Enterprise level security < 50 KB

Compact Embedded SSL/TLS stack

Low memory footprint

MatrixSSL stack is a modular source code SDK ideally suited for IoT usage due to its low memory footprint (<50KB, even down to 10kB for MatrixSSL Tiny) and efficient RAM utilization (4KB per connection, even less than 1kB for MatrixSSL Tiny). It even runs on platforms without filesystem, memory allocation or multi-threading.

Proven security

MatrixSSL has no known security weaknesses, and has not been affected by recent vulnerabilities found in other implementations such as OpenSSL. In last 10 years, MatrixSSL had no major security weakness listed in the U.S. government repository of standards based vulnerability.

High performance

Due to its compact design, MatrixSSL is more memory and CPU e­fficient than competing solutions, including those based on OpenSSL. With true multi-threading, zero-copy processing and an asynchronous API for hardware integration, MatrixSSL is ideal for securing cloud access.


  • TLS 1.0, 1.1 and 1.2 server and client support (SSL 3.0 optional)
  • DTLS 1.0 and 1.2 server and client support
  • Included crypto library - RSA, ECC, AES, 3DES, ARC4, SHA1, SHA256, MD5
  • Session re-keying and cipher renegotiation
  • Full support for session resumption/caching
  • Server Name Indication and Stateless Session Tickets
  • RFC7301 Application Protocol Negotiation
  • Server and client X.509 certificate chain authentication
  • Parsing of X.509 .pem and ASN.1 DER certificate formats
  • PKCS#1.5, PKCS#5 PKCS#8 and PKCS#12 support for key formatting
  • RSASSA-PSS Signature Algorithm support
  • Certificate Revocation List (CRL) support
  • User and developer documentation
  • CMS and PKCS#10 support
  • SSH command line support
  • FIPS140-2 certification using SafeZone FIPS cryptographic module integration (cert #2389)
  • OpenSSL APIs wrapper to ease transition from OpenSSL


  • < 50KB total footprint with crypto provider and certificates
  • < 10KB total footprint with PSK only (Tiny version)
  • Assembly language optimizations for Intel, ARM and MIPS
  • Support for asyncronous crypto hardware
  • Fully cross platform, portable codebase; minimum use of system calls
  • Pluggable cipher suite interface
  • Pluggable crypto provider interface
  • Pluggable operating system and malloc interface
  • TCP/IP optional
  • Multithreading optional
  • Only a handful of external APIs, all non-blocking
  • Example client and server code included
  • Clean, heavily commented code in portable C

Product Family


MatrixSSL integrated with SafeZone FIPS140-2 certified crypto. Certificate #2389. Fully supported solution for small footprint devices needing to comply with US Government FIPS security standards.

MatrixSSL Accelerator

High performance on TILE-Gx, CAVIUM Octeon or Intel QuickAssist hardware crypto. Full support for asynchronous crypto and single-pass hardware record processing. Compatible with INSIDE Secure Packet Engine hardware IP

MatrixSSL Tiny

The world smallest TLS implementation that requires 600 bytes of RAM and 10kB of flash. Ideal for 8-bit and 16 bit microprocessors.


An SSH server source code toolkit suitable for RTOS environments. Extends traditional insecure command line terminal environments over serial or telnet to the secure SSH standard.


A source code toolkit of the Cryptographic Messaging Syntax (RFC 5652) supporting streams based parsing. CMS is the standard to use for packaging signed/encrypted firmware updates or provisioning files in the Smart Meter environment.

MatrixSSL Interceptor

Monitor SSL/TLS in real time without modifying traffic (passive mode). Operates in conjunction with TLS terminating proxy for active mode protocol monitoring.


MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.



Copyright (c) INSIDE Secure Corp., 2002-2016. All Rights Reserved.