LinuxDevices.com Archive Index (1999-2012) | 2013-current at LinuxGizmos.com | About  

LGPL’d embedded crypto library supports TLS

Jun 29, 2006 — by LinuxDevices Staff — from the LinuxDevices Archive

A free software project to create an embedded cryptography library with Transport Layer Security (TLSv1) support has achieved its first stable release. The axTLS 1.0 library is highly configurable, and comes with a graphical build tool and https daemon.

The configurable axTLS 1.0 library has been integrated with mconf, the same graphical, ncurses-based configuration utility used by busybox and the Linux kernel projects.


axTLS's mconf-based configuration menu
(Click to enlarge)

Basic build options and resulting footprints include:

  • Server mode — 45KB
  • Server mode with client verification — 49KB
  • Client/server — 51KB
  • Client/server with diagnostics — 58KB
  • Skeleton mode — 37KB

Supported cryptographic algorithms and touted features include:

  • Uses TLSv1, described as “an improvement on SSLv3”
  • Session resumption with configurable key expiration improves performance in low-powered embedded systems
  • Supported symmetric ciphers include AES128-SHA and AES256-SHA, as well as RC4-SHA and RC4-MD5 for the sake of older Windows clients and heavily constrained embedded applications
  • Portable ANSI C, tested on Linux, Win32/Cygwin, and Solaris
  • Variable RSA key sizes, 512-4096 tested
  • APIs for C, C#, Java, and “Big Integer” (Perl, VB.Net, etc.)
  • C API is “very simple” with 20 functions and no structures
  • Peer client/server verification
  • Certificate chaining enables volume deployments
  • X509v1, PKCS#8, PKCS#12 keys/certificates in DER/PEM format
  • Licensed under the LGPL
  • Comes with Anti-Web, a CGI-capable embedded webserver
  • Has also been implemented on mini_httpd and on Busybox's little built-in webserver

Features not supported include:

  • SSLv2 or SSLv3 (but supports v23 client hello)
  • Anonymous or Ephemeral DH
  • DSA or ECC
  • DES/3DES ciphers
  • Key/certificate generation

Availability

The axTLS v1 release is available for download now, from the project homepage. A Win32 demo download is also available. Security geeks may also enjoy the project founder's technical blog.


 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.