BearSSL, linked by libtls_bearssl which is used by sock for TLS.
- no TLS sessions (bearssl has them but they aren’t wrapped by libtls_bearssl) so if you’re a client you might want to keep-alive your connections.
- No TLS 1.3, and no wonder.
- No CRL or OCSP, but you wouldn’t want to use those anyway, these are silly things, browsers don’t use them anymore. Use OneCRL for this which is also a hack but at least it scales.
- No DHE by design (use ECDHE).
2 years ago
Edit on GitHub