I'm noticing the developers often, maybe always, use openssl over mbedtls in their custom builds. Is there any obvious reason for this? More established standard? More reliable? Faster? Just curious. I used it in all of the custom builds I have compiled because I saw most developers opted for it over mbedtls. Is there much difference?
Like apache vs nginx to serve one html with one image from disk. Result is same but the shovel was completely different.
One important consideration is that OpenSSL takes considerable more amount of disk space, which is why OpenWrt defaults to Mbed TLS. OpenSSL is technically more feature-complete, so if you use it often from the command line this may be an advantage. The custom builds you've seen is most likely for devices not space constrained (say 32 MB or larger) which allows this switch.
For regular end-user usage I highly doubt you'll notice a difference.
3 Likes
I am having to much flash space and just tired of OpenWrt jumping in more or less big cycles between OpenSSL, Wolfssl and mbedtls to try keeping to old devices alive to long.
So I am running openssl on all ssl package setups.
1 Like
The main reason in the past was that openssl did support TLS 1.3 while mbedtls did not. That was compensated by using wolfssl in the past over mbedtls. But this changed a while ago and OpenWrt switched back to mbedtls.
Another factor why OpenSSL is used over others is that on those "high end" devices there is some sort of crypto hardware accelleration available. OpenSSL is the only candidate available to fit those needs.
Personally I made the experience that OpenSSL runs more stable for certain corner cases regarding wifi config which I would put into the category "more feature-complete".
5 Likes
I fully agree and do the same 
1 Like
Thanks to everyone. I'm always thinkering. Can't help myself.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.