundation u Contributions are accepted by review process u GnuTLS - Copyright held by the Free Software Foundation u Currently maintained by Nikos Mavrogiannopoulos u Multiple other contributors u NSS – Maintained by Mozilla u MatrixSSL – Maintained by PeerSec Networks u JSSE – Maintained by Oracle under the OpenJDK project u Multiple other contributors Security – NIST FIPS 140-2 u OpenSSL provides a FIPS 140-2 accredited module. u Must be built and used in exactly the way it was evaluated by NIST. u Difficult to use without re-accreditation u Expensive ($50,000+) Security – NIST RSA Validation u Per implementation – Implementations have been validated using: u OpenSSL u GnuTLS u NSS u MatrixSSL u JSSE (Java) Security – NIST AES Validation u Per Implementation – Implementations have been validated using: u OpenSSL u GnuTLS u NSS u MatrixSSL u JSSE (Java) Performance - Asymmetric Signing a message using SHA256 and a 2048-bit RSA key Performance – Symmetric, Short Encrypting a 127-bit message with AES, using a 256-bit key Performance – Symmetric, Medium Encrypting a 1024-bit message with AES, using a 256-bit key Performance – Symmetric, Long Encrypting a 65536-bit message with AES, using a 256-bit key Conclusions u Similar licensing schemes u Differ largely in how derivative works are licensed u Dependencies widely available u Embedded applications may not have standard system calls u Mobile devices more likely to be compatible with JSSE Conclusions u All backed by cohesive organization u NSS and MatrixSSL show limited evidence of outside contributors u Standard Validations u OpenSSL provides FIPS 140-2 module u JSSE not specifically mentioned by NIST, some Java projects have been validated Conclusions u OpenSSL performed well in symmetric and asymmetring testing u MatrixSSL was a disappointing performer..