Specifications    

Home
Specifications
F.A.Q.
axTLS API
Contact Us

Symmetric Ciphers
bullet AES128-SHA
bullet AES256-SHA
bullet RC4-SHA
bullet RC4-MD5

Asymmetric Ciphers
bullet RSA 512/1024/2048/4096 bit encryption/decryption.
bullet RSA signing/verification

Digests
bullet SHA1
bullet MD5
bullet MD2
bullet HMAC-SHA1
bullet HMAC-MD5

RNG
bullet /dev/urandom on Linux.
bullet Microsoft's crypto interfaces on Win32.
bullet Alternatively a custom implementation seeded by the private key and other variables.

SSL Protocol Features
bullet TLSv1.0/1.1(also supports the v23 client hello).
bullet Session resumption on both client and server (number of sessions is run- time configurable).
bullet Session renegotiation (instantiated via an API call on either the client or the server).
bullet Integrity checking on packet sizes, handshake types.
bullet Two threading models: a SSL_CTX instance can support many SSL connections in a single thread - and multiple threads can have one SSL_CTX context each (the default); and a SSL_CTX  instance can have an individual thread for each SSL connection (via a configuration change allowing mutexing).
bullet Partial openssl API compatibility via a wrapper (compile-time configurable).

Certificate/Key Support
bullet X.509 certificate support. No v3 extensions are supported.
bullet Self-signed v1 certificates can be generated given a private key.
bullet PEM private keys can be decrypted with AES128 or AES256 ciphers.
bullet Server peer verification (can choose between automatic verification, or verification after the handshake).
bullet Client peer verification on the server (handshake is terminated immediately on failure).
bullet Certificate chaining - the number of certificates is compile- time configurable individually on both client/server.
bullet CA certificate store size is compile-time configurable.
bullet PKCS#8, PKCS#12 key/certificates supported (PBE-SHA1-RC4-128 encryption only, with a single key).

Supported Platforms
bullet Linux (32/64 bit)
bullet Win32 (VC7.0/VC8.0/VC9.0)
bullet Cygwin

Supported Language Bindings (with sample code for each)
bullet C
bullet C#
bullet VB.NET
bullet Java
bullet Perl
bullet Lua

Web Server Specifications
bullet Small footprint.
bullet CGI 1.1 capable (optional protection using a uid/gid change).
bullet Basic authentication (via a .htpasswd file).
bullet Can allow/deny SSL access on particular directories (via a .htaccess file).
bullet Directories/files can be denied access (via a .htaccess file).
bullet Lua and Lua Pages are now supported.

Speed/Performance

Here is a graph generated by JMeter showing some various modes with 16 threads looping 10 times on the HTTP test page (using a 1024bit RSA public key and compiled with VC7.0 on a Win32 platform):

The first figure is normal HTTP, followed by three cipher modes, and then skeleton mode. Note that these performance times are very subjective, and are just shown as a simple guide. Each environment will give different results - e.g. the following is the same test performed on AMD64 Linux (with the same hardware)::

But what it does show that using SSL gives almost an order of magnitude decrease in performance compared to normal HTTP.

For public key encryption times, see the blog.

Home | Specifications | F.A.Q. | axTLS API | Contact Us

Copyright © Cameron Rich 2011 camster444@gmail.com . All rights reserved.
Last modified: 7/5/11.