MatrixSSL - Open Source Embedded SSL

Open Source Embedded SSL

MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices. Available is a fully supported, commercial version as well as an open source version that is available for download. MatrixSSL allows secure management of remote devices. Several secure embedded Web servers also use MatrixSSL for their encryption layer.

Ice patterns formed and reformed on the screen as he probed for gaps, skirted the most obvious traps, and mapped the route he'd take through Sense/Net's ice. It was good ice. Wonderful ice.
Case searched the matrix around the Tessier-Ashpool ice until he found the pink structure, a standard commercial unit, and punched in closer to it.
"Boy, that is one mean piece of software. Hottest thing since sliced bread. That thing's invisible. I just now rented twenty seconds on that little pink box, four jumps left of the Tessier-Ashpool ice; had a look at what we look like. We don't. We're not there."

William Gibson's Neuromancer
Latest release: December 4, 2014: MatrixSSL 3.7.1
Note: All versions of MatrixSSL are unaffected by the recent OpenSSL "Heartbleed" bug.
Note: MatrixSSL is not affected by the POODLE vulnerability: SSL 3.0 is disabled by default since version 3.3.1 on July 16, 2012.


Before developing our own Secure Sockets Layer, we looked for a small, open source SSL/TLS implementation. This proved very difficult to find. We found several past attempts at an "OpenSSL Lite", "small OpenSSL" or "embedded OpenSSL", but none reduced the code to levels we required. The standard OpenSSL library is over 1 MB, and the best we found was more than half that. OpenSSL is a decent solution, but embedded security is one area where there was room for improvement.


Subscribe to the MatrixSSL RSS news feed to be notified of updates and security advisories. You can also subscribe to new releases through FreeCode to be notified through email.


    ¹Included with commercial license


MatrixSSL has been ported to operating systems including FreeRTOS, Bare Metal, eCos, VxWorks, uClinux, eCos, FreeRTOS, ThreadX, WindowsCE, PocketPC, Palm, pSOS, SMX, BREW, MacOS X, Linux and Windows.
Ported hardware platforms include ARM, MIPS32, PowerPC, H-8, SH3, i386 and x86-64.

Design Philosophy

Complexity is the main enemy of security. Therefore, any security design should strive for simplicity. We are quite ruthless about this, even though this does not make us popular. Eliminate all the options that you can. Get rid of all those baroque features that few people use. Stay away from committee designs, because the committee process always leads to extra features or options in order to achieve compromise. In security, simplicity is king.
Neils Ferguson
Bruce Schneier
Practical Cryptography

As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice.
Bruce Schneier
Crypto-Gram 9/15/99


The software is fully downloadable under a dual licensing model; GNU Public License and a Standard Commercial license. Basically, the dual license means that you can use the library for free as long as you make public all code that links with it or otherwise uses the library. In addition, any changes made to the library must also be made public. If the application source code using MatrixSSL is to remain proprietary, a commercial license can be purchased from PeerSec Networks, the authors of MatrixSSL. The commercial license includes support, updates and additional software features such as client authentication and certificate/key generation. Another example of software using this model is MySQL, a widely used open source database.


The names "MatrixSSL", "PeerSec", "PeerSec Neworks" and their corresponding logos are Trademark (™) INSIDE Secure Corp. All content Copyright © INSIDE Secure Corp., 2002-2015.