Add it to your Download Basket!
Add it to your Watch List!
What's new in MatrixSSL 3.7.1:
- Security Fixes:
- X.509 and ASN.1 Parsing Improvements - The Advanced Threat Research team at Intel Security discovered several issues as part of their research on the BERSerk attack on RSA signature verification. MatrixSSL does not contain this vulnerability which can result in a MITM attack, however some other ASN.1 fields were not consistently checked against remaining buffer length when parsed. These have each been fixed, and the getAsnLength() internal API now also does a double check against the remaining buffer length for variable length fields in all cases.
- Constant-Time Memory Compare - Calls to memcmp() have been replaced with a memcmpct() implementation to reduce the effectiveness of future timing based attacks.
- LICENSE TYPE:
- GPL (GNU General Public License)
- OUR RATING:
- DEVELOPED BY:
- PeerSec Networks
- USER RATING:
- ROOT \ Security
Features at a glance
With under 50KB total footprint, the software includes SSL (Secure Sockets Layer) 3.0 client/sever support, TLS (Transport Layer Security) 1.0, 1.1 and 1.2 client/server support, a cryptographic library that implements the RSA, AES, MD5, SHA1, 3DES, ECC, ARC4, and RC2 encryption algorithms.
Additionally, MatrixSSL provides various cipher suites, CRL (Certificate Revocation List) support, session cipher renegotiation and re-keying, X.509 certificate chain authentication, as well as optimizations for the assembly language, supporting Intel, MIPS and ARM platforms.
Among other interesting features, we can mention complete support for session caching and resumption, Stateless Session Tickets support, Server Name Indication support, RFC7301 Application Protocol Negotiation, and RSASSA-PSS Signature Algorithm support.
Another interesting feature is the ability to parse ASN.1 DER and X.509 .pem certificates. The project also supports PKCS#12, PKCS#5, PKCS#1.5 and PKCS#8 for key formatting, supports SSH (Secure Shell) command-line, supports DTLS (Datagram Transport Layer Security), provides pluggable cipher suite, crypto provider, perating system and malloc interfaces, supports TCP/IP, and offers both end-user and developer documentation.
Getting started with MatrixSSL
To install the MatrixSSL software on your GNU/Linux operating system, download the latest release from the project’s website (see the homepage link at the end of the review), save it somewhere on your computer, and unpack it.
Open a terminal emulator app, go to the location where you’ve extracted the archive file (e.g. cd /home/softpedia/matrixssl-3-7-1-open - replace ‘softpedia’ with your username), run the ‘make’ command to compile the program, and then run the ‘sudo make install’ command to install it.
MatrixSSL was reviewed by Marius Nestor, last updated on January 14th, 2015