Enterprise level security < 50 KB

Compact Embedded SSL/TLS stack

Low memory footprint

MatrixSSL stack is a modular source code SDK ideally suited for IoT usage due to its low memory footprint (<50KB, even down to 10kB for MatrixSSL Tiny) and efficient RAM utilization (4KB per connection, even less than 1kB for MatrixSSL Tiny). It even runs on platforms without filesystem, memory allocation or multi-threading.

Fully Compatible

With larger implementations and the SSL/TLS RFCs. All web browsers and servers can communicate securely with MatrixSSL.

High performance

Due to its compact design, MatrixSSL is more memory and CPU e­fficient than competing solutions, including those based on OpenSSL. With true multi-threading, zero-copy processing and an asynchronous API for hardware integration, MatrixSSL is ideal for securing cloud access.


  • TLS 1.0, 1.1 and 1.2 server and client support (SSL 3.0 optional)
  • DTLS 1.0 and 1.2 server and client support
  • Included crypto library - RSA, ECC (including Brainpool curves), AES, 3DES, ARC4, SHA1, SHA256, MD5, ChaCha20-Poly1305
  • Session re-keying and cipher renegotiation
  • Session resumption/caching, Stateless Session Tickets
  • Extensions: Server Name Indication, max fragment length, trusted CA keys, truncated HMAC, Status Request (OCSP)
  • Application Protocol Negotiation
  • Server and client X.509 certificate chain authentication
  • Parsing of X.509 .pem and ASN.1 DER certificate formats
  • PKCS#1.5, PKCS#5, PKCS#8 and PKCS#12 key formatting
  • RSASSA-PSS Signature Algorithm support
  • Online Certificate Status Protocol (OCSP)
  • Certificate Revocation List (CRL)
  • OpenSSL APIs wrapper to ease transition from OpenSSL
  • Cryptographic Messaging Syntax (CMS): for packaging signed/encrypted firmware updates or provisioning files in Smart Meters (commercial license)
  • PKCS#10 support (commercial license)
  • X.509 Certificate generator (commercial license)
  • FIPS140-2 validated SafeZone crypto (requires a license for SafeZone FIPS Security SDK)


  • < 50KB total footprint with crypto provider and certificates
  • < 10KB total footprint with PSK only (Tiny version)
  • Assembly language optimizations for Intel, ARM and MIPS
  • Support for asyncronous crypto hardware
  • Fully cross platform, portable codebase; minimum use of system calls
  • Pluggable cipher suite interface
  • Pluggable crypto provider interface
  • Pluggable operating system and malloc interface
  • TCP/IP optional
  • Multithreading optional
  • Only a handful of external APIs, all non-blocking
  • Example client and server code included
  • Clean, heavily commented code in portable C

Product Family


MatrixSSL integrated with SafeZone FIPS software SDK that provides an IoT security framework of FIPS140-2 certified crypto (Certificate #2389) as well as non-FIPS algorithms. That solution is ideal for IoT devices looking at an embedded security solution compliant with NIST security standards.

MatrixSSL Tiny

The world smallest TLS implementation that requires 600 bytes of RAM and 10kB of flash. Ideal for 8-bit and 16 bit microprocessors.


An SSH server source code toolkit suitable for RTOS environments. Extends traditional insecure command line terminal environments over serial or telnet to the secure SSH standard.

MatrixSSL Interceptor

This passive mode TLS implementation monitors SSL/TLS in real time without modifying traffic. It is ideal for TLS visibility solutions requiring high performance as it only decrypt the traffic (no re-encrypting).


MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.



Copyright (c) INSIDE Secure Corp., 2002-2017. All Rights Reserved.