Projects / MatrixSSL


MatrixSSL is an embedded SSL and TLS implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50Kb on disk with cipher suites. It includes client and server support through TLS 1.2, mutual authentication, session resumption, and implementations of RSA, ECC, AES, 3DES, ARC4, SHA2, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.

Operating Systems

Last announcement

MatrixSSL not affected by Heartbleed 14 Apr 2014 19:43

MatrixSSL is not based on OpenSSL and is not vulnerable to the Heartbleed bug. It is our design policy to minimize the number of TLS extensions that are implemented and not required by our user base. Most of our optional features and ciphers are not compiled by default. The focus on small footprint SSL has always helped reduce code complexity and gives bugs like this fewer places to hide. Still, no popular security libraries are free of bugs, and we continue to stamp them out since our first release in Jan 2004. Our latest release, 3.6.1 fixes several issues found through internal and external audit and it is recommended that all users update to this version.

Recent releases

  •  14 Apr 2014 19:02

    Release Notes: TLS 1.2 client and server. ECC, DH, and ephemeral key exchange. Pre-Shared Key (PSK), AES-GCM, SEED, and IDEA ciphers. SHA2 (256, 384, and 512 bit) hashes and HMAC. Server Name Indication (SNI), Stateless Session Ticket, and Truncated HMAC extensions. Intel assembly and AES-NI acceleration. These features have been open sourced from the commercial product branch. Only SSH and DTLS remain commercial. Security fixes: certificate parsing is much more strict, and several length underflow issues were fixed as a result of multiple external code audits.

    •  07 Feb 2013 06:30

      Release Notes: Client certificate authentication was enabled in the GPL release. Certificate Revocation List (CRL) support was added. Assembly language optimizations were made for x86, x86_64, ARM, and MIPS. Countermeasures were provided for the Lucky Thirteen CBC padding attack. Maximum Fragment Length extension support was added. There were additional minor enhancements and fixes.

      •  22 Feb 2012 23:35

        Release Notes: This release throttles TLS re-handshakes on the server side to minimize the effect of potential denial of service due to repeated requests, rebrands the documentation and source code to reflect the AuthenTec acquisition of MatrixSSL, and adds Chrome False Start support to the example Web server application.

        •  15 Jun 2011 18:33

          Release Notes: This release adds TLS 1.1 security protocol support for the client and server to enhance block cipher security using a per-record explicit IV. It adds PKCS#8 parsing for newer format public key certificates. Library users can parameterize incoming and outgoing buffer sizes and are notified of zero-length SSL records. A new matrixSslEncodeToOutdata() API to encode directly into an existing TCP/IP buffer for low footprint memory usage.

          •  11 Jan 2011 23:26

            Release Notes: iPhone OS support and a sample Xcode project were added. Server support was added for Google Chrome False Start additions to the TLS protocol for increased handshake performance. Size/speed tradeoffs are now configurable during compile time. Active cipher suites can now be modified at runtime via a new API. The code was updated to support Luminary Micro/TI Stellaris ARM Cortex-M3 secure Web server examples.

            Recent comments

            19 Jun 2006 11:12 gmb2106

            no os
            does anyone have a no-os implementation of matrixssl?


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.