Product Description

CycloneSSL is a lightweight TLS/DTLS implementation targeted for use by embedded application developers. It provides the ability to secure communications over the Internet (e.g. IoT protocols, electronic mail, web server, file transfer, IoT protocols, VoIP). CycloneSSL implements all the necessary cryptographic features to make your application safe and secure. The stack is distributed as a full ANSI C and highly maintainable source code.


TLS stack model
  • Server and/or client operation
  • Supports TLS 1.0, TLS 1.1, TLS 1.2 and TLS 1.3 protocols
  • Supports DTLS 1.0 and DTLS 1.2 (Datagram Transport Layer Security)
  • Legacy support for SSL 3.0
  • Robust and efficient implementation
  • Supports ECC (Elliptic Curve Cryptography)
  • Rich set of TLS cipher suites (including Suite B profile)
  • RSA, Diffie-Hellman and ECDH key exchange algorithms
  • ECDH key exchange based on Curve25519 (X25519) and Curve448 (X448)
  • FFDHE (Finite Field Diffie-Hellman Ephemeral)
  • Supports PSK (Pre-Shared Key) cipher suites
  • RSA signature schemes (RSASSA PKCS#1 v1.5 and RSASSA-PSS)
  • DSA and ECDSA signature schemes
  • EdDSA signature scheme (Ed25519 and Ed448 elliptic curves)
  • Supports stream ciphers and CBC block ciphers
  • Cipher Block Chaining-MAC (CCM) and Galois Counter Mode (GCM)
  • ChaCha20Poly1305 Authenticated Encryption with Associated Data (AEAD)
  • Supports RC4, IDEA, DES, 3DES, AES, Camellia, SEED and ARIA encryption algorithms
  • Supports MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hash algorithms
  • Session resumption mechanism
  • Supports secure renegotiation
  • Fallback SCSV signaling cipher suite
  • SNI extension (Server Name Indication)
  • Maximum Fragment Length extension (RFC 6066)
  • Record Size Limit extension (RFC 8449)
  • ALPN extension (Application-Layer Protocol Negotiation)
  • Extended Master Secret extension
  • ClientHello Padding extension
  • Session ticket mechanism (TLS 1.3)
  • (EC)DHE key establishment (TLS 1.3)
  • PSK key establishment (TLS 1.3)
  • PSK with (EC)DHE key establishment (TLS 1.3)
  • Middlebox compatibility mode (TLS 1.3)
  • Key update mechanism (TLS 1.3)
  • Early data (TLS 1.3 client)
  • Supports X.509 certificates as well as Raw Public Keys (RPK)
  • PKIX path validation
  • Compliant with BSD socket API
  • Flexible memory footprint. Built-time configuration to embed only the necessary features
  • Consistent application programming interface (API)
  • Portable architecture (no processor dependencies)

Supported Devices

CycloneSSL supports the following 32-bit architectures:

  • ARM7
  • ARM9
  • Cortex-M3
  • Cortex-M4
  • Cortex-M7
  • Cortex-R4
  • Cortex-A5
  • Cortex-A8
  • Cortex-A9
  • RISC-V
  • APS1 / APS3 / APS3R / APS5 / FPS6
  • AVR32
  • Coldfire V2
  • PIC32
  • PowerPC e200
  • RX600
  • Xtensa LX6

Supported Cipher Suites


TLS 1.3 cipher suites

    • TLS_AES_128_GCM_SHA256
    • TLS_AES_256_GCM_SHA384
    • TLS_AES_128_CCM_SHA256
    • TLS_AES_128_CCM_8_SHA256
    • TLS_CHACHA20_POLY1305_SHA256

RSA cipher suites

    • TLS_RSA_WITH_RC4_128_MD5 (†)
    • TLS_RSA_WITH_RC4_128_SHA (†)
    • TLS_RSA_WITH_IDEA_CBC_SHA (†)
    • TLS_RSA_WITH_DES_CBC_SHA (†)
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_RSA_WITH_AES_128_CBC_SHA (w)
    • TLS_RSA_WITH_AES_256_CBC_SHA (w)
    • TLS_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_256_CBC_SHA256
    • TLS_RSA_WITH_AES_128_GCM_SHA256
    • TLS_RSA_WITH_AES_256_GCM_SHA384
    • TLS_RSA_WITH_AES_128_CCM
    • TLS_RSA_WITH_AES_256_CCM
    • TLS_RSA_WITH_AES_128_CCM_8
    • TLS_RSA_WITH_AES_256_CCM_8
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (w)
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (w)
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_RSA_WITH_SEED_CBC_SHA (w)
    • TLS_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_RSA_WITH_ARIA_256_GCM_SHA384
    • TLS_RSA_WITH_NULL_MD5 (†)
    • TLS_RSA_WITH_NULL_SHA (†)
    • TLS_RSA_WITH_NULL_SHA256 (†)

DHE_RSA cipher suites

    • TLS_DHE_RSA_WITH_DES_CBC_SHA (†)
    • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA (w)
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA (w)
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_AES_128_CCM
    • TLS_DHE_RSA_WITH_AES_256_CCM
    • TLS_DHE_RSA_WITH_AES_128_CCM_8
    • TLS_DHE_RSA_WITH_AES_256_CCM_8
    • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (w)
    • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (w)
    • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_SEED_CBC_SHA (w)
    • TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

DHE_DSS cipher suites

    • TLS_DHE_DSS_WITH_DES_CBC_SHA (†)
    • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA (w)
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA (w)
    • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    • TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (w)
    • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (w)
    • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DHE_DSS_WITH_SEED_CBC_SHA (w)
    • TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256
    • TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384
    • TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
    • TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384

ECDHE_RSA cipher suites

    • TLS_ECDHE_RSA_WITH_RC4_128_SHA (†)
    • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (w)
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (w)
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
    • TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_ECDHE_RSA_WITH_NULL_SHA (†)

ECDHE_ECDSA cipher suites

    • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (†)
    • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (w)
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (w)
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_AES_128_CCM
    • TLS_ECDHE_ECDSA_WITH_AES_256_CCM
    • TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
    • TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
    • TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
    • TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
    • TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_ECDHE_ECDSA_WITH_NULL_SHA (†)

PSK cipher suites

    • TLS_PSK_WITH_RC4_128_SHA (†)
    • TLS_PSK_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_PSK_WITH_AES_128_CBC_SHA (w)
    • TLS_PSK_WITH_AES_256_CBC_SHA (w)
    • TLS_PSK_WITH_AES_128_CBC_SHA256
    • TLS_PSK_WITH_AES_256_CBC_SHA384
    • TLS_PSK_WITH_AES_128_GCM_SHA256
    • TLS_PSK_WITH_AES_256_GCM_SHA384
    • TLS_PSK_WITH_AES_128_CCM
    • TLS_PSK_WITH_AES_256_CCM
    • TLS_PSK_WITH_AES_128_CCM_8
    • TLS_PSK_WITH_AES_256_CCM_8
    • TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_PSK_WITH_ARIA_128_CBC_SHA256
    • TLS_PSK_WITH_ARIA_256_CBC_SHA384
    • TLS_PSK_WITH_ARIA_128_GCM_SHA256
    • TLS_PSK_WITH_ARIA_256_GCM_SHA384
    • TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
    • TLS_PSK_WITH_NULL_SHA (†)
    • TLS_PSK_WITH_NULL_SHA256 (†)
    • TLS_PSK_WITH_NULL_SHA384 (†)

RSA_PSK cipher suites

    • TLS_RSA_PSK_WITH_RC4_128_SHA (†)
    • TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_RSA_PSK_WITH_AES_128_CBC_SHA (w)
    • TLS_RSA_PSK_WITH_AES_256_CBC_SHA (w)
    • TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
    • TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
    • TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
    • TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
    • TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
    • TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
    • TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
    • TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
    • TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
    • TLS_RSA_PSK_WITH_NULL_SHA (†)
    • TLS_RSA_PSK_WITH_NULL_SHA256 (†)
    • TLS_RSA_PSK_WITH_NULL_SHA384 (†)

DHE_PSK cipher suites

    • TLS_DHE_PSK_WITH_RC4_128_SHA (†)
    • TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_DHE_PSK_WITH_AES_128_CBC_SHA (w)
    • TLS_DHE_PSK_WITH_AES_256_CBC_SHA (w)
    • TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
    • TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
    • TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
    • TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
    • TLS_DHE_PSK_WITH_AES_128_CCM
    • TLS_DHE_PSK_WITH_AES_256_CCM
    • TLS_DHE_PSK_WITH_AES_128_CCM_8
    • TLS_DHE_PSK_WITH_AES_256_CCM_8
    • TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
    • TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
    • TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
    • TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
    • TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
    • TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
    • TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
    • TLS_DHE_PSK_WITH_NULL_SHA (†)
    • TLS_DHE_PSK_WITH_NULL_SHA256 (†)
    • TLS_DHE_PSK_WITH_NULL_SHA384 (†)

ECDHE_PSK cipher suites

    • TLS_ECDHE_PSK_WITH_RC4_128_SHA (†)
    • TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA (w)
    • TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA (w)
    • TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA (w)
    • TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
    • TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256
    • TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256
    • TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
    • TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
    • TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
    • TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
    • TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
    • TLS_ECDHE_PSK_WITH_NULL_SHA (†)
    • TLS_ECDHE_PSK_WITH_NULL_SHA256 (†)
    • TLS_ECDHE_PSK_WITH_NULL_SHA384 (†)

DH_anon cipher suites

    • TLS_DH_anon_WITH_RC4_128_MD5 (†)
    • TLS_DH_anon_WITH_DES_CBC_SHA (†)
    • TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (†)
    • TLS_DH_anon_WITH_AES_128_CBC_SHA (†)
    • TLS_DH_anon_WITH_AES_256_CBC_SHA (†)
    • TLS_DH_anon_WITH_AES_128_CBC_SHA256 (†)
    • TLS_DH_anon_WITH_AES_256_CBC_SHA256 (†)
    • TLS_DH_anon_WITH_AES_128_GCM_SHA256 (†)
    • TLS_DH_anon_WITH_AES_256_GCM_SHA384 (†)
    • TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (†)
    • TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (†)
    • TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 (†)
    • TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 (†)
    • TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 (†)
    • TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 (†)
    • TLS_DH_anon_WITH_SEED_CBC_SHA (†)
    • TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 (†)
    • TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 (†)
    • TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 (†)
    • TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 (†)

ECDH_anon cipher suites

    • TLS_ECDH_anon_WITH_RC4_128_SHA (†)
    • TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (†)
    • TLS_ECDH_anon_WITH_AES_128_CBC_SHA (†)
    • TLS_ECDH_anon_WITH_AES_256_CBC_SHA (†)
    • TLS_ECDH_anon_WITH_NULL_SHA (†)

(†) denotes insecure cipher suites

(w) denotes weak cipher suites

Supported Elliptic Curves

CycloneSSL supports the following elliptic curves:

  • Curve25519 (X25519)
  • Curve448 (X448)
  • Ed25519
  • Ed448
  • secp160k1
  • secp160r1
  • secp160r2
  • secp192k1
  • secp192r1 (NIST P-192)
  • secp224k1
  • secp224r1 (NIST P-224)
  • secp256k1
  • secp256r1 (NIST P-256)
  • secp384r1 (NIST P-384)
  • secp521r1 (NIST P-521)
  • brainpoolP256r1
  • brainpoolP384r1
  • brainpoolP512r1

Documentation


CycloneSSL Brochure

Licensing

The SSL stack is available either as open source (CycloneSSL Open) or under a commercial license (CycloneSSL Lite, Pro or Ultimate) for proprietary developments in a commercial context.


Product Licensing

Source Code

CycloneSSL Open (GPLv2 license) and CycloneSSL Eval (time-limited evaluation license) are available for download. If you want to browse the source tree instead of downloading, the complete source code and documentation are also available online.


Download Source Code
Browse Source Code and Documentation