Find out more...
To find out more, including all licencing options and full product details, contact Trevor Martin on 024 7669 2066.
Arm Mbed TLS makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal code footprint. It offers an SSL/TLS library with an intuitive API and readable source code, and includes an elaborate test suite. You can build it out of the box on most systems, or manually select and configure features.
The Mbed TLS library provides a set of cryptographic components that you can use and compile separately, and include or exclude using a single configuration header file. Mbed TLS also provides a central SSL/TLS module that builds on the cryptographic components, the abstraction layers and the support components to provide a complete protocol implementation for SSL and TLS.
From a functional perspective, the library is split into three major parts:
Mbed TLS offers client-side and server-side support for all current SSL and TLS standards: SSL version 3 and TLS versions 1.0, 1.1 and 1.2. This of course includes support for most of the standardised protocol extensions, such as Server Name Indication (SNI), Session Tickets and Secure Renegotiation.
The Mbed TLS implementation supports the predominant key exchange methods and over 100 of the different standardised ciphersuites.
The cryptographic part of Mbed TLS has abstraction layers for Public Key cryptography, Hashing (Message Digests) and Symmetric Ciphers. It also contains standards-based random number generators and an entropy pool.
All cryptographic algorithms are implemented as loosely-coupled modules. You can just take the appropriate header files and source code files and drop them in your project as needed.
SSL/TLS authentication, and a few other protocols, need support for X.509 certificate handling. The X.509 certificate can convey an identity to other parties, but has to be checked for validity by the other party before use.
Mbed TLS includes support for:
Additionally, it is possible to perform certain Certificate Authority actions to create certificates from scratch, like: