Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What would you recommend that isn't derived from the OpenSSL codebase, for C projects that can't use OpenSSL for license reasons?

Your recommendation for TLS elsewhere in the thread was:

> You should use BoringSLL, LibreSSL, Go crypto/tls, or OpenSSL, in roughly that order.

Three of those are based on OpenSSL, and Go crypto/tls presumably only works with Go.



Porting to Windows and using schannel.

Sorry.


Guess I'll be sticking to GnuTLS then, if there's no better option available for GPLed projects to use.


Another option is wolfSSL (https://wolfssl.com/wolfSSL/Home.html) which is GPL-compatible, but also has a commercial license option. They have an OpenSSL compatibility layer, but are not a derivative of OpenSSL.

My experience with their software has been very positive, and they have avoided the majority of recent insecurities. Plus they have great support for anyone working on open source projects.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: