Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 22, 2017
Joel Sing http://linux.conf.au/schedule/present... As anyone who has written code that implements a TLS client or server will know, many of the existing APIs (namely OpenSSL) are confusing, difficult to use and full of pitfalls for the unwary. Many security issues (and less serious bugs) are due to the mistakes made by human developers, while trying to navigate their way through the various function calls, return codes and missing functionality.
libtls is a component of the [LibreSSL project](http://www.libressl.org/); a project that started as a fork of OpenSSL following the infamous [heartbleed](http://www.heartbleed.com/) incident. While the general goals for LibreSSL are to modernise the codebase, improve security, and apply best practice development processes, libtls aims to completely rethink the TLS API.
This talk will cover some of the many issues with existing TLS/SSL APIs, prior to looking at how libtls has been designed to be different. The history of libtls will be discussed, before detailing the API development process that has been used, which has allowed the library to morph and improve over time. The set of rules that have been put in place to ensure that the API is as developer friendly as possible will be explained, followed by a discussion of the overall litmus test and proving ground that has been used during its design and development.