MatrixSSL is an open-source
TLS/SSL
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
implementation designed for custom applications in
embedded hardware
An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is ''embedded'' as ...
environments.
The MatrixSSL library contains a full cryptographic software module that includes industry-standard
public key
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
and
symmetric key
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...
algorithms. It is now called the Inside Secure TLS Toolkit.
Features
Features:
* Protocol versions
**
SSL 3.0
**
TLS
TLS may refer to:
Computing
* Transport Layer Security, a cryptographic protocol for secure computer network communication
* Thread level speculation, an optimisation on multiprocessor CPUs
* Thread-local storage, a mechanism for allocating vari ...
1.0
** TLS 1.1
** TLS 1.2
** TLS 1.3
**
DTLS
Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol i ...
1.0
** DTLS 1.2
* Public key algorithms
**
RSA
**
Elliptic curve cryptography
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide e ...
**
Diffie–Hellman
* Symmetric key algorithms
**
AES
**
AES-GCM
In cryptography, Galois/Counter Mode (GCM) is a block cipher mode of operation, mode of operation for Symmetric-key algorithm, symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of- ...
**
Triple DES
In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standa ...
**
ChaCha
Cha-Cha, Cha Cha, ChaCha or Chacha may refer to:
Music
* Cha-cha-cha (dance), a dance of Cuban origin
* Cha-cha-cha (music), a genre of Cuban music
* ''Cha Cha'' (album), a 1978 album by Herman Brood & His Wild Romance
* ''Cha Cha'' (soundtrack), ...
**
ARC4
In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
**
SEED
A seed is an embryonic plant enclosed in a protective outer covering, along with a food reserve. The formation of the seed is a part of the process of reproduction in seed plants, the spermatophytes, including the gymnosperm and angiospe ...
* Supported
cipher suite
A cipher suite is a set of algorithms that help secure a network connection. Suites typically use Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer (SSL). The set of algorithms that cipher suites usually contain ...
s
** TLS_AES_128_GCM_SHA256 (TLS 1.3)
** TLS_AES_256_GCM_SHA384 (TLS 1.3)
** TLS_CHACHA20_POLY1305_SHA256 (TLS 1.3)
** TLS_DHE_RSA_WITH_AES_128_CBC_SHA
** TLS_DHE_RSA_WITH_AES_256_CBC_SHA
** TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
** TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
** SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
** TLS_RSA_WITH_SEED_CBC_SHA
** TLS_DHE_PSK_WITH_AES_128_CBC_SHA
** TLS_DHE_PSK_WITH_AES_256_CBC_SHA
** TLS_PSK_WITH_AES_128_CBC_SHA
** TLS_PSK_WITH_AES_256_CBC_SHA
** TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
** TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
** TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
** TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
** TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
** TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
** TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
** TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
** TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
** TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
** TLS_RSA_WITH_AES_128_CBC_SHA
** TLS_RSA_WITH_AES_256_CBC_SHA
** TLS_RSA_WITH_AES_128_CBC_SHA256
** TLS_RSA_WITH_AES_256_CBC_SHA256
** TLS_RSA_WITH_AES_128_GCM_SHA256
** TLS_RSA_WITH_AES_256_GCM_SHA384
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
** SSL_RSA_WITH_RC4_128_SHA
** SSL_RSA_WITH_RC4_128_MD5
** TLS_DH_anon_WITH_AES_128_CBC_SHA
** TLS_DH_anon_WITH_AES_256_CBC_SHA
** SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
** SSL_DH_anon_WITH_RC4_128_MD5
*
Client authentication
* Secure Renegotiation
* Standard Session Resumption
* Stateless Session Resumption
* Transport independent
*
PKCS#1 and
PKCS#8 key parsing
*
False Start
In sports, a false start is a disallowed start, usually due to a movement by a participant before (or in some cases after) being signaled or otherwise permitted by the rules to start. Depending on the sport and the event, a false start can result ...
* Max Fragment Length extension
* Optional PKCS#11 Crypto Interface
Major Releases
See also
*
Comparison of TLS implementations
The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free ...
*
GnuTLS
GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network trans ...
*
wolfSSL
wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3, and DTLS 1.0, 1.2, and 1.3) written in the C programming lan ...
External links
*
Inside Secure website
References
{{Portal bar, Free and open-source software
Cryptographic software
C (programming language) libraries
Free security software
Transport Layer Security implementation