SSLimSecure SSL and TLS (617)
SSLimSecure is a robust, standards based, small-footprint Secure Sockets Layer (SSL) and Transport Layer Security (TLS) implementation designed specifically for embedded and real-time operating systems such as VxWorks, pSOS, QNX, and embedded variants of Linux. It includes built-in support for popular cryptography algorithms, APIs for hardware acceleration, easy integration with existing web-based device management systems, and enhanced memory management. It is a member of the SSecure family of network security products offered by TeamF1.
- Provides client and server support for protocols SSLv2, SSLv3, TLSv1
- Full featured cryptography including various flavors of AES, DES/3-DES, RC2, RC4, Blowfish, CAST with FIPS certified algorithms available
- Includes Message Digests and public key cryptography support
- Provides APIs for hardware acceleration support
- Enables native https support for WindWeb, WIND Manage and other web servers
- Includes digital envelope routines, base64 encoding, and a framework for elliptic curves
- Vulnerability countermeasures against timing based attacks
- Support for CPU types of either endian-ness including PowerPC, MIPS, X86, ARM/XScale
- Royalty-free full source distribution of VxWorks, Linux, pSOS and other OSes!
- Available in full-source format
- Configurable choice of ciphers and authentication methods
- Overridable PRNG functionality
- Configuration loader
- Customizable hardware assist functionality
- Unwanted components can be scaled out for lean footprints
- SSHield SSH: Secure Shell & SFTP/SCP
- V-IPSecure IPSec & IKE: Network Layer Security
- FireFly: IP Packet-Filtering Firewall
- AuthAgent X.509: Digital Certificates (without SSL)
SSLimSecure is a robust, standards based, small-footprint Secure Sockets Layer (SSL) and Transport Layer Security (TLS) implementation for networked embedded devices. SSLimSecure integrates the core functionality needed to implement secure client/server components. Its unique, advanced features include built-in support for popular cryptography algorithms, APIs for hardware acceleration, easy integration with existing web-based device management systems, and enhanced memory management. Given its ability to scale out optional features, SSLimSecure is ideally suited for use in low-resource embedded environments.
SSLimSecure includes a crypto library containing implementations of most popular encryption and hashing algorithms. It also includes support for hardware accelerators and a framework for elliptic curves. The crypto functionality is completely modular, allowing for scaling out of unused ciphers for deeply scaled down memory footprints when SSLimSecure is used, and can also be used by other applications and protocols such as other members of the TeamF1 SSecure family of products. Specifically the following cryptographic modules are included:
- AES (Advanced Encryption Standard or Rijndael)
- Fast crypt
- RC2 which includes 4 modes - ecb, cbc, cfb, and ofb
- Blowfish which includes 4 modes - ecb, cbc, cfb, and ofb
- Eric A. Young implementation of DES/3-DES which includes 15 flavors
- 1, 2, and 3 key (3-DES) versions of ecb, cbc, cfb, ofb
- generic cfb and ofb
- DESx in cbc mode
- MD5, RIPE-MD, MD-4, and MD2
- SHA (SHA-0) and SHA-1
Public Key Cryptography is supported for RSA, DSA (FIPS 186-2 certified), and Diffie-Hellman with no limit on the number of bits. X.509 certificates are supported with encoding into and decoding from binary ASN1, and a PEM based ASCII-binary encoding which supports encryption with a private key. Enhanced CRL (Certificate Revocation List) support is also included.
Because SSL is built into all major browsers, securing an embedded web server and having it respond to https requests is a convenient way of accessing secure data from an embedded system. SSLimSecure enables any web server running on VxWorks including the WindWeb server and WIND® Manage for Web http server, and several other third-party web servers, to respond to https requests. SSLimSecure similarly enables web servers on other supported embedded operating systems. Further, the client component of SSLimSecure can be used for secure downloads from any SSL-enabled web servers on the network. SSLimSecure also comes packaged with several web-based and non-web-based reference applications, including proxy-https, which can be used as templates to secure any network application.
If you are interested in more information on how Wind River partners with this company, click here.