libtls: Rethinking the TLS/SSL API
Friday 1:20 p.m.–2:05 p.m.
Target audience: Developer
As anyone who has written code that implements a TLS client or server will know, many of the existing APIs (namely OpenSSL) are confusing, difficult to use and full of pitfalls for the unwary. Many security issues (and less serious bugs) are due to the mistakes made by human developers, while trying to navigate their way through the various function calls, return codes and missing functionality.
libtls is a component of the LibreSSL project; a project that started as a fork of OpenSSL following the infamous heartbleed incident. While the general goals for LibreSSL are to modernise the codebase, improve security, and apply best practice development processes, libtls aims to completely rethink the TLS API.
This talk will cover some of the many issues with existing TLS/SSL APIs, prior to looking at how libtls has been designed to be different. The history of libtls will be discussed, before detailing the API development process that has been used, which has allowed the library to morph and improve over time. The set of rules that have been put in place to ensure that the API is as developer friendly as possible will be explained, followed by a discussion of the overall litmus test and proving ground that has been used during its design and development.
Joel is a computer scientist with almost 20 years of industry experience, including more than five years working as a Site Reliability Engineer with Google Australia. Over the years he has been is involved in various open source projects, including being an OpenBSD developer for nearly 10 years, a founder and lead developer for the LibreSSL project and a developer with the Go programming language. Joel has also spent time in academia and holds a PhD in Computer Science.