Ssl Lib

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of communications applications that support SSL, S/MIME, and other Internet security standards. For a general overview of NSS and the standards it supports, see Overview of NSS.

Libcrypto: a library of cryptography fundamentals libssl: a TLS library libtls: a new TLS library, designed to make it easier to write foolproof applications Various utilities such as openssl(1), nc(1), and ocspcheck(8). LibreSSL is supported financially by the OpenBSD Foundation and the OpenBSD Project. Please consider helping our efforts. When building a version of Qt linked against OpenSSL, the build system will attempt to link with libssl and libcrypt libraries located in the default location on the developer's system. This location is configurable: set the OPENSSLLIBS environment variable to contain the linker options required to link Qt against the installed library. NOTE: Openssl's int SSLlibraryinit(void) function (which is also aliased as SSLeayaddsslalgorithms, OpenSSLaddsslalgorithms and addsslalgorithms) is not re-entrant and multiple calls can cause a crash in threaded application. Net::SSLeay implements flags preventing repeated calls to this function, therefore even multiple. The mentioned libraries: OpenSSL, GnuTLS, NSS, wolfSSL, mbed TLS, Secure Channel, Secure Transport. More comparisons in the extensive feature-by-feature comparison on wikipedia. Curl's documentation of SSL problems. Please mail us corrections if this table is incorrect, or tell us other features we should compare!

Shared libraries

Network Security Services provides both static libraries and shared libraries. Applications that use the shared libraries must use only the APIs that they export. Three shared libraries export public functions:

  • The SSL library supports core SSL operations.
  • The S/MIME library supports core S/MIME operations.
  • The NSS library supports core crypto operations.

We guarantee that applications using the exported APIs will remain compatible with future versions of those libraries. For a complete list of public functions exported by these shared libraries in NSS 3.2, see NSS functions.

For information on which static libraries in NSS 3.1.1 are replaced by each of the above shared libraries in NSS 3.2 , see Migration from NSS 3.1.1.

Figure 1, below, shows a simplified view of the relationships among the three shared libraries listed above and NSPR, which provides low-level cross platform support for operations such as threading and I/O. (Note that NSPR is a separate Mozilla project; see Netscape Portable Runtime for details.)

Naming conventions and special libraries

Windows and Unix use different naming conventions for static and dynamic libraries:

WindowsUnix
static.lib.a
dynamic.dll.so or .sl

In addition, Windows has 'import' libraries that bind to dynamic libraries. So the NSS library has the following forms:

  • libnss3.so - Unix shared library
  • libnss3.sl - HP-UX shared library
  • libnss.a - Unix static library
  • nss3.dll - Windows shared library
  • nss3.lib - Windows import library binding to nss3.dll
  • nss.lib - Windows static library

NSS, SSL, and S/MIME have all of the above forms.

The following static libraries aren't included in any shared libraries

  • libcrmf.a/crmf.lib provides an API for CRMF operations.
  • libjar.a/jar.lib provides an API for creating JAR files.

The following static libraries are included only in external loadable PKCS #11 modules:

  • libnssckfw.a/nssckfw.lib provides an API for writing PKCS #11 modules.
  • libswfci.a/swfci.lib provides support for software FORTEZZA.

The following shared libraries are standalone loadable modules, not meant to be linked with directly:

  • libfort.so/libfort.sl/fort32.dll provides support for hardware FORTEZZA.
  • libswft.so/libswft.sl/swft32.dll provides support for software FORTEZZA.
  • libnssckbi.so/libnssckbi.sl/nssckbi.dll defines the default set of trusted root certificates.

Support for ILP32

Ssl Lib

In NSS 3.2 and later versions, there are two new shared libraries for the platforms HP-UX for PARisc CPUs and Solaris for (Ultra)Sparc (not x86) CPUs. These HP and Solaris platforms allow programs that use the ILP32 program model to run on both 32-bit CPUs and 64-bit CPUs. The two libraries exist to provide optimal performance on each of the two types of CPUs.

These two extra shared libraries are not supplied on any other platforms. The names of these libraries are platform-dependent, as shown in the following table.

SslSsl Lib
Platformfor 32-bit CPUsfor 64-bit CPUs
Solaris/Sparclibfreebl_pure32_3.solibfreebl_hybrid_3.so
HPUX/PARisclibfreebl_pure32_3.sllibfreebl_hybrid_3.sl
AIX (planned for a future release)libfreebl_pure32_3_shr.alibfreebl_hybrid_3_shr.a
Ssl library error

An application should not link against these libraries, because they are dynamically loaded by NSS at run time. Linking the application against one or the other of these libraries may produce an application program that can only run on one type of CPU (e.g. only on 64-bit CPUs, not on 32-bit CPUs) or that doesn't use the more efficient 64-bit code on 64-bit CPUs, which defeats the purpose of having these shared libraries.

On platforms for which these shared libraries exist, NSS 3.2 will fail if these shared libs are not present. So, an application must include these files in its distribution of NSS shared libraries. These shared libraries should be installed in the same directory where the other NSS shared libraries (such as libnss3.so) are installed. Both shared libs should always be installed whether the target system has a 32-bit CPU or a 64-bit CPU. NSS will pick the right one for the local system at run time.

Note that NSS 3.x is also available in the LP64 model for these platforms, but the LP64 model of NSS 3.x does not have these two extra shared libraries.

Ssl

What you should already know

Before using NSS, you should be familiar with the following topics:

  • Concepts and techniques of public-key cryptography
  • The Secure Sockets Layer (SSL) protocol
  • The PKCS #11 standard for cryptographic token interfaces
  • Cross-platform development issues and techniques

Where to find more information

For information about PKI and SSL that you should understand before using NSS, see the following:

Ssl Library For Java

For links to API documentation, build instructions, and other useful information, see the NSS Project Page.

As mentioned above, NSS is built on top of NSPR. The API documentation for NSPR is available at NSPR API Reference.

Why a tiny SSL library?

Most other SSL libraries are written for server and PC platforms. They assume that you have loads of RAM available, no limits on disk storage capacity and that you actually have a filesystem. mbed TLS does not! It has been designed to work on any system that can run C code from tiny sytems to powerhouse PCs.

Tiny SSL library

In order to get a small library, all code is written in readable and portable C code. The library is split up into a lot of small modules that each have their own dedicated functionality. This makes it easier to get from small to tiny, as parts can be disabled with ease.

Even our features have been designed to be disabled. mbed TLS can offer a full-fledged, standard-based, extension supporting, 100+ ciphersuite supporting SSL server, or a tiny dedicated SSL server just supporting the bare minimum to allow the client to connect.

Getting it small

This SSL library has been designed to be small out-of-the-box. Compared to other libraries we have less than 10% of their code base to implement the SSL library functionalities. That's why we call it a tiny SSL library.

Disabling modules and features

Ssl Library Error

All the different modules of this tiny SSL library can be disabled from a single configuration file, called config.h. A lot of different optional features can be disabled here as well. We give you the option to tailor your configuration so you allow just a single SSL ciphersuite out of all our supported ciphersuites (e.g. TLS-RSA-PSK-WITH-AES-256-GCM-SHA384) and the respective key exchange method (i.e. RSA-PSK), without needing to include code for other key exchanges.

Getting tinier

If tiny is not enough, you can get even smaller! The footprint of our library can get as small as under 30 Kb RAM and ROM footprint for a working SSL server or SSL client. We specifically made an article to help you to reduce the RAM / ROM footprint of your application if you need to get really small.

Additionally we can help you with tailored advice on getting tiny on your specific device environment.

Ssl Library In Python

Check out our other Features for more details!