MatrixSSL 3.8.4

MatrixSSL 3.8.4

Jul 19, 2016

This version fixes a critical remote exploit and is recommended for all users to improve performance and security.

Download matrixssl-3-8-4-open.tar.gz

Critical parsing bug for RSA encrypted blobs
Security Researcher Hanno Böck reported several issues related to RSA and bignum operations. An error in parsing a maliciously formatted public key block could produce a remotely triggered crash in SSL server parsing. Additional restrictions on the values provided to RSA and DH operations were also added, although an exploit has not been found.
Coverity and Clang static analyzer cleanup
Numerous minor issues were fixed based on static analysis.
HTTP/2 restrictions via ALPN
MatrixSSL server code will automatically evaluate the ALPN extension and appropriately restrict the cipher suites and key exchange methods if the HTTP/2 protocol is being used. Per the HTTP/2 spec, only AEAD cipher suites and Ephemeral key exchange methods are allowed.
Enhanced example apps
Example applications now take additional command line options and also support CRL request and response generation.
Process shared Session Cache
Minimal support for a process-shared server session resumption cache is now supported via process-shared mutexes on Linux.
Enhanced CRL and OCSP support
A new file crypto/keyformat/crl.c defines additional apis for more complex CRL (Certificate Revocation List) and OCSP support.
PDF Documents included in tarball package
Documentation is now included again in the tarball, as well as online.
Additional minor changes
Numerous other improvements and bug fixes are included. Release notes are included in the download package. See changelog.


Subscribe via RSS.


News (22) Releases (50)

Recent Posts


MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.



Copyright (c) INSIDE Secure Corp., 2002-2017. All Rights Reserved.