Low memory footprint

Flash: <50KB, down to 10kB for MatrixSSL Tiny

RAM: 4KB/connection, < 1kB for MatrixSSL Tiny (an example of lightweight cryptography)


MatrixSSL implements 25 RFCs and is widely deployed and tested against common TLS implementations

Robust security

Compliant with NIST Special Publication 800-52r1 and integrated with FIPS140-2 crypto (certificate #2389)

Product description

To provide high performance, TLS is designed with true multi-threading, zero-copy processing and an asynchronous API for hardware integration. TLS-based customer solutions have achieved over 42 GBs of TLS throughput, 50,000 Handshakes per second for session setups, and 460,000 active sessions.

To provide robust security, TLS has implemented the best practice from NIST Special Publication 800-52r1. For full compliance, TLS is available with FIPS validated SafeZone cryptographic module. TLS has not been affected by highly-publicized vulnerabilities (e.g. Heartbleed, POODLE, FREAK, DROWN) found in OpenSSL.

TLS is fully downloadable under a dual-licensing model: GNU Public License and a Standard Commercial license. The dual license means that one can easily evaluate the library for free, but that for commercial usage without the GPL constraints, one must acquire a license by contacting Inside Secure.

The open source package can be downloaded from:  www.matrixssl.org/download.

TLS is the SDK to replace RSA/BSAFE or OpenSSL.

Other information


TLS 1.0, 1.1 and 1.2 server and client support (SSL 3.0 optional)

DTLS 1.0 and 1.2 server and client support

Included crypto library - RSA, ECC (including Brainpool curves), AES, 3DES, ARC4, SHA1, SHA256, MD5, ChaCha20-Poly1305

Session re-keying and cipher renegotiation

Session resumption/caching, stateless session tickets

Extensions: server name indication, max fragment length, trusted CA keys, truncated HMAC, status request (OCSP)

Application Protocol Negotiation

Server and client X.509 certificate chain authentication

Parsing of X.509 .pem and ASN.1 DER certificate formats

PKCS#1.5, PKCS#5, PKCS#8 and PKCS#12 key formatting

RSASSA-PSS Signature Algorithm support

Online Certificate Status Protocol (OCSP)

Certificate Revocation List (CRL)

OpenSSL APIs wrapper to ease transition from OpenSSL

Cryptographic Messaging Syntax (CMS): for packaging signed/encrypted firmware updates or provisioning files in Smart Meters (commercial license)

PKCS#10 support (commercial license)

X.509 certificate generator (commercial license)

FIPS140-2 validated cryptographic module: it requires a license for FIPS Security Toolkit



< 50KB total footprint with crypto provider and certificates

< 10KB total footprint with PSK only (tiny version)

Assembly language optimizations for Intel, ARM and MIPS

Deployed on Bare Metal, FreeRTOS, eCos, VxWorks, uClinux, eCos, FreeRTOS, ThreadX, WindowsCE, PocketPC, Palm, pSOS, SMX, BREW, MacOS X, Linux and Windows.

Ported hardware platforms include ARM, MIPS32, PowerPC, H-8, SH3, i386 and x86-64. TILE-Gx, CAVIUM Octeon

Support for asynchronous crypto hardware

Fully cross platform, portable codebase; minimum use of system calls

Pluggable cipher suite interface

Pluggable crypto provider interface

Pluggable operating system and malloc interface

TCP/IP optional

Multi-threading optional

Only a handful of external APIs, all non-blocking

Example client and server code included

Clean, heavily-commented code in portable C

Other resources