localhost libtls: Rethinking the TLS/SSL API

Joel Sing
http://linux.conf.au/schedule/present...
As anyone who has written code that implements a TLS client or server will know,
many of the existing APIs (namely OpenSSL) are confusing, difficult to use and
full of pitfalls for the unwary. Many security issues (and less serious bugs)
are due to the mistakes made by human developers, while trying to navigate their
way through the various function calls, return codes and missing functionality.

libtls is a component of the [LibreSSL project]( http://www.libressl.org/); a
project that started as a fork of OpenSSL following the infamous
[heartbleed]( http://www.heartbleed.com/) incident. While the general goals for
LibreSSL are to modernise the codebase, improve security, and apply best practice
development processes, libtls aims to completely rethink the TLS API.

This talk will cover some of the many issues with existing TLS/SSL APIs, prior
to looking at how libtls has been designed to be different. The history of libtls
will be discussed, before detailing the API development process that has been
used, which has allowed the library to morph and improve over time. The set of
rules that have been put in place to ensure that the API is as developer friendly
as possible will be explained, followed by a discussion of the overall litmus
test and proving ground that has been used during its design and development.

localhost libtls: Rethinking the TLS/SSL API
43 Likes	43 Dislikes
3,554 views views	3.5K followers
Education Creative Commons Attribution licence (reuse allowed)	Upload TimePublished on 22 Jan 2017

Related keywords

lcare mexicana,camara de diputados,lca uanl,lcad,lca significado,lca virtual,lca arquitectos,lcai,local,l'carnitina,lca capital,lca pais,lca abogados y consultores,lcare mexicana s de rl de cv,lcat,alcatel,lcase,lcase vba,calidad,