| There are. They just ask for significant licensing fees to cover the work they did. Licensing fees most users of cryptography have no interest in paying. ;) Others are dual-licensed with little uptake. An early example was Guttman's cryptlib which is dual-licensed: https://en.wikipedia.org/wiki/Cryptlib Note: An interesting feature of it is that it embeds a security kernel that tries to ensure the algorithms are composed correctly. Another dual-licensed one that seemed to at least have better code quality was PolarSSL used in Fox-IT's OpenVPN-NL project and partially verified by TrustinSoft's analyzer: https://tls.mbed.org/features MatrixSSL is another one aiming at small, efficient execution: https://www.insidesecure.com/Products-Technologies/Protocol-... Save the best for last in Amazon's s2. It has much potential coming from the combo of simplicity, design-for-verification, and actual reviews by pentesters: https://github.com/awslabs/s2n Note: There's also quite a few designed for robustness in smartcard industry. The EAL5+ one from IBM's Caernarvon team is likely to be high quality. The thing is we can't review them but we can review above code. So better to go with above. Also recall this list is of commercial replacements for SSL in addition to others' recommendations on LibreSSL, BoringSSL, etc. |