Low memory footprint
A typical embedded implementation uses
<50KB of flash and 4KB of RAM per connection
Low memory footprint
A typical embedded implementation uses
<50KB of flash and 4KB of RAM per connection
Interoperability
Implement 25 RFCs and widely deployed and tested against common TLS implementations
Robust security
Compliant with NIST Special Publication 800-52r1 and integrated with FIPS140-2 crypto (certificate #2389)
GUARD TLS-TK (formerly MatrixSSL) provides secure connectivity to devices with a small memory footprint. It has evolved to also serve networking devices requiring top performance. GUARD TLS-TK is a lean and efficient C source code SDK that is easy to integrate, and where bugs have few places to hide. GUARD TLS-TK is the SDK to replace RSA/BSAFE or OpenSSL.
Started by PeerSec Networks in 2003 under the name MatrixSSL, this TLS/DTLS stack is now developped by Inside Secure.
To provide high performance, GUARD TLS-TK is designed with true multi-threading, zero-copy processing and an asynchronous API for hardware integration. GUARD TLS-TK based customer solutions have achieved over 42 GBs of TLS throughput, 50,000 Handshakes per second for session setups, and 460,000 active sessions.
To provide robust security, GUARD TLS-TK has implemented the best practice from NIST Special Publication 800-52r1. For full compliance, GUARD TLS-TK is available with FIPS validated SafeZone cryptographic module. GUARD TLS-TK has not been affected by highly-publicized vulnerabilities (e.g. Heartbleed, POODLE, FREAK, DROWN) found in OpenSSL.
GUARD TLS-TK is available under a dual-licensing model: GNU Public License and a Standard Commercial license. The dual license means that one can easily evaluate the library for free, but that for commercial usage without the GPL constraints, one must acquire a license by contacting Inside Secure. The open source package can be downloaded from GitHub.
There two other commercial variants of this TLS implementation:
- An integration with SafeZone FIPS140-2 Cryptographic Module, delivered as FIPS Security Toolkit.
- GUARD TLS Tiny for extremely constraint environments such as 8-bit microprocessors that can run with less than 10kB of Flash and 1kB of RAM (an example of very lightweight cryptography).
Commercial customers have access to our code under a commercial license (GPL-free) and benefit from a support contract with direct access to our development team. Their support requests are treated with priority. They will automatically receive new updates of the product.
Open source users can ask questions or propose patch through GitHub. They can also contact us by email: support@matrixssl.org.
As we are not able to contact open source users, please regularly check GitHub for the latest release.
We appreciate the work of security researchers that help us to maintain a high security standards. We would recommend that they report any security issues to support@matrixssl.org using the following PGP Key, Key fingerprint = D6AD F1C5 E34E 696B 0953 556C 8BB2 B39A 2795 C6B3.
This version fixes serious buffer handling vulnerabilities along with other smaller bugs. Upgrading to the latest version is highly recommended. Check the release notes on GitHub for details.
This version was driven by the need to update the test certificates that were expiring. There are no strong reasons to upgrade if you already use 3.9.0.
This version contains several new features and bug fixes. It is recommended for all users.
Full list of changes and changes in previous version are described in the source code package on GitHub:
https://github.com/matrixssl/matrixssl/releases/latest
For more detailled product information, download the documentation of the open source release below.
MatrixSSL EllipticCurveCiphers
The GPL version can be downloaded from: https://github.com/matrixssl/matrixssl/releases/latest