OpenSSL vs mBedTLS

User avatar
hassan789
Posts: 134
Joined: Thu Jun 29, 2017 2:15 am

OpenSSL vs mBedTLS

Postby hassan789 » Fri Nov 24, 2017 4:37 am

Some basic SSL Questions, which I am having trouble with...

1. What is the difference between OpenSSL vs mbedTLS, as used in the ESP-IDF sdk? It looks like mbedTLS has additional crypto libraries as well.

2. Why do both libraries need to be included in the SDK? Sometimes I see examples using OpenSSL, while other times mbedTLS is used. When should I used one vs the other?

3. looks like mbedTLS is standard in embedded, and also seems to have more options than OpenSSL.. so why do we need OpenSSL?

Thanks

WiFive
Posts: 1980
Joined: Tue Dec 01, 2015 7:35 am

Re: OpenSSL vs mBedTLS

Postby WiFive » Fri Nov 24, 2017 5:46 am


User avatar
hassan789
Posts: 134
Joined: Thu Jun 29, 2017 2:15 am

Re: OpenSSL vs mBedTLS

Postby hassan789 » Sat Nov 25, 2017 6:06 pm

Thanks WiFive. It looks like "esp-idf/components/openssl/platform/" wraps mbedtls to make it look like openssl.
Seems its easier to use the openssl API, but it gives less control and is less efficient than directly using mbedtls.

ESP_Angus
Posts: 1225
Joined: Sun May 08, 2016 4:11 am

Re: OpenSSL vs mBedTLS

Postby ESP_Angus » Sun Nov 26, 2017 11:20 pm

hassan789 wrote:Seems its easier to use the openssl API, but it gives less control and is less efficient than directly using mbedtls.


This is 100% correct. The OpenSSL wrapper exists to allow some OpenSSL-based code to be directly ported to ESP-IDF. However for all other purposes it's better to use mbedTLS directly.

squonk11
Posts: 23
Joined: Wed Mar 01, 2017 6:53 pm
Location: Germany

Re: OpenSSL vs mBedTLS

Postby squonk11 » Tue Jul 17, 2018 7:30 pm

nice answer from ESP_Angus - but why there is no https_mbedtls server example? If mbedtls is the library to prefer I would expect that there are more and better examples...
"Wer glaubt etwas zu sein hat aufgehört etwas zu werden"
Sokrates

User avatar
kolban
Posts: 1683
Joined: Mon Nov 16, 2015 4:43 pm
Location: Texas, USA

Re: OpenSSL vs mBedTLS

Postby kolban » Thu Aug 09, 2018 11:35 pm

Its been my experience that the rich and detailed documentation supplied by ARM for mbedtls has been great. Here are a slew of example programs that I have used for reference when working with mbedtls.

https://github.com/ARMmbed/mbedtls/tree ... t/programs

I have the suspicion that mbedtls in ESP-IDF is a faithful port/hosting of general mbedtls and hence the thinking is that since mbedtls is exists outside of ESP32, all knowledge relating to using mbedtls in the wild would be applicable to ESP32.
Free book on ESP32 available here: https://leanpub.com/kolban-ESP32

Who is online

Users browsing this forum: No registered users and 12 guests