PeerSec Networks has achieved the first stable release of its dual-licensed Secure Sockets Layer (SSL) library created specifically for devices running Linux and other embedded operating systems. MatrixSSL 1.0 includes host and client implementations under 50KB each, and can secure socket-based communications on “even the smallest devices,” the company says.

MatrixSSL has been beta testing since February.

GPL version

MatrixSSL 1.0 is available for licensing under the GNU GPL. The GPL version can be used to add SSLv3 based security to open source software applications such as Web browsers, chat clients, XML translators, and machine-to-machine (M2M) communications, according to PeerSec.

The library is already being used in AppWeb, a “mini-Apache” Web server that recently added support for PHP. The free version of AppWeb is MatrixSSL's reference implementation.

Commercial version

PeerSec also offers a royalty-free commercial version of MatrixSSL that can be used with closed applications. It includes “Quick Start Integration” support, and a security updates subscription.

The commercial version also adds support for two important standards often required by large companies and governments. It supports Transport Layer Security (TLS), a network protocol ratified by the IETF as a vendor-neutral alternative to Netscape's Secure Sockets Layer (SSL). It also supports Advanced Encryption Standard (AES), a high-performing government-standardized cipher algorithm unencumbered by patents.

PeerSec President J Harper notes, “Our commercial customers are interested in TLS support because of its standards approval. The SSLv3 protocol is more compatible and contains no weaknesses that make upgrading to TLS a necessity.”

General features

The MatrixSSL 1.0 library supports both client and host applications, although “most applications require just one or the other,” according to Harper. It can be built to support both in a footprint of “under 70K,” he adds.

The library manages memory with minimal system calls, to better support minimalist embedded devices, according to Harper. It supports X.509 certificate authentication, fast session resumption, and implementations of RSA, AES, 3DES, ARC4, SHA1, and MD5.

According to Harper, MatrixSSL is not dependent on any specific transport layer, operating system, or hardware configuration. “It is designed to allow straightforward integration with existing applications without threading, sockets, or file system constraints,” says Harper.

Harper adds that most of PeerSec's early customers for MatrixSSL have been interested in adding security to existing devices or applications, to enable them to be used outside corporate LANs and on wireless networks.

Availability

The free MatrixSSL 1.0 library is available for download now from the MatrixSSL open source project site. The portable code is designed to build on a wide range of embedded operating systems, including embedded Linux, and it includes sample applications and programming examples.

Further details about commercial licensing can be found on the Peersec Networks website. PeerSec also offers custom integration services for customers with additional security requirements.

Australian security consulting specialist Mocana also offers a small commercial SSL library designed for embedded applications, and recently supported by the Go Ahead web server.

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.