MatrixSSL 3.7.2

MatrixSSL 3.7.2

Apr 14, 2015

Many changes and improvements are included in this release that are not detailed below. Please see the Release Notes included in the package for a full list of changes.

Configuration Changes

  • Default Ciphers - Four default ciphers are now enabled: TLS_RSA_WITH_AES_[128,256]_CBC_[SHA,SHA256]
  • Disabled Ciphers - 3DES ciphers join RC4 in the disabled by default ciphers list. PKCS5 and PKCS8 password protected private key parsing are not enabled by default.
  • Compile Options - For Linux, OS X and Windows platforms, -O3 is now the default optimization level. Assembly language optimizations are always enabled on all supported platforms. Algorithm optimizations trading size for speed now default to speed, unless compiling without optimizations (-O0) or optimizing for size (-Os).
  • Static Libraries - Static libraries have been renamed. Please see detailed release notes for more info.

Security Improvements

  • Stack Zeroing - BURN_STACK is enabled by default to clear sensitive data from the stack. In addition, memset_s() is now used to ensure that the compiler does not optimize away the memset of local stack variables. This change and other compiler warnings were suggested by Pavel Pimenov using PVS-Studio and Cppcheck. The issues are listed in this blog post and all have been fixed: http://www.viva64.com/en/b/0304/
  • X.509 Certificates - Improved certificate date validation, as well as distinguished name and key usage fields for older certificates.
  • ECC Key Generation - Now ensuring random number is less than the order value when performing ECDH key generation.


Subscribe

Subscribe via RSS.

Tags

News (22) Releases (50)

Recent Posts

About

MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.

Links

Company

Copyright (c) INSIDE Secure Corp., 2002-2017. All Rights Reserved.