MatrixSSL and MatrixDTLS are embedded TLS / DTLS libraries providing robust security and outstanding performances.
It was first released in 2004 to provide secure connectivity to devices with a small memory footprint, and has evolved to also serve networking device requiring top performance. MatrixSSL is a lean and efficient C source code that is easy to integrate, and where bugs have few places to hide. With no known security issues, an extensive implementation of TLS protocol and a FIPS certified cryptographic module, MatrixSSL is the SDK to look at to replace RSA/BSAFE or OpenSSL.
Low memory footprint
MatrixSSL and DTLS stacks, are modular source code implementations ideally suited for IoT usage due to their minimum memory footprint (<50KB) and efficient memory utilization (4KB per connection).
MatrixSSL Tiny, a PSK only version, demanding less than 10KB of flash memory and 600bytes of RAM, can even be used on the most limited 8-bit micro-processors.
High performance and scalability
Due to its compact design, MatrixSSL is scaling very well. It is more memory and CPU efficient than competing solutions, including those based on OpenSSL.
With true multi-threading, zero-copy processing and an asynchronous API for hardware integration, MatrixSSL is ideally suited to securing cloud access. It is integrated with network processors like Cavium Octeon and TILE-Gx, and support AES-NI to provide excellent performance on x86 architectures.
MatrixSSL-based customer solutions have achieved over 42 GBs of TLS throughput, 50,000 Handshakes per second for session setups, and 460,000 active sessions.
MatrixSSL implements the Secure Sockets Layer (SSL), the Transport Layer Security (TLS), and DTLS (Datagram TLS running on UDP) which are widely deployed protocols for creating secure connections between applications on a network. TLS/DTLS have a proven security track record in highly demanding applications. While certain TLS stacks are susceptible to implementation errors, as demonstrated with the Heartbleed Bug in OpenSSL, the TLS protocol itself has proven to be secure.
MatrixSSL has no known security weaknesses, and has not been affected by recent vulnerabilities found in other implementations such as OpenSSL. In last 10 years, MatrixSSL had no security weaknesses listed in the U.S. government repository of standards based vulnerability
MatrixSSL is fully downloadable under a dual licensing model: GNU Public License and a Standard Commercial license. The dual license means that one can easily evaluate the library for free, but that for commercial usage without the GPL constraints, one should acquire a license by contacting Inside Secure.
The open source package can be downloaded from: www.matrixssl.org/download
- < 50KB total footprint with crypto provider and certificates
- < 10KB total footprint with PSK only (Tiny version)¹
- TLS 1.0, 1.1 and 1.2 server and client support (SSL 3.0 optional)
- Included crypto library - RSA, ECC, 3DES, AES, ARC4, SHA1, SHA2, MD5
- Assembly language optimizations for Intel, ARM and MIPS
- Session re-keying and cipher renegotiation
- Full support for session resumption/caching
- Server Name Indication and Stateless Session Tickets
- RFC7301 Application Protocol Negotiation
- Server and client X.509 certificate chain authentication
- Parsing of X.509 .pem and ASN.1 DER certificate formats
- PKCS#1.5, PKCS#5 PKCS#8 and PKCS#12 support for key formatting
- RSASSA-PSS Signature Algorithm support
- Certificate Revocation List (CRL) support
- SSH command line support¹
- DTLS support¹
- CMS and PKCS#10 support¹
- FIPS140-2 certification using SafeZone FIPS cryptographic module integration (cert #2389) ¹
- Passive mode interceptor for SSL visibility
- OpenSSL Crypto integration¹ providing high performance on certain platforms
- Fully cross platform, portable codebase; minimum use of system calls
- Pluggable cipher suite interface
- Pluggable crypto provider interface
- Pluggable operating system and malloc interface
- Multithreading optional
- Only a handful of external APIs, all non-blocking
- Example client and server code included
- Clean, heavily commented code in portable C
- User and developer documentation
¹Available under commercial license
MatrixSSL has been ported to operating systems including FreeRTOS, Bare Metal, eCos, VxWorks, uClinux, eCos, FreeRTOS, ThreadX, WindowsCE, PocketPC, Palm, pSOS, SMX, BREW, MacOS X, Linux and Windows.
Ported hardware platforms include ARM, MIPS32, PowerPC, H-8, SH3, i386 and x86-64. TILE-Gx, CAVIUM Octeon