Security
FIPS TLS Toolkit
The Rambus FIPS TLS Toolkit (formerly known as MatrixSSL from Inside Secure) is a TLS protocol implementation in C language with minimalistic system dependencies, making it easily portable on any platform. Rambus’ FIPS TLS Toolkit powers millions of products ranging from embedded devices with lightweight capabilities to high-end network equipment.
ContactHow the FIPS TLS Toolkit works
The FIPS TLS Toolkit provides secure connectivity to devices with a small memory footprint. It has evolved to also serve networking devices requiring the highest levels of performance. FIPS TLS Toolkit is a lean and efficient C source code SDK that is easy to integrate, and is the SDK to replace RSA BSAFE or OpenSSL.
With clear and well documented source code, integration is faster and smoother than alternatives. Further simplifying and accelerating integration, Rambus offers developer-level support.
FIPS TLS Toolkit is also offered with a state-of-the-art FIPS 140-2 or FIPS 140-3 validated crypto modules, as part of the Rambus FIPS Crypto Library.
Solution Offerings
Features
- Supports the latest TLS specifications: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 DTLS 1.0, DTLS 1.2
- Supports server and client roles
- FIPS Crypto libraries included supporting all major algorithms
- Pluggable crypto provider interface
- Pluggable operating system and malloc interface
- Standards compliant proven interoperability
- Portable on any platform, minimum use of system calls
- Better alternative to OpenSSL and RSA BSAFE
- Available with an OpenSSL compatibility layer
- Small footprint and optimized performance for IoT devices
- Delivered in clear, readable, cross-platform, well documented and commented C source code
- Developer level support available
Implementation
- Assembly language optimizations for Intel, ARM and MIPS platforms
- Deployed on Bare Metal, FreeRTOS, eCos, VxWorks, uClinux, eCos, FreeRTOS, ThreadX, PocketPC, Palm, pSOS, SMX, BREW, MacOS X and Linux.
- Used on hardware platforms including ARM, MIPS32, PowerPC, H-8, SH3, i386 and x86-64. TILE-Gx, CAVIUM Octeon
- Support for asynchronous crypto hardware
- Fully cross platform, portable codebase; minimum use of system calls
- Pluggable cipher suite interface
- Pluggable crypto provider interface
- Pluggable operating system and malloc interface
- TCP/IP optional
- Multi-threading optional
- Only a handful of external APIs, all non-blocking
- Example client and server code included
- Clean, heavily-commented portable C code
RFC Compliance
- RFC 2246 The Transport Layer Security (TLS) Protocol Version 1.0: Supported
- RFC 3274 Compressed Data Content Type for Cryptographic Message Syntax (CMS): Supported with commercial license
- RFC 4279 Pre-Shared Key Ciphersuites for Transport Layer Security (TLS): Supported
- RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1: Supported
- RFC 4347 Datagram Transport Layer Security (DTLS) Version 1.0: Supported
- RFC 4492 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS): Supported
- RFC 5077 Transport Layer Security (TLS) Session Resumption without Server-Side State: Supported (Session Tickets).
- RFC 5083 Cryptographic Message Syntax (CMS) – Authenticated-Enveloped-Data Content Type: Supported with commercial license
- RFC 5246 The Transport Layer Security (TLS) Protocol Version 1.2: Supported
- RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS: Supported
- RFC 5289 TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM): Supported
- RFC 5430 Suite B Profile for Transport Layer Security (TLS): Supported via compile time configuration.
- RFC 5487 Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode: Supported
- RFC 5652 Cryptographic Message Syntax (CMS)
- Signed-Data Content Type: Supported with commercial license.
- RFC 5746Transport Layer Security (TLS) Renegotiation Indication Extension: Supported
- Extension required by compile time default.
- RFC 6066 Transport Layer Security (TLS) Extensions: Extension Definitions
- server_name Server Name Indication: Supported
- max_fragment_length: Supported
- client_certificate_url: Unsupported
- trusted_ca_keys: Supported
- truncated_hmac: Supported
- status_request OCSP Client: Supported
- RFC 6176 Prohibiting Secure Sockets Layer (SSL) Version 2.0: Supported
- RFC 6347 Datagram Transport Layer Security Version 1.2: Supported
- RFC 7027 Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS): Supported Curves
- RFC 7301Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension: Supported
- RFC 7457 Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS): Supported
- RFC 7465 Prohibiting RC4 Cipher Suites: Supported
- RFC 7525 Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS): Supported
- RFC 7568 Deprecating Secure Sockets Layer Version 3.0: Supported
- RFC 7627 Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension: Supported
- RFC 7925 TLS/DTLS Profiles for the Internet of Things: Supported via compile time configuration.
- RFC 7905 ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS): Supported
