BearSSL is a novel SSL/TLS library optimised for constrained systems, aiming at small code footprint and low RAM usage. The talk is about presenting the library in its context, and delving into what makes a good SSL implementation and how BearSSL does it.

Talk structure: – Why SSL? – Why yet another SSL library? – Project goals: secure, embeddable, modular, extensible, pedagogical – Secure crypto – Default suite choices – Constant-time implementations – Catalog of SSL attacks and defences – Implementing in fixed, small RAM – Streaming vs buffering – The T0 story – X.509 certificate validation – Why SSL sucks and how to fix it