Product Description

CycloneSSL is a lightweight SSL/TLS implementation targeted for use by embedded application developers. It provides the ability to secure communications over the Internet (e.g. electronic mail, web server, file transfer, VoIP). CycloneSSL implements all the necessary cryptographic features to make your application safe and secure. The stack is distributed as a full ANSI C and highly maintainable source code.


TLS stack model
  • Server and/or client operation
  • Supports SSL 3.0 as well as TLS 1.0, TLS 1.1 and TLS 1.2 protocols
  • Robust and efficient implementation
  • Supports ECC (Elliptic Curve Cryptography)
  • Rich set of TLS cipher suites (including Suite B profile)
  • RSA, Diffie-Hellman and ECDH key exchange algorithms
  • DSA and ECDSA signature schemes
  • Supports stream ciphers, CBC block ciphers as well as AEAD ciphers (CCM and GCM)
  • Cryptographic library for common encryption algorithms (RC4, IDEA, DES, 3DES, AES, Camellia, SEED and ARIA)
  • Supports MD5, SHA-1, SHA-256 and SHA-384 hash algorithms
  • SSL/TLS session resumption
  • PKIX path validation
  • Compliant with BSD socket API
  • Supports hardware accelerated encryption engines (when available)
  • Flexible memory footprint. Built-time configuration to embed only the necessary features
  • Consistent application programming interface (API)
  • Portable architecture (no processor dependencies)

Supported Devices

CycloneSSL supports the following 32-bit architectures:

  • ARM7
  • ARM9
  • Cortex-M3
  • Cortex-M4
  • Cortex-A5
  • Cortex-A8
  • Cortex-A9
  • AVR32
  • PIC32
  • RX600

Supported Cipher Suites


RSA based cipher suites

    • TLS_RSA_WITH_RC4_128_MD5
    • TLS_RSA_WITH_RC4_128_SHA
    • TLS_RSA_WITH_IDEA_CBC_SHA
    • TLS_RSA_WITH_DES_CBC_SHA
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_256_CBC_SHA256
    • TLS_RSA_WITH_AES_128_CCM
    • TLS_RSA_WITH_AES_256_CCM
    • TLS_RSA_WITH_AES_128_CCM_8
    • TLS_RSA_WITH_AES_256_CCM_8
    • TLS_RSA_WITH_AES_128_GCM_SHA256
    • TLS_RSA_WITH_AES_256_GCM_SHA384
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_RSA_WITH_SEED_CBC_SHA
    • TLS_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_RSA_WITH_ARIA_256_GCM_SHA384

DHE-RSA based cipher suites

    • TLS_DHE_RSA_WITH_DES_CBC_SHA
    • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_128_CCM
    • TLS_DHE_RSA_WITH_AES_256_CCM
    • TLS_DHE_RSA_WITH_AES_128_CCM_8
    • TLS_DHE_RSA_WITH_AES_256_CCM_8
    • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
    • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_SEED_CBC_SHA
    • TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384

DHE-DSS based cipher suites

    • TLS_DHE_DSS_WITH_DES_CBC_SHA
    • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
    • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
    • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DHE_DSS_WITH_SEED_CBC_SHA
    • TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384
    • TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384

DH-anon based cipher suites

    • TLS_DH_anon_WITH_RC4_128_MD5
    • TLS_DH_anon_WITH_DES_CBC_SHA
    • TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
    • TLS_DH_anon_WITH_AES_128_CBC_SHA
    • TLS_DH_anon_WITH_AES_256_CBC_SHA
    • TLS_DH_anon_WITH_AES_128_CBC_SHA256
    • TLS_DH_anon_WITH_AES_256_CBC_SHA256
    • TLS_DH_anon_WITH_AES_128_GCM_SHA256
    • TLS_DH_anon_WITH_AES_256_GCM_SHA384
    • TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
    • TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
    • TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DH_anon_WITH_SEED_CBC_SHA
    • TLS_DH_anon_WITH_ARIA_128_CBC_SHA256
    • TLS_DH_anon_WITH_ARIA_256_CBC_SHA384
    • TLS_DH_anon_WITH_ARIA_128_GCM_SHA256
    • TLS_DH_anon_WITH_ARIA_256_GCM_SHA384

ECDHE-RSA based cipher suites

    • TLS_ECDHE_RSA_WITH_RC4_128_SHA
    • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384

ECDHE-ECDSA based cipher suites

    • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384

ECDH-anon based cipher suites

    • TLS_ECDH_ANON_WITH_RC4_128_SHA
    • TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA
    • TLS_ECDH_ANON_WITH_AES_128_CBC_SHA
    • TLS_ECDH_ANON_WITH_AES_256_CBC_SHA


Supported Elliptic Curves

CycloneSSL supports the following elliptic curves:

  • secp160k1
  • secp160r1
  • secp160r2
  • secp192k1
  • secp192r1 (NIST P-192)
  • secp224k1
  • secp224r1 (NIST P-224)
  • secp256k1
  • secp256r1 (NIST P-256)
  • secp384r1 (NIST P-384)
  • secp521r1 (NIST P-521)
  • brainpoolP256r1
  • brainpoolP384r1
  • brainpoolP512r1

Documentation


CycloneSSL Brochure

Source Code

CycloneSSL Open is released under the GPLv2 license and is available for download. If you want to browse the source tree instead of downloading, the complete source code and documentation are also available online.


Download Source Code
Browse Source Code and Documentation

Feature Comparison

The SSL stack is available either as open source (CycloneSSL Open) or under a commercial license (CycloneSSL Lite, Pro or Ultimate) for proprietary developments in a commercial context:

  • The open source version CycloneSSL Open is available for free. Developers must freely distribute the complete source code of their application, making it available for end users.
  • The commercial version CycloneSSL Lite is a basic SSL library.
  • The commercial version CycloneSSL Pro is a full-featured SSL library (excluding Elliptic Curve Cryptography).
  • The commercial version CycloneSSL Ultimate is a full-featured SSL library (including Elliptic Curve Cryptography).
CycloneSSL
Open
CycloneSSL
Lite
CycloneSSL
Pro
CycloneSSL
Ultimate
LicenseOpen sourceCommercialCommercialCommercial
Source codeYYYY
Royalty freeYYYY
Doxygen documentationYYYY
PDF user's manualNYYY
Support and maintenanceoptionalYYY

CycloneSSL
Open
CycloneSSL
Lite
CycloneSSL
Pro
CycloneSSL
Ultimate
Client and server mode operationYYYY
SSL 3.0 supportYYYY
TLS 1.0, TLS 1.1 and TLS 1.2 supportYYYY
SSL/TLS session resumptionYYYY
RSA key agreementYYYY
MD5 hash algorithmYYYY
SHA-1 hash algorithmYYYY
SHA-256 hash algorithmYYYY
RC4 stream cipherYYYY
3DES block cipherYYYY
AES block cipherYYYY
Diffie-Hellman (DH) key agreementYYYY
DSA signature schemeYNYY
IDEA block cipherYNYY
Camellia block cipherYNYY
SEED block cipherYNYY
ARIA block cipherYNYY
AEAD ciphers (CCM and GCM)YNYY
Elliptic Curve Cryptography (ECC)YNNY
Suite B profileYNNY
ECDH key agreementYNNY
ECDSA signature schemeYNNY