Open Source Embedded SSL
PeerSec Networks MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices. PeerSec Networks offers a
fully supported, commercial version as well as an open source version that is available for download. PeerSec MatrixSSL allows secure management of remote devices. Several secure embedded Web servers also use MatrixSSL for their encryption layer.
Ice patterns formed and reformed on the screen as he probed for gaps, skirted the most obvious traps, and mapped the route he'd take through Sense/Net's ice. It was good ice. Wonderful ice.
...
Case searched the matrix around the Tessier-Ashpool ice until he found the pink structure, a standard commercial unit, and punched in closer to it.
...
"Boy, that is one mean piece of software. Hottest thing since sliced bread. That thing's invisible. I just now rented twenty seconds on that little pink box, four jumps left of the Tessier-Ashpool ice; had a look at what we look like. We don't. We're not there."
Background
Before developing our own Secure Sockets Layer,
we looked for a small, open source SSL/TLS implementation. This proved very difficult to find. We found several past attempts at an "OpenSSL Lite", "small OpenSSL" or "embedded OpenSSL", but none reduced the code to levels we required. The standard OpenSSL library is over 1 MB, and the best we found was more than half that.
OpenSSL is a decent solution, but embedded security is one area where there was room for improvement.
Subscribe
Subscribe to the MatrixSSL RSS news feed to be notified of updates and security advisories. You can also subscribe to new releases through
FreshMeat to be notified through email.
Specifications
- < 50KB total footprint with crypto provider
- SSL and TLS server and client support
- Included crypto library - RSA, 3DES, AES, ARC4, SHA1, MD5
- Cipher Suites - RC4-MD5, RC4-SHA, DES-CBC3-SHA, AES128-SHA
- Full support for session resumption/caching
- Session re-keying and cipher renegotiation
- Server and client¹ X.509 certificate chain authentication
- Parsing of X.509 .pem and ASN.1 DER certificate formats
- PKCS#1.5 and PKCS#5 support for key formatting
- SSH command line support¹
- Fully cross platform, portable codebase; minimum use of system calls
- Pluggable cipher suite interface
- Pluggable crypto provider interface
- Pluggable operating system and malloc interface
- TCP/IP optional
- Multithreading optional
- Only a handful of external APIs, all non-blocking
- Example client and server code included
- Clean, heavily commented code in portable C
- User and developer documentation
¹Included with commercial license
Platforms
MatrixSSL has been ported to operating systems including VxWorks, uClinux, eCos, WindowsCE, PocketPC, Palm, pSOS, SMX, BREW, MacOS X, Linux and Windows.
Ported hardware platforms include ARM, MIPS32, PowerPC, H-8, SH3, i386 and x86-64.
Design Philosophy
Complexity is the main enemy of security. Therefore, any security design should strive for simplicity. We are quite ruthless about this, even though this does not make us popular. Eliminate all the options that you can. Get rid of all those baroque features that few people use. Stay away from committee designs, because the committee process always leads to extra features or options in order to achieve compromise. In security, simplicity is king.
As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice.
License
The software is fully downloadable under a dual licensing model;
GNU Public License and a Standard Commercial license. Basically, the dual license means that you can use the library for free as long as you make public all code that links with it or otherwise uses the library. In addition, any changes made to the library must also be made public. If the application source code using MatrixSSL is to remain proprietary, a commercial license can be purchased from
PeerSec Networks, the authors of MatrixSSL. The commercial license includes support, updates and additional software features such as client authentication and certificate/key generation. Another example of software using this model is
MySQL, a widely used open source database.
Legal
The names "MatrixSSL", "PeerSec", "PeerSec Networks" and their corresponding logos are Trademark (™) PeerSec Networks, Inc. All content Copyright © PeerSec Networks , 2002-2010.
