Isn't mbedTLS part of ARM now? For microcontrollers / bare metal devices that need to connect via Ethernet, it is probably one of the more reputable ones - unless there's another major library I haven't heard of?
It's "part of ARM" like random Java projects become "part of the Apache foundation". Its reputation is the unmistakable ability to always fall on the side of broken/unmitigated whenever someone discovers another TLS protocol problem, apart from a history of the usual code execution and memory safety issues (the latter, of course, extremely difficult to mitigate on anything that has the name "embedded").
And if that doesn't scare you, think about how these libraries are used on embedded devices. People who think they can seed the CSPRNG of their TLS library with rand() and if it connects to google, everything is ok, ship it.
Do you know a better library to use for bare-metal purposes then? Because with mbedTLS at least you can get security updates and the code is scrutinised publicly. Way better than some proprietary crypto stacks I have seen where they charge you money for updates.
I'm not disagreeing with you here, I just want to prevent the stuff I made on from being features on @internetofshit twitter and similar places
BearSSL (https://bearssl.org/) works great. It is written by someone who both understands the cryptography at depth and how to write secure C code for embedded environments.
"Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at mbed-crypto@arm.com. All feedback received by email is treated confidentially."
And if that doesn't scare you, think about how these libraries are used on embedded devices. People who think they can seed the CSPRNG of their TLS library with rand() and if it connects to google, everything is ok, ship it.