OpenSSL can seem like a great idea when considering security options for networked devices. Open source secure sockets layer alternatives are widely used, readily available, and best of all, they’re free!
But are they, really?
Mocana NanoSSL is specifically developed for embedded devices. At first glance, choosing between “free” and “something I have to pay for” can seem like an easy choice, but in reality, “free” can wind up costing you much, much more in the long run.
Some challenges of using OpenSSL in non-PC environments include:
Portability—OpenSSL was designed for desktop systems, and it was never designed to be “slim”. OpenSSL contains redundant code, resulting in a product often too bulky for memory-constrained devices. Porting can take days, or even weeks, to adapt the code to networked device platforms.
Maintenance—OpenSSL is a socket/stream interface that needs to hook directly into the open source function calls. With any new release, Open SSL needs to be re-coded, requiring further costly development time.
Security—An engineer without extensive crytpo experience can inadvertently create new holes and vulnerabilities in the application they are attempting to secure. Additionally, OpenSSL has a history of security implementation flaws; some that go many months before being fixed.
Quality—Open source code quality varies from project to project, and none of the projects integrate best-practices QA procedures. It’s strictly “use at your own risk”. That means when you’re integrating open source code into your commercial product, you don’t only have to test and debug your own code, you have to test and debug theirs as well.
Support—As a voluntary project, OpenSSL relies on mailing lists to take the place of professional documentation and support. When something goes wrong, there’s no one to call. You post a question in a forum, and then hope someone posts an answer.
In comparison, NanoSSL addresses these issues in a fast, lightweight package that is high on performance and incredibly easy to install.
NanoSSL was specifically designed and optimized for memory-constrained devices -- it has a considerably smaller footprint, and doesn’t require extensive adaptation to a non-PC environment.
NanoSSL’s API-based foundation is backwards compatible, and requires no time-consuming, repeated integration.
NanoSSL's accelerated SSL throughput typically performs 4x better than open source SSL.
NanoSSL is available off the shelf for dozens of operating systems, and with our clear documentation, NanoSSL can be ported to new OS’s in under two hours. NanoSSL’s optimized SSL can even run without an RTOS.
Mocana's developer support team is available 24/7/365 to answer any questions regarding SSL encryption, general device security design, or any product within the Mocana device security framework.
All of Mocana’s security products are continually monitored by our engineers – in the event that an issue arises that affects integrity, Mocana notifies customers, releases a patch, and will even send an entire new library, if needed – typically within hours.
When time, effort, and ongoing maintenance are factored in, NanoSSL has a demonstrably lower total cost of ownership than OpenSSL. It’s also much faster, much smaller, and much easier to deal with overall.
