MatrixSSL 3.9.1

MatrixSSL 3.9.1

Mar 21, 2017

MatrixSSL 3.9.1 was driven by the need to update the development certificates that were expiring. There are no strong reasons to upgrade if you already use 3.9.0.

Download matrixssl-3-9-1-open.tar.gz

Changes between 3.9.0 and 3.9.1

  • Disabled support for SHA-1 signed certificates by default. SHA-1 can
    no longer be considered secure for this purpose (see We decided to disable
    SHA-1 signed certificates by default to ensure that MatrixSSL
    customers consider the security implications before enabling them.
    Support for SHA-1 signed certificates can be restored by defining
    ENABLE_SHA1_SIGNED_CERTS in cryptoConfig.h.

  • Regenerated all test certificates. Many of the old ones had exceeded
    their validity period. The new test certificates have some minor
    changes, such as the addition of some missing basicConstraints and
    authorityKeyIdentifier extensions. Note that the test certificates
    should never be used in production, but only for initial testing
    during development.

  • Fixed bug that caused a segfault when
    ALLOW_VERSION_1_ROOT_CERT_PARSE was enabled and the peer sent a
    version 1 certificate. Correct behaviour is to just produce an
    internal certificate validation failure in this case, as the above
    define only allows parsing of locally stored trusted root
    certificates. This bug is minor as ALLOW_VERSION_1_ROOT_CERT_PARSE
    is disabled by default, and rarely used by MatrixSSL customers.

  • Introduced new function setSocketTlsCertAuthCb for setting certificate
    authentication callback when using MatrixSSL via psSocket_t interface.
    Previously constant function name ssl_cert_auth was used for authentication

Full list of changes:


Subscribe via RSS.


News (22) Releases (50)

Recent Posts


MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.



Copyright (c) INSIDE Secure Corp., 2002-2017. All Rights Reserved.