Integrated SSL/TLS Client and Server


The Barracuda App Server includes SharkSSL, a super fast and small TLS client/server stack optimized for dealing with modern browsers and the requirements for fast asymmetric encryption.

We also provide optional integration with OpenSSL for HTTPS server connections.


Super Fast TLS with SharkSSL

TLS enabled web servers end up spending a considerable amount of time dealing with asymmetric encryption due to how the HTTP protocol works. Virtually no chip vendor provides hardware accelerated asymmetric encryption, and this is why we have created the best performing TLS big number library to perform the asymmetric calculations. The library is particularly fast on Cortex type CPUs, in which we provide an assembler optimized library. Check out the article Introduction to Asymmetric Algorithms if you are new to TLS or would like to get a deeper understanding of the importance of asymmetric encryption.

Trusted HTTPS server YES; non-trusted HTTPS or HTTP Server NO

OK, we get it, security is boring, but TLS is a required component in any modern design, including products deployed within private networks (Intranets). Using an HTTP server or an HTTPS server with a non trusted certificate is equally bad as we explain in the tutorial How Anyone Can Hack Your Embedded Web Server . It is shockingly easy for an external adversary to hack web servers deployed within private networks.

Integrated Let's Encrypt Support

The integrated Let's Encrypt module implements RFC-8555 and enables automatic and configuration less installation of trusted certificates. Dealing with Public Key Infrastructure (PKI) is usually too time consuming and difficult for end users, which usually end up using non trusted certificates and that is bad as explained above.

Let's Encrypt DNS Service

Check out the article Automatic Certificate Management for Devices for a deeper understanding of why easy trust management is so important.


Encrypted ZIP files

LSP applications are usually deployed as ZIP files and the encrypted zip file plugin, powered by SharkSSL, prevents adversaries from extracting and inspecting your LSP/Lua source code.

Super Easy to use Crypto Library

We provide easy to use high level Lua APIs for most of the crypto API in SharkSSL. The crypto APIs enable easy construction of many of the modern authentication mechanisms such as JSON Web Signature (JWS) and Single Sign On using OpenID Connect.

Certificate Management

We also support easy to use APIs for creating CA certificates and Certificate Signing Request (CSR), signing certificates, and more. These APIs may be used as an alternative to the Let's Encrypt plugin for end users that have the expertise in setting up their own PKI.

SharkSSL

See the SharkSSL page for information on the included and optimized ciphers.