The Barracuda App Server includes SharkSSL, a super fast and small TLS client/server stack optimized for dealing with modern browsers and the requirements for fast asymmetric encryption.
Super Fast TLS with SharkSSL
TLS enabled web servers end up spending a considerable amount of time dealing with asymmetric encryption due to how the HTTP protocol works. Virtually no chip vendor provides hardware accelerated asymmetric encryption, and this is why we have created the best performing TLS big number library to perform the asymmetric calculations. The library is particularly fast on Cortex type CPUs, in which we provide an assembler optimized library. Check out the article Introduction to Asymmetric Algorithms if you are new to TLS or would like to get a deeper understanding of the importance of asymmetric encryption.
OK, we get it, security is boring, but TLS is a required component in any modern design, including products deployed within private networks (Intranets). Using an HTTP server or an HTTPS server with a non trusted certificate is equally bad as we explain in the tutorial How Anyone Can Hack Your Embedded Web Server . It is shockingly easy for an external adversary to hack web servers deployed within private networks.
The integrated Let's Encrypt module implements RFC-8555 and enables automatic and configuration less installation of trusted certificates. Dealing with Public Key Infrastructure (PKI) is usually too time consuming and difficult for end users, which usually end up using non trusted certificates and that is bad as explained above.
Check out the article Automatic Certificate Management for Devices for a deeper understanding of why easy trust management is so important.
LSP applications are usually deployed as ZIP files and the encrypted zip file plugin, powered by SharkSSL, prevents adversaries from extracting and inspecting your LSP/Lua source code.
We provide easy to use high level Lua APIs for most of the crypto API in SharkSSL. The crypto APIs enable easy construction of many of the modern authentication mechanisms such as JSON Web Signature (JWS) and Single Sign On using OpenID Connect.
We also support easy to use APIs for creating CA certificates and Certificate Signing Request (CSR), signing certificates, and more. These APIs may be used as an alternative to the Let's Encrypt plugin for end users that have the expertise in setting up their own PKI.
See the SharkSSL page for information on the included and optimized ciphers.