Hello everybody, My stuff is made with several components among which some are written in C. As I would like to add some security features, I am thinking of communicating over an SSL/TLS layer.
Could you advise me some good lib to do this (if possible) ?
We use axTLS which works great on both our server (.NET) and our embedded systems (Linux and uClinux). We had problems getting OpenSSL to work well on uClinux.
axTLS is not as feature complete as OpenSSL yet so make sure it meets your requirements before using it.
GnuTLS (Please note that it is mainly LGPL not GPL so you can link to it). At least I prefere it's API over OpenSSL.
Also there is Mozilla's NSS.
I would suggest not spending your time trying to implement an SSL function in your app. Instead, you could just use an existing SSL-tunnel software, which creates an SSL tunnel in front of your existing socket application.
Internet --- [SSLTunnel] --- Your App
For example, you could tell the SSL tunnel to listen on port 443 (https) and forward all decrypted packets to port 80 (http). For your custom application, it will just see decrypted packets.
There are plenty of free apps that do it. Just google for one.
CyaSSL would be an excellent choice to consider. This is an embedded SSL library written in C which has been optimized for speed and size. It can be up to 20 times smaller than OpenSSL, and can be quite a bit faster as well.
Among the feature list are a minimum size of 30-100kb and an OpenSSL compatibility layer. The full feature list can be found on the yaSSL website here:
http://www.yassl.com/yaSSL/Products_cyassl.html.
It is dual licensed under the open source GPLv2 as well as a commercial license (for support). It is updated very frequently with new features. I think one of the cool features is support for the RABBIT and HC-128 stream ciphers from the eStream project.