April 11, 2014

MatrixSSL 3.6.1

Releases

Security Fixes

Note: - All versions of MatrixSSL are unaffected by the recent OpenSSL "Heartbleed" bug. That bug is due to an OpenSSL implementation error, not an attack against the SSL/TLS protocol.


April 9, 2014

MatrixSSL 3.6.0

Releases

This release aligns the commercial and GPL version numbers of MatrixSSL and moves most of the previously commercial only features into the GPL version.

Security Features


New Features


API Changes


February 28, 2013

MatrixSSL 3.4.2

Releases

Bug Fixes and Improvements


February 6, 2013

MatrixSSL 3.4.1

Releases

Security Features


January 28, 2013

MatrixSSL 3.4.0

Releases

Security Features

New Features

Public API Changes

Bug Fixes and Improvements


July 16, 2012

MatrixSSL 3.3.1

Releases

Security Features

New Features

Public API Changes

Bug Fixes


February 22, 2012

MatrixSSL 3.3

Releases

Security Feature

Feature Updates

Public API Changes

Bug Fixes


December 06, 2011

PeerSec Acquired

Announcements

AuthenTec Acquires PeerSec Networks to Strengthen Leadership in Embedded Security

Combination of AuthenTec QuickSec™ and PeerSec Matrix™ Product Lines Creates Comprehensive Embedded Secure Networking Portfolio

Read more...

October 07, 2011

MatrixSSL 3.2.2

Releases

Security Feature

Feature Updates

Public API Changes

Bug Fixes


BEAST Attack on SSL

Security Advisories

In Sept. 2011 security researchers demonstrated how a previously known CBC encryption weakness could be used to decrypt HTTP data over SSL. The attack was named BEAST (Browser Exploit Against SSL/TLS). As with previous man-in-the-middle SSL vulnerabilities, the attack is generally considered a very low risk for individual browsers as it requires the attacker to have control over the network. Additionally, in this specific exploit they will also have to have a mechanism to elicit known HTTPS responses from the client. Most MatrixSSL users do not fall into the category of vulnerable uses.

Solutions

  1. MatrixSSL 3.2.2 - Released on October 7th, version 3.2.2 includes a fix to thwart this attack for client implementations. The solution has been implemented internally to the library and uses an IV obfuscation technique by breaking up each application data record in two. The first being just a single byte of the plaintext message, the second containing the remainder. This is the same approach the Chrome team at Google introduced in their solution to the issue. This fix is enabled by default for clients that are using SSLv3 or TLS1.0 coupled with a CBC block cipher.
  2. MatrixSSL 3.2.* - This exploit can also be thwarted simply by using TLS protocol version 1.1 or by using a cipher suite that implements a stream cipher such as SSL_RSA_WITH_RC4_128_SHA. TLS 1.1 is enabled by default in MatrixSSL 3.2 and above and will be negotiated to if the peer also supports that version.
  3. All MatrixSSL Versions - A zero length record proceeding a data record has been a known fix to this problem for years and MatrixSSL has always supported the encoding and processing of empty records. Current MatrixSSL users can manually add this fix to existing versions by simply calling matrixSslEncodeWritebuf with a 0 length prior to encoding the actual application data. It should be noted that some SSL implementations do not handle 0 length records and this is the primary reason this solution did not become widespread.

June 07, 2011

MatrixSSL 3.2

Releases

Feature Updates

Public API Changes

Bug Fixes None reported.

January 11, 2011

MatrixSSL 3.1.4

Releases

Feature Updates

Public API Changes

Bug Fixes None reported.

September 02, 2010

MatrixSSL 3.1.3

Releases

Feature Updates

Public API Changes

Bug Fixes


May 28, 2010

MatrixSSL 3.1.2

Releases

Feature Updates

Public API Changes

Bug Fixes


April 15, 2010

MatrixSSL 3.1.1

Releases

Feature Updates

Public API Changes

Bug Fixes


March 08, 2010

MatrixSSL 3.1

Releases

Major Revision and Feature Updates


November 10, 2009

MatrixSSL 1.8.8

Releases

Protocol Security Updates



Archives | July 2012 | February 2012 | December 2011 | October 2011 | June 2011 | January 2011 | September 2010 | May 2010 | April 2010 | March 2010 | November 2009 | June 2009 | September 2008 | March 2008 | February 2007 | October 2006 | July 2006 | April 2006 | November 2005 | September 2005 | August 2005 | April 2005 | February 2005 | September 2004 | August 2004 | July 2004 | June 2004 | May 2004 | April 2004 | March 2004 | February 2004 | January 2004 |