Beta Test Plan
Support
In order simplify the testing that our beta customers do, here is a list of the testing we have done prior to this release.
SSL Servers
- PeerSec httpReflector (Linux, Windows)
- Mbedthis AppWeb (Linux, Windows)
- Blocking and non-blocking sockets tested
SSL Clients
- Microsoft IE 6 (Windows 2K, XP)
- Mozilla 1.6 (Linux, Windows)
- Opera 7 (Windows)
- OpenSSL s_client 0.9.7c (Linux, Windows)
- OpenSSL s_time 0.9.7c (Linux, Windows)
Build Environment
- Linux (RedHat 9, gcc 3.2.2)
- Microsoft Windows (2K & XP, Visual Studio .NET)
- Debug and Release builds
Certificates
- OpenSSL generated certificates and private keys were tested.
- 3DES encrypted private keys tested.
- 1024 and 2048 bit RSA keys.
- Multiple certificates in a single file are not supported
Cipher Suites and Protocol Levels
- All combinations of cipher suites: RC4-MD5, RC4-SHA and DES-CBC3-SHA
- 1024 and 2048 bit RSA keys
- Tested negotiation to best cipher suite with multiple clients
- Verified correct error sent if negotiating to SSLv2 and TLS-only
- Successful parsing of SSLv2 ClientHello and negotiating down to SSLv3 from TLS
Longevity Testing
- Overnight testing using OpenSSL s_time SSL tests on Linux and Windows.
- Verification of zero memory growth during longevity testing
- Used the following for longevity testing:
openssl s_time -connect 'ip':4433 -www / -time 'seconds' -cipher 'cipher' -ssl3
Cryptography Provider
Architecture Testing
January 27, 2004 |
Comments (0)
MatrixSSL 1.0 Beta
Releases
First general public release of MatrixSSL.
January 26, 2004 |
Comments (0)
Frequently Asked Questions
FAQ
What is MatrixSSL?
MatrixSSL is an embedded SSL implementation designed for small footprint applications and devices. It is an open-source software package available under the GNU license. It consists of a single library file with a simple API set that an application writer can use to secure their application.
How does MatrixSSL differ from other SSL software packages?
MatrixSSL is the only open-source SSL implementation designed specifically for use in embedded environments. There are existing open-source SSL implementations available and there are existing embedded SSL implementations, but there was a notable absence of packages that offer both.
What license is MatrixSSL distributed under?
MatrixSSL is distributed under a dual license model allowing a user to choose between the GNU General Public License and a commercial license.
What if I don't want to make my MatrixSSL project code public?
We recognize that for some commerical projects the GNU license is too restrictive, in this case a commercial license may be purchased from
PeerSec Networks.
Why is this under the GPL and not the LGPL?
We feel that the GPL strikes the best balance between open source ideals and commercial needs. Developers of open source projects can freely share their code, while commercial developers wishing to remain proprietary pay a fee for a commercial license. This promotes the development and release of new open source projects using MatrixSSL, but allows an alternative for those developing commercial products. Put simply, we do not feel it is unreasonable to negotiate a commercial license to take advantage of open source software in proprietary products.
Is MatrixSSL standards based?
Yes. The core of MatrixSSL is an implementation of the SSLv3 communication standard. The cryptographic algorithms used in MatrixSSL are well-respected industry standards that offer a high level of security.
What operating systems does MatrixSSL support?
Currently there is support for Windows and Linux operating systems. MatrixSSL has a very portable OS layer that allows easy porting to any operating system.
What standard library calls are used?
Only a small set of standard library calls is used, see
this post for more information.
How do I get started with MatrixSSL?
The MatrixSSL source distribution is available as a
downloadable archive file. Extract the archive and read the documentation located in the doc subdirectory.
How do I get support or report a bug on MatrixSSL?
Email support is available at support@matrixssl.org. Bug submissions should also be made to this address.
How can such a small library provide strong security?
MatrixSSL implements only the functionality necessary to achieve a secure socket layer in server applications. MatrixSSL is not a generic security toolkit and implements only the strong ciphers necessary for most security needs.
Where can I find implementations of MatrixSSL?
MBedThis AppWeb is the first commercially available server application that has added support for MatrixSSL security.
Does MatrixSSL require my application to use sockets?
No, MatrixSSL has been written so it is transport layer agnostic. It integrates easily with any transport layer, from sockets to serial link.
Does MatrixSSL exist in the real world?
You already know the answer to this question. Now you just need to understand why you know.
January 26, 2004 |
Comments (0)
Beta Software Disclaimer
Security Advisories
Applies to: MatrixSSL 1.0 Beta
This beta software is currently undergoing public evaluation and security audit. Please contact support before using this code in production systems.
January 26, 2004 |
Comments (0)
MatrixSSL 1.0 Beta Monday
Announcements
We're set to release the beta of MatrixSSL on Monday. The software will be publicly available as a download through this site. We look forward to hearing your feedback!
January 25, 2004 |
Comments (0)