Apr 9, 2014
This release aligns the commercial and GPL version numbers of MatrixSSL and moves most of the previously commercial only features into the GPL version.
- Stronger X.509 Enforcement - Improved X.509 certificate parsing and validation. V1 and V2 certs no longer supported. Enforcement of critical extensions, certificate chain path length, subject alt name, AuthorityKeyIdentifier, minimum key strength and several other constraints. Moved date range parsing into X.509 library.
- Runtime Configuration of Ciphersuites - CipherSuite, TLS version and AllowResumption can now be set on a per SSL session basis.
- Heartbleed Bug - All versions of MatrixSSL are unaffected by the recent OpenSSL "Heartbleed" bug. That bug is due to an OpenSSL implementation error, not an attack against the SSL/TLS protocol.
- TLS 1.2 - Full support open sourced from commercial codebase.
- ECC Cipher Suites - ECDHE_ECDSA, ECDH_ECDSA, ECDHE_RSA and ECDH_RSA open sourced. NIST prime curves (SECP192R1, 224, 256, 384, 521) and Brainpool curves (224, 256, 384, 512) are supported.
- DH Cipher Suites - DH, DHE and DH_anon open sourced.
- AES-GCM Cipher Suites - Full suite of GCM ciphers open sourced, optimized for Intel AES-NI extensions.
- Preshared Key Cipher Suites - Full suite of PSK ciphers open sourced.
- IDEA and Seed Ciphers - Open sourced.
- SHA-2 Hashes - SHA-256, SHA384, SHA512 and HMAC counterparts open sourced.
- Server Name Indication - SNI extension now supported.
- Stateless Session Tickets - Session Tickets now supported for cacheless session resumption.
- Session Cache Improvement - Very large session caches are now managed more efficiently and can effectively scale to memory constraints.
- Truncated HMAC - Truncated HMAC extension open sourced.
- ZLIB Support - Minimal SSL compression support, disabled by default for security reasons.
- Several - Please see the release notes included in the package for details.