ESP32 Forum

Some basic SSL Questions, which I am having trouble with...

1. What is the difference between OpenSSL vs mbedTLS, as used in the ESP-IDF sdk? It looks like mbedTLS has additional crypto libraries as well.

2. Why do both libraries need to be included in the SDK? Sometimes I see examples using OpenSSL, while other times mbedTLS is used. When should I used one vs the other?

3. looks like mbedTLS is standard in embedded, and also seems to have more options than OpenSSL.. so why do we need OpenSSL?

Thanks

Thanks WiFive. It looks like "esp-idf/components/openssl/platform/" wraps mbedtls to make it look like openssl.
Seems its easier to use the openssl API, but it gives less control and is less efficient than directly using mbedtls.

hassan789 wrote: Seems its easier to use the openssl API, but it gives less control and is less efficient than directly using mbedtls.

This is 100% correct. The OpenSSL wrapper exists to allow some OpenSSL-based code to be directly ported to ESP-IDF. However for all other purposes it's better to use mbedTLS directly.

nice answer from ESP_Angus - but why there is no https_mbedtls server example? If mbedtls is the library to prefer I would expect that there are more and better examples...

Its been my experience that the rich and detailed documentation supplied by ARM for mbedtls has been great. Here are a slew of example programs that I have used for reference when working with mbedtls.

https://github.com/ARMmbed/mbedtls/tree ... t/programs

I have the suspicion that mbedtls in ESP-IDF is a faithful port/hosting of general mbedtls and hence the thinking is that since mbedtls is exists outside of ESP32, all knowledge relating to using mbedtls in the wild would be applicable to ESP32.