Product Description

CycloneSSL is a lightweight SSL/TLS implementation targeted for use by embedded application developers. It provides the ability to secure communications over the Internet (e.g. electronic mail, web server, file transfer, VoIP). CycloneSSL implements all the necessary cryptographic features to make your application safe and secure. The stack is distributed as a full ANSI C and highly maintainable source code.


TLS stack model
  • Server and/or client operation
  • Supports SSL 3.0 as well as TLS 1.0, TLS 1.1 and TLS 1.2 protocols
  • Robust and efficient implementation
  • Supports ECC (Elliptic Curve Cryptography)
  • Rich set of TLS cipher suites (including Suite B profile)
  • RSA, Diffie-Hellman and ECDH key exchange algorithms
  • Supports stream ciphers, CBC block ciphers as well as AEAD ciphers (CCM and GCM)
  • Cryptographic library for common encryption algorithms (RC4, IDEA, DES, 3DES, AES, Camellia, SEED and ARIA)
  • Supports MD5, SHA-1, SHA-256 and SHA-384 hash algorithms
  • SSL/TLS session resumption
  • PKIX path validation
  • Compliant with BSD socket API
  • Supports hardware accelerated encryption engines (when available)
  • Flexible memory footprint. Built-time configuration to embed only the necessary features
  • Consistent application programming interface (API)
  • Portable architecture (no processor dependencies)

Supported Devices

CycloneSSL supports the following 32-bit architectures:

  • ARM7
  • ARM9
  • Cortex-M3
  • Cortex-M4
  • Cortex-A8
  • Cortex-A9
  • AVR32
  • PIC32
  • RX600

Supported Cipher Suites


RSA based cipher suites

    • TLS_RSA_WITH_RC4_128_MD5
    • TLS_RSA_WITH_RC4_128_SHA
    • TLS_RSA_WITH_IDEA_CBC_SHA
    • TLS_RSA_WITH_DES_CBC_SHA
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_256_CBC_SHA256
    • TLS_RSA_WITH_AES_128_CCM
    • TLS_RSA_WITH_AES_256_CCM
    • TLS_RSA_WITH_AES_128_CCM_8
    • TLS_RSA_WITH_AES_256_CCM_8
    • TLS_RSA_WITH_AES_128_GCM_SHA256
    • TLS_RSA_WITH_AES_256_GCM_SHA384
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_RSA_WITH_SEED_CBC_SHA
    • TLS_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_RSA_WITH_ARIA_256_GCM_SHA384

DHE-RSA based cipher suites

    • TLS_DHE_RSA_WITH_DES_CBC_SHA
    • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_128_CCM
    • TLS_DHE_RSA_WITH_AES_256_CCM
    • TLS_DHE_RSA_WITH_AES_128_CCM_8
    • TLS_DHE_RSA_WITH_AES_256_CCM_8
    • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
    • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_SEED_CBC_SHA
    • TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384

DHE-DSS based cipher suites

    • TLS_DHE_DSS_WITH_DES_CBC_SHA
    • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
    • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
    • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DHE_DSS_WITH_SEED_CBC_SHA
    • TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384
    • TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384

DH-anon based cipher suites

    • TLS_DH_anon_WITH_RC4_128_MD5
    • TLS_DH_anon_WITH_DES_CBC_SHA
    • TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
    • TLS_DH_anon_WITH_AES_128_CBC_SHA
    • TLS_DH_anon_WITH_AES_256_CBC_SHA
    • TLS_DH_anon_WITH_AES_128_CBC_SHA256
    • TLS_DH_anon_WITH_AES_256_CBC_SHA256
    • TLS_DH_anon_WITH_AES_128_GCM_SHA256
    • TLS_DH_anon_WITH_AES_256_GCM_SHA384
    • TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
    • TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
    • TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DH_anon_WITH_SEED_CBC_SHA
    • TLS_DH_anon_WITH_ARIA_128_CBC_SHA256
    • TLS_DH_anon_WITH_ARIA_256_CBC_SHA384
    • TLS_DH_anon_WITH_ARIA_128_GCM_SHA256
    • TLS_DH_anon_WITH_ARIA_256_GCM_SHA384

ECDHE-RSA based cipher suites

    • TLS_ECDHE_RSA_WITH_RC4_128_SHA
    • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384

ECDHE-ECDSA based cipher suites

    • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384

ECDH-anon based cipher suites

    • TLS_ECDH_ANON_WITH_RC4_128_SHA
    • TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA
    • TLS_ECDH_ANON_WITH_AES_128_CBC_SHA
    • TLS_ECDH_ANON_WITH_AES_256_CBC_SHA


Supported Elliptic Curves

CycloneSSL supports the following elliptic curves:

  • secp160k1
  • secp160r1
  • secp160r2
  • secp192k1
  • secp192r1 (NIST P-192)
  • secp224k1
  • secp224r1 (NIST P-224)
  • secp256k1
  • secp256r1 (NIST P-256)
  • secp384r1 (NIST P-384)
  • secp521r1 (NIST P-521)
  • brainpoolP256r1
  • brainpoolP384r1
  • brainpoolP512r1

Documentation


CycloneSSL Brochure

Source Code

CycloneSSL Open is released under the GPLv2 license and is available for download. If you want to browse the source tree instead of downloading, the complete source code and documentation are also available online.


Download Source Code
Browse Source Code and Documentation

Licensing

CycloneSSL is available either as open source (GPLv2) or under a commercial license:


CycloneSSL OpenCycloneSSL Pro
Client and server mode operationYY
SSL 3.0 supportYY
TLS 1.0, TLS 1.1 and TLS 1.2 supportYY
Elliptic Curve Cryptography (ECC)YY
Suite B profileYY
RSA key agreementYY
Diffie-Hellman (DH) key agreementYY
Elliptic Curve Diffie-Hellman (ECDH) key agreementYY
Stream ciphers (RC4)YY
Block ciphers (IDEA, DES, 3DES, AES, Camellia, SEED and ARIA)YY
AEAD ciphers (CCM and GCM)YY
SSL/TLS session resumptionYY
Commercial licenseNY
Support and maintenanceNY