PolarSSL is dead, long live mbed TLS

In November 2014, we published the happy news that PolarSSL was now part of ARM. Since then we had kind of a radio silence on a number of fronts. There were a lot of things to take care of, and making sure PolarSSL was integrated properly into the ARM ecosystem was one of them.

In the blog post I hinted that there would be a few big announcements in the future. I’m glad to announce the time has come to shed light on a few of those!

The first one is that PolarSSL will be rebranded as mbed TLS to signify its importance in the mbed ecosystem. mbed TLS development will continue as usual and of course build on top of the existing PolarSSL code base. In addition the development team will be expanded to increase the pace of development.

As part of the mbed ecosystem, mbed TLS will provide the core for secure communications and cryptography to the rest of the mbed products. Although the mbed ecosystem is primarily targeted at the world of the Internet of Things (IoT), this does not mean that from now on mbed TLS will only work on ARM chipsets or IoT devices. mbed TLS will continue on the existing path and stay available and operate on regular embedded and non-embedded systems, just like PolarSSL today.

In order to emphasize that point, mbed TLS will stay available as a separate module on its own website in addition to being integrated into other mbed products.

Perhaps the biggest change to mbed TLS will hit a bit later this year and has quite a big impact. mbed TLS will change its main license from the GPL to the liberal Apache license. This is great news for a lot of open source projects and commercial projects that want to use mbed TLS, but could not use GPL licensed code or afford a commercial license. The Apache license allows even easier use of mbed TLS in open source projects and no more commercial license is needed to use PolarSSL in your closed source (commercial) projects.

For users that do want the benefit of priority support and a commercial license, ARM offers mbed partnerships that cover those needs. Inquire for more information here: partnership@mbed.org.

Naturally these changes will also affect the website and the source code repository. During the year the current website (https://polarssl.org) and github repository (https://github.com/polarssl/polarssl) will be migrated to their new locations.


All-in-all I hope you agree this is a lot of good news!

  • That is a good news. I was not aware. We were (and are) considering using PolarSSL in one of upcoming projects. Having that supported by the mbed ecosystem is a nice happening and will help me and our team to rest assured about the longevity and reliability of it.

    More importantly coming out of GPL mode will make our management happy as well (no license cost ).

    Thanks for sharing this...

  • Hi!

    Can you give any more news regarding when the license will change to an Apache license?

  • The change of the license to Apache 2.0 will happen later this year. The exact date depends on other developments as well and as such I cannot further pinpoint it. I can tell that the goal is to make it happen before the start of Q4.

  • Hi!

    It seems that mbed TLS is not available in the online compiler library import section. So far it is not so straight forward to use it. It is planned to be added or it is a way to manually import it ?

    Thanks,

    Vlad