wolfSSL Release 3.7.0

wolfSSL has a new release out, version 3.7.0. In this release we have added features and bug fixes to the wolfSSL embedded SSL/TLS library and further increased its ease of use on platforms in the realm of IoT, with the addition of a Rowley Crossworks example. Along with additions for Rowley there has been an update to the MDK5-ARM and FreeRTOS project keeping wolfSSL at the cutting edge of embedded TLS/SSL.

Some of the features added to our TLS and wolfCrypt layer are: the IDEA cipher, an example of plugging in user choice of external RSA cryptography, and support for the ALPN, which allows making connections over HTTP2.

For a full list of features, and to try them out, download wolfSSL 3.7.0 from the download page, or follow our development branch on GitHub.

For more information about wolfSSL contact us at facts@wolfssl.com

MQTT with wolfSSL

MQTT (Message Queuing Telemetry Transport) is a light weight open messaging protocol that was developed for constrained environments such as M2M (Machine to Machine) and IoT (Internet of Things), where a small code footprint is required. MQTT is based on the Pub/Sub messaging principle of publishing messages and subscribing to topics. The protocol efficiently packs messages to keep the overhead very low. The MQTT specification recommends TLS as a transport option to secure the protocol using port 8883 (secure-mqtt). Constrained devices can benefit from using TLS session resumption to reduce the reconnection cost.

We have posted an example implementation of MQTT with TLS (MQTTS) on mbed:
https://developer.mbed.org/users/wolfSSL/code/HelloMQTTS/
https://developer.mbed.org/users/wolfSSL/code/MQTTS/

wolfSSL is also working on an open source secure MQTT client for IoT security that will be released soon which will work seamlessly with the wolfSSL embedded SSL/TLS library.

The MQTT Version 3.1.1 Specification can be found here on OASIS:
http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html

wolfSSL supports National Cyber Security Awareness Month

wolfSSL has become a Champion of National Cyber Security Awareness Month (NCSAM), joining a growing global effort among colleges and universities, businesses, government agencies, associations, nonprofit organizations and individuals to promote online safety awareness.

Celebrated every October, National Cyber Security Awareness Month was created as a collaborative effort between government and industry to ensure everyone has the resources needed to stay safer and more secure online.

Coordinated and led by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security, NCSAM has grown exponentially since its inception, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation and internationally. This year marks the 12th year of NCSAM.

SHA-3 Algorithm Validation Testing

The SHA-3 Standard (FIPS PUB 202) is now included in Annex A: Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules.

SHA-3 Hash Algorithms (SHA3-224, SHA3-256, SHA3-384, SHA3-512) and SHA-3 Extendable-Output Functions (XOF) (SHAKE128, SHAKE256) are FIPS Approved and may be implemented in a FIPS 140-2 cryptographic module. The SHA-3 functions are based on the Keccak algorithm selected by NIST as the winner of the SHA-3 competition.

wolfSSL is performing early testing of SHA-3 through the Cryptographic Algorithm Validation Program (CAVP) at NIST.

Please contact fips@wolfSSL.com if your project plans include SHA-3.

wolfSSL in stunnel TLS Proxy

Since version 3.6.6, wolfSSL has had continually improving support for stunnel, a lightweight TLS proxy, designed to add SSL/TLS encryption to unsecured applications without changes to the program`s source code. Licensed under GNU GPLv2 and with an alternative commercial option, stunnel can be utilized to secure a host of different applications, including: mail exchange (SMTP, IMAP, POP3), web hosting (HTTP), remote shell, and virtually any other unprotected protocol desired.

Porting stunnel to use wolfSSL`s embedded SSL/TLS library means taking advantage of wolfSSL`s minimal footprint and high speed crypto implementation to increase performance and decrease required resources when compared to the previous SSL library. Not only that, but using wolfSSL with stunnel combines these benefits with the peace of mind that your application is secured by a progressive, transparent and stable SSL/TLS library, known for its quality, integrity and efficiency.

To build wolfSSL for use with stunnel, simply configure wolfSSL with:

$ ./configure --enable-stunnel

from wolfSSL`s main directory, then make and make install.

For a version of stunnel that links to the wolfSSL library, or for more information, contact us at facts@wolfssl.com.