Merry Christmas! The Christmas release of wolfSSL is here, version 5.6.6!
Version 5.6.6 brings with it fixes for 4 vulnerabilities, bug fixes, new features, and some enhancements as well! For a description of vulnerabilities fixed, please see our vulnerability page. New features in this release include support for additional hardware devices (STM32WL55), new hardware encryption support for ESP32 devices (ESP32-C3, ESP32-C6, ESP32-S2), improved DTLS 1.3 session resumption support, new implementation of SRTP-KDF and SRTCP-KDF, a cache-attack safe bitslice implementation of AES, and support for memcached.
We also have a nice round of enhancements which range from better testing, disabling TLS 1.1 by default, expanded CMake build support, optimizations and new assembly for our speedy SP math library, and more!
A list of new features and enhancements from our ChangeLog is listed below. For a full list of fixes see our complete ChangeLog on GitHub.
New Feature Additions
- Build option for disabling CRL date checks (WOLFSSL_NO_CRL_DATE_CHECK) (PR 6927)
- Support for STM32WL55 and improvements to PKA ECC support (PR 6937)
- Add option to skip cookie exchange on DTLS 1.3 session resumption (PR 6929)
- Add implementation of SRTP KDF and SRTCP KDF (–enable-srtp-kdf) (PR 6888)
- Add wolfSSL_EXTENDED_KEY_USAGE_free() (PR 6916)
- Add AES bitsliced implementation that is cache attack safe (–enable-aes-bitsliced) (PR 6854)
- Add memcached support and automated testing (PR 6430, 7022)
- Add Hardware Encryption Acceleration for ESP32-C3, ESP32-C6, and ESP32-S2 (PR 6990)
- Add (D)TLS 1.3 support for 0.5-RTT data (PR 7010)
Enhancements and Optimizations
- Better built in testing of “–sys-ca-certs” configure option (PR 6910)
- Updated CMakeLists.txt for Espressif wolfSSL component usage (PR 6877)
- Disable TLS 1.1 by default (unless SSL 3.0 or TLS 1.0 is enabled) (PR 6946)
- Add “–enable-quic” to “–enable-all” configure option (PR 6957)
- Add support to SP C implementation for RSA exponent up to 64-bits (PR 6959)
- Add result of “HAVE___UINT128_T” to options.h for CMake builds (PR 6965)
- Add optimized assembly for AES-GCM on ARM64 using hardware crypto instructions (PR 6967)
- Add built-in cipher suite tests for DTLS 1.3 PQC (PR 6952)
- Add wolfCrypt test and unit test to ctest (PR 6977)
- Move OpenSSL compatibility crypto APIs into ssl_crypto.c file (PR 6935)
- Validate time generated from XGMTIME() (PR 6958)
- Allow wolfCrypt benchmark to run with microsecond accuracy (PR 6868)
- Add GitHub Actions testing with nginx 1.24.0 (PR 6982)
- Allow encoding of CA:FALSE BasicConstraint during cert generation (PR 6953)
- Add CMake option to enable DTLS-SRTP (PR 6991)
- Add CMake options for enabling QUIC and cURL (PR 7049)
- Improve RSA blinding to make code more constant time (PR 6955)
- Refactor AES-NI implementation macros to allow dynamic fallback to C (PR 6981)
- Default to native Windows threading API on MinGW (PR 7015)
- Return better error codes from OCSP response check (PR 7028)
- Updated Espressif ESP32 TLS client and server examples (PR 6844)
- Add/clean up support for ESP-IDF v5.1 for a variety of ESP32 chips (PR 7035, 7037)
- Add API to choose dynamic certs based on client ciphers/sigalgs (PR 6963)
- Improve Arduino IDE 1.5 project file to match recursive style (PR 7007)
- Simplify and improve apple-universal build script (PR 7025)
Visit our download page or wolfSSL GitHub repository to download the release bundle. If you have questions about any of the above, feel free to email us at facts@wolfSSL.com or support@wolfSSL.com, or call us at +1 425 245 8247 regarding the wolfSSL embedded SSL/TLS library or any other products.
Download wolfSSL Now