BoringSSL
boringssl.googlesource.com
1
Leaving SiteNav
External Link Disclaimer
You are about to visit boringssl.googlesource.com. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
BoringSSL is Google's fork of OpenSSL, created in 2014 to meet Google's specific needs for Chromium, Android, and Google's internal infrastructure. While OpenSSL aims for broad compatibility and stability, BoringSSL prioritizes simplicity, security, and rapid iteration, removing legacy code and deprecated APIs to reduce the attack surface. Unlike OpenSSL, BoringSSL is not intended as a general-purpose drop-in replacement and does not maintain long-term API/ABI stability, allowing the team to remove unused features and refactor aggressively. Key differences from OpenSSL include: removal of deprecated algorithms and protocol versions (no SSLv2, SSLv3, or TLS 1.0/1.1 support), simplified build system using CMake instead of autoconf/configure, use of C99 features throughout the codebase, aggressive cleanup of compiler warnings (compiles cleanly with Clang and GCC strict warnings), built-in test infrastructure with Go-based test runner, constant-time implementations for all cryptographic operations to prevent timing side-channel attacks, support for modern cryptographic primitives including AES-GCM, ChaCha20-Poly1305, X25519, Ed25519, and BLAKE2, optional Assembly implementations for x86, x86-64, ARM, and AArch64 using a custom Perl-based assembler generator, FIPS 140-2 validated module (the BoringCrypto FIPS module used in Google Cloud and Android), and a reduced set of APIs focusing on the libssl and libcrypto libraries without the command-line tool (though a minimal bssl tool is provided). BoringSSL powers Chrome, Android, Google Cloud, and gRPC.
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike