All releases of MatrixSSL
Release Notes: This release adds TLS 1.1 security protocol support for the client and server to enhance block cipher security using a per-record explicit IV. It adds PKCS#8 parsing for newer format public key certificates. Library users can parameterize incoming and outgoing buffer sizes and are notified of zero-length SSL records. A new matrixSslEncodeToOutdata() API to encode directly into an existing TCP/IP buffer for low footprint memory usage.
Release Notes: iPhone OS support and a sample Xcode project were added. Server support was added for Google Chrome False Start additions to the TLS protocol for increased handshake performance. Size/speed tradeoffs are now configurable during compile time. Active cipher suites can now be modified at runtime via a new API. The code was updated to support Luminary Micro/TI Stellaris ARM Cortex-M3 secure Web server examples.
Release Notes: A server-side configuration option was added to decrease binary executable size with simpler X.509 parsing. The Yarrow PRNG algorithm is included for strong entropy processing. Non-ASCII X.509 attributes are supported in certificates. Project files for Windows were updated to VS Express 2010. The return code was clarified for the matrixSslReceivedData() API.
Release Notes: Full support for the recently published TLS Renegotiation Indication Extension (RFC 5746). MatrixSSL enabled clients and servers now support the "renegotiation_info" extension and the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite to prevent any possibility of the "plaintext injection attack" that was disclosed November 2009 and described in CVE-2009-3555. Support for adding extensions to CLIENT_HELLO messages (RFC 3546) is now included in the open source version of MatrixSSL.
Release Notes: TLS protocol support, an AES cipher suite, and a new zero-copy API. Blocking and non-blocking example HTTPS applications and test suite. Faster and smaller RSA cryptography: a full SSL/TLS handshake can now be completed in as little as 10KB of RAM. File reorganization and a new version scheme. Additional Project File Formats for IDEs, and new documentation.
Release Notes: A security exploit involving SSL re-negotiation has been discovered. In this release, MatrixSSL disables re-negotiation for server side SSL, protecting secure servers from attack.
Release Notes: Improved handling of flights containing multiple encoded handshake messages. Improved parsing of password protected private keys. Improved handling of CA issued certificates that erroneously allowed malformed strings in the domain name.
Release Notes: Additional checks and proper error handling for three types of malformed X.509 certificates. These do not constitute a remote attack vector for the Open Source release. The size calculations for SSL_FULL conditions when encoding the FINISHED flight of handshake messages have been fixed. The USE_MULTITHREADING define in matrixConfig.h is now off by default so that POSIX platforms will not require pthreads by default. Windows project files for library and example application builds are now based on the freely available Microsoft Visual Studio C++ 2008 Express Edition.
Release Notes: The matrixRsaParsePubKey routine has added support for X.509 SubjectPublicKeyInfo formatted keys. There is full parsing support of the subjectAltName extension in certificates. Clients are allowed to send multiple compression parameters in the CLIENT_HELLO message. The matrixX509ReadCert routine supports additional PEM file header and footer formats A filename misspelling in httpsReflector.c for loading the example CAcertCln.der certificate has been corrected.
Release Notes: API changes: ‘const’ qualifiers have been added to literal string parameters for matrixRsaReadPrivKey, matrixRsaReadKeys, matrixRsaReadKeysEx, and matrixX509ReadPubKey. There is additional error reporting in the RSA public decryption routine. The enforcement of maximum certificate chain length has been improved. The –fPIC compile option has been added to default POSIX builds. A one-time memory leak on error conditional during certificate parsing has been fixed.
