OpenSSL VS BoringSSL. What is BoringSSL? How to install BoringSSL?

OpenSSL VS BoringSSL. What is BoringSSL? How to install BoringSSL?

 

SSL stands for Secure Socket Layer which is a cryptographic protocol which provides security of a website over internet communications. SSL provides a secure channel between two devices over the internet. If a website has SSL certificate installed SSL turns the website’s address from HTTP to HTTP’s in which ‘s’ stands for security. SSL supports the security principles such as encryption, Authentication and Data integrity. You can refer the following link for more information about SSL: https://www.interserver.net/tips/kb/working-ssl-types-ssl/

OpenLiteSpeed 1.4.26 version supports BoringSSL and TLS 1.3. BoringSSL is a fork of OpenSSL. OpenSSL is a software library used for applications that require secure communications over computer networks. OpenSSL contains an open source implementation of SSL and TLS protocols and it is also a general-purpose cryptography library. This library contains tools for generating private keys, CSRs, Checksums etc. There is no guarantee for API stability or ABI stability for BoringSSL and it is not designed for general use as OpenSSL. Currently BoringSSL is the SSL library in Chrome, Android, and other apps or programs. BoringSSL is a derivative of OpenSSL and is source compatible for the subset of OpenSSL retained.

 

OpenSSL VS BoringSSL

1) Return values

Most OpenSSL APIs return 1 on success and 0 or 1 on failure whereas BoringSSL return 1on success and 0 on failure. BoringSSL code may take advantage of the error-prone APIs and use! To check for errors.

2) Initialization

OpenSSL has a number of initialization functions which is used for setting up error strings, algorithms etc. All these functions are also existing in BoringSSL but these functions do nothing and they are not necessary.

3) Threading

OpenSSL has a number of APIs to configure threading callbacks and set up locks. Without initializing these, the library is not thread safe. BoringSSL calls threads and is always thread safe where the API guarantees it.

Both OpenSSL and BoringSSL are built into shared libraries, but OpenSSL doesn’t have visibility annotations. Symbols are not hidden in OpenSSL but BoringSSL built with hidden visibility. OpenSSL has a unique method of handling errors. It pushes the error to a queue which provides a stack trace. This stack trace is helpful in some cases, it is better for programmatic use. BoringSSL is no longer saves functions in the queue. It appears as OpenSSL_internal which is saved about 15KB.

 

How to install BoringSSL

To install BoringSSL on your server, please ssh to your server as root user and execute the following commands.

First you need to change directory to src.

 # cd /home/src

# git clone https://boringssl.googlesource.com/boringssl

# cd boringssl

# mkdir build

# cd build

# cmake

# make

 

LibreSSL

LibreSSL is another fork of OpenSSL which is designed to improve security, modernizing the codebase etc. It is an implementation of the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. It replaces OpenSSL on OpenBSD, OS etc. On some other systems. LibreSSL has some more security features and also throws some stuffs which was considered useless for the target platforms

 

If you need any further help, please reach our support department.

 

 

Leave a Reply