Comment by lmm
6 hours ago
Because as horrible as the OpenSSL code is, the best available clean implementation would mean using a language that's weird and French.
6 hours ago
Because as horrible as the OpenSSL code is, the best available clean implementation would mean using a language that's weird and French.
Do you mean HACL* / ValeCrypt / EverCrypt?
A number of projects like Firefox and the Linux kernel uses them. It's boring at that point. The generated code is C and assembly can be used like any library, but it has been formally verified.
But, there is ring and rustls too. A number of projects are shifting to it
Hah, I meant ocaml-tls which I think is still the most mature option in this space. But yeah there are other approaches.