Specifications    

Home
Specifications
F.A.Q.
axTLS API
Contact Us

Symmetric Ciphers

bulletAES128-SHA
bulletAES256-SHA
bulletRC4-SHA
bulletRC4-MD5

Asymmetric Ciphers

bulletRSA 512/1024/2048/4096 bit encryption/decryption.
bulletRSA signing/verification

Digests

bulletSHA1
bulletMD5
bulletMD2
bulletHMAC-SHA1
bulletHMAC-MD5

RNG

bullet/dev/urandom on Linux.
bulletMicrosoft's crypto interfaces on Win32.
bulletAlternatively a custom implementation seeded by the private key and other variables.

SSL Protocol Features

bulletTLSv1.0 (also supports the v23 client hello).
bulletSession resumption on both client and server (number of sessions is run- time configurable).
bulletSession renegotiation (instantiated via an API call on either the client or the server).
bulletIntegrity checking on packet sizes, handshake types.
bulletTwo threading models: a SSL_CTX instance can support many SSL connections in a single thread - and multiple threads can have one SSL_CTX context each (the default); and a SSL_CTX  instance can have an individual thread for each SSL connection (via a configuration change allowing mutexing).
bulletPartial openssl API compatibility via a wrapper (compile-time configurable).

Certificate/Key Support

bulletX.509 certificate support. No v3 extensions are supported.
bulletSelf-signed v1 certificates can be generated given a private key.
bulletPEM private keys can be decrypted with AES128 or AES256 ciphers.
bulletServer peer verification (can choose between automatic verification, or verification after the handshake).
bulletClient peer verification on the server (handshake is terminated immediately on failure).
bulletCertificate chaining - the number of certificates is compile- time configurable individually on both client/server.
bulletCA certificate store size is compile-time configurable.
bulletPKCS#8, PKCS#12 key/certificates supported (PBE-SHA1-RC4-128 encryption only, with a single key).

Supported Platforms

bulletLinux (32/64 bit)
bulletWin32 (VC6.0/VC7.0/VC8.0)
bulletSolaris
bulletCygwin

Supported Language Bindings (with sample code for each)

bulletC
bulletC#
bulletVB.NET
bulletJava
bulletPerl
bulletLua

Web Server Specifications

bulletSmall footprint.
bulletCGI 1.1 capable (optional protection using chroot() and a uid/gid change).
bulletBasic authentication (via a .htpasswd file).
bulletCan allow/deny SSL access on particular directories (via a .htaccess file).
bulletDirectories/files can be denied access (via a .htaccess file).
bulletLua and Lua Pages are now supported.

Speed/Performance

Here is a graph generated by JMeter showing some various modes with 16 threads looping 10 times on the HTTP test page (using a 1024bit RSA public key and compiled with VC7.0 on a Win32 platform):

The first figure is normal HTTP, followed by three cipher modes, and then skeleton mode. Note that these performance times are very subjective, and are just shown as a simple guide. Each environment will give different results - e.g. the following is the same test performed on AMD64 Linux (with the same hardware)::

But what it does show that using SSL gives almost an order of magnitude decrease in performance compared to normal HTTP.

For public key encryption times, see the blog.

Home | Specifications | F.A.Q. | axTLS API | Contact Us

Copyright © Cameron Rich 2008 cameronrich@yahoo.com . All rights reserved.
Last modified: 02/19/08.