<-- back to the mailing list

Minimal client

Michael Forney mforney at mforney.org

Thu Jul 2 01:37:36 BST 2020

- - - - - - - - - - - - - - - - - - - 

On 2020-07-01, Phil Leblanc <philanc at gmail.com> wrote:

--- BearSSL
- very nice code. An impressive feat for a one-man project (Thomas
Pornin)
- not yet at TLS-1.3. The code looks maintained but I don't know if
it is actively developed. I saw no sign of ed25519 cert signing, but
may be wrong here.
- code size: the whole libbearssl.a is ~ 860KB, basic client and
server examples are in the 150KB range, which is very nice.

Have you looked at the TLS 1.3 page (https://bearssl.org/tls13.html)?It suggests that support for TLS 1.3 is planned, but there are someobstacles with Ed25519 that require more memory usage (buffering thecomplete certificate) and code size increase. I think it is a littleout of date since RSA/PSS is now implemented in BearSSL, but you'reright that there hasn't been much development for TLS 1.3 in a while.I'm hopeful that it will eventually be implemented.

So if Ed25519 is what gemini servers are settling on for theircertificates, then BearSSL is probably not a good option until supportis available. Though, ECDSA uses comparable key/signature sizes and Ibelieve it is fairly widely supported, so I think BearSSL would workquite well for that.

I'm not sure if there are any existing gemini clients using libtls,but if there are, you might be interested inhttps://git.sr.ht/~mcf/libtls-bearssl. You could get a much smallerstatically linked binary by just linking against libtls-bearsslinstead of libtls from LibreSSL.

-Michael