RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

Expanded PKCS#7 support

Recently, wolfSSL released version 3.15.5. This new release of wolfSSL features many new updates, one of which is expanded support for PKCS#7 Cryptographic Message Syntax (CMS). This contains support for using PKCS#7 with Key-Encryption Key Recipient Info (KEKRI), Password Recipient Info (PWRI), and Other Recipient Info (ORI) types.

PKCS#7 is used to sign, encrypt, or decrypt messages under Public Key Infrastructure (PKI). It is also used for certificate dissemination, but is most commonly used for single sign-on.

This expanded PKCS#7 support improves how implementations using wolfSSL handle receiving various RecipientInfo types that were not supported, and also allows wolfSSL to more accurately determine the information and details about each recipient.

Additionally, wolfSSL also provides support for TLS 1.3, which includes many new features such as handshake speedups, removal of insecure algorithms, and improved encryption requirements.

For more information, feel free to contact support@wolfssl.com.

Resources
wolfSSL 3.15.5 release notes: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
PKCS Wikipedia article: https://en.wikipedia.org/wiki/PKCS
TLS 1.3: https://www.wolfssl.com/docs/tls13/

wolfSSL Yocto Project and OpenEmbedded Support

Did you know that wolfSSL, wolfSSH, wolfMQTT, and wolfTPM all support being compiled on Yocto Project or OpenEmbedded based projects?  We recently refreshed our layer and recipe files to support the most current product versions, examples, and Open Source project bbappend files.

There are a several ways that projects can include wolfSSL products, or the wolfSSL embedded SSL/TLS library in Yocto Project / OE images.  wolfSSL maintains a layer called “meta-wolfssl“, located on GitHub here:

https://github.com/wolfssl/meta-wolfssl

This layer includes recipes for:

  • wolfSSL embedded SSL/TLS library
  • wolfSSH lightweight SSH library
  • wolfMQTT lightweight MQTT Client Library
  • wolfTPM TPM 2.0 Library
  • wolfCrypt test application
  • wolfCrypt benchmark application
  • cURL .bbappend file, for compiling cURL with wolfSSL support

If you are interested in trying these recipes out, we have a great Getting Started document available here:

wolfSSL Getting Started for Yocto and OpenEmbedded

The wolfSSL product recipe is also part of the “meta-openembedded/meta-networking/recipes-connectivity” layer, located here:

https://github.com/openembedded/meta-openembedded/tree/master/meta-networking/recipes-connectivity/wolfssl

If you have questions about using “meta-wolfssl” in your project, or need tips on getting started with your build, email us at facts@wolfssl.com!

 

wolfSSL Summer of Security Internship Program

Are you a student looking to gain experience in Internet Security, including SSL/TLS, cryptography, MQTT, SSH, and TPM 2.0?  wolfSSL is one of the leading producers of Open Source Internet security products, securing over 2 Billion active connections on the Internet today.  The wolfSSL “Summer of Security” program is a Summer internship in Bozeman, MT and Edmonds, WA which spans the Summer months and brings qualified students on-board to learn about how security software is written, tested, and used around the world.

The Summer of Security program allows wolfSSL interns to gain knowledge in the embedded SSL/TLS industry as well as valuable programming experience in Linux and embedded systems. Throughout the Summer, interns will play a role in improving documentation, current examples, test cases, and community support within wolfSSL and related products.

The Summer of Security is a great opportunity for students to increase work experience in the field of Computer Science and work towards a potential career as part of the wolfSSL team. The team at wolfSSL looks for knowledgeable students who have experience in C programming. Prior embedded systems experience, network programming experience, and familiarity with git/GitHub are a plus.

Apply Today!

If you are interested in learning more about the wolfSSL Summer of Security internship program, please send a resume and cover letter to us at facts@wolfssl.com!

Learn More

wolfSSL Homepage
wolfSSL Products Page
wolfSSL User Manual
TLS 1.3 Support!
wolfSSL Examples Repository (GitHub)

wolfSSL now supports latest Intel QuickAssist v1.7 driver and hardware

wolfSSL now has added support for:

  • Intel QuickAssist driver v1.7 (qat1.7.l.4.3.0-00033)
  • Intel QuickAssist 8970 hardware
  • QuickAssist accelerated RSA Key Gen
  • QuickAssist accelerated SHA 3

The new 8970 hardware has 12 additional cryptographic hardware instances. The previous 8950 cards had 6 instances and the new ones have 18. The 8970 card also adds a PCIe (Gen 3) 16x option for increased performance.

For example, using the Intel QuickAssist 8970 (PCIe 16x) hardware on an i7-2600 CPU @ 3.40GHz with 8 threads running, we achieved the following asymmetric benchmarks:

  • RSA   2048 public 289,559 ops/sec
  • RSA   2048 private 41,929 ops/sec
  • DH    2048 key gen 65,534 ops/sec
  • DH    2048 agree 89,587 ops/sec
  • ECDHE  256 agree 55,745 ops/sec
  • ECDSA  256 sign 59,674 ops/sec
  • ECDSA  256 verify 32,804 ops/sec

More wolfSSL benchmark data can be found on the wolfSSL benchmarks page, here: https://www.wolfssl.com/docs/benchmarks/
Intel QuickAssist: https://www.intel.com/content/www/us/en/architecture-and-technology/intel-quick-assist-technology-overview.html

If you are interested in evaluating the wolfSSL Asynchronous support for Intel QuickAssist or Cavium Nitrox, please email us at facts@wolfssl.com.

wolfSSL Micrium uC/OS-III and uC/TCP-IP Support

Are you a user of Micrium?  If so, you will be happy to know that wolfSSL recently updated support and added TLS client and server examples to the wolfSSL embedded SSL/TLS library for Micrium!

We have also run a benchmark of our wolfCrypt/wolfSSL libraries on an NXP Kinetis K70 (Freescale TWR-K70F120M MCU) tower system board with a project built using the IAR Embedded Workbench IDE - ARM 8.32.1 (IAR ELF Linker V8.32.1.169/W32 for ARM). The details can be viewed on the wolfSSL benchmarks page.

For instructions on how to build and integrate the examples on your projects or to see the benchmark results, please see the README located in “IDE/ECLIPSE/MICRIUM”.  This support is currently located in our GitHub master branch, and will roll into the next stable release of wolfSSL as well. For any questions or help getting wolfSSL up and running on your environment, please contact us at support@wolfssl.com.  wolfSSL also now supports the most current version of TLS, TLS 1.3!  Learn more here: https://www.wolfssl.com/docs/tls13/ !

wolfSSL smallstack size reduction

wolfSSL v3.15.5 was released last week which features many new additions to the library. One of those new additions is the reduction of the stack usage while using the “smallstack” build option.

The goal of wolfSSL’s “smallstack” build is to use at most 1kB of stack.  All other memory used is placed on the heap.

Currently, wolfSSL passes the option "--enable-smallstack" to the configure script. The small stack option can also be enabled by defining the following option: WOLFSSL_SMALL_STACK

Please contact support@wolfssl.com with any questions about building the wolfSSL embedded SSL/TLS library for your platform, or customizing the memory usage of wolfSSL.

wolfSSL FAQ page

The wolfSSL FAQ page can be useful for information or general questions that need need answers immediately. It covers some of the most common questions that the support team receives, along with the support team's responses. It's a great resource for questions about wolfSSL, embedded TLS, and for solutions to problems getting started with wolfSSL.

To view this page for yourself, please follow this link here.

Here is a sample list of 5 questions that the FAQ page covers:

  1. How do I build wolfSSL on ... (*NIX, Windows, Embedded device) ?
  2. How do I manage the build configuration of wolfSSL?
  3. How much Flash/RAM does wolfSSL use?
  4. How do I extract a public key from a X.509 certificate?
  5. Is it possible to use no dynamic memory with wolfSSL and/or wolfCrypt?

Have a  question that isn't on the FAQ? Feel free to email us at support@wolfssl.com.

wolfSSL support for Lighttpd

wolfSSL v3.15.5 was recently released and features many new additions to the library. One of those options is support for Lighttpd. Lighttpd is an open-source web server that is optimized for speed-critical environments while remaining standards-compliant, portable, and flexible.

The addition of support for Lighttpd is the perfect match for web servers looking to remain lightweight, fast, and portable while providing top-rate security. The wolfSSL embedded SSL/TLS library provides support for TLS 1.3, is available in a FIPS-validated version, and its size ranges from 20-100kB.

To build wolfSSL for use with Lighttpd, simply run the configure script with the option "--enable-lighty".

The most recent version of the wolfSSL library can be downloaded from our download page here: https://www.wolfssl.com/download/
More information about the new release of wolfSSL and its added features can be found here: https://www.wolfssl.com/wolfssl-3-15-5-now-available/

Please contact us at support@wolfssl.com for assistance or questions in compiling wolfSSL for use with Lighttpd!

wolfSSL PKCS#11 support

wolfSSL v3.15.5 was released last week, which features many new additions to the library. One of those options is support for PCKS#11. The PKCS#11 standard defines an API to cryptographic tokens. The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

Using wolfSSL on your application or your device will now allow you to utilize PKCS#11 for access to hardware security modules, smart cards, and other cryptographic tokens.

To build wolfSSL with PKCS#11 support, the library needs to be downloaded and then built with a specific option. The library can be downloaded from the wolfSSL download page, here: https://www.wolfssl.com/download/. The steps to build wolfSSL with PKCS#11 are detailed below:

# From within wolfSSL's root directory
./autogen.sh
./configure --enable-pkcs11
make
sudo make install

wolfSSL also has its PKCS#11 documentation located within its doxygen pages, here: https://www.wolfssl.com/doxygen/group__PKCS11.htmlThis PKCS#11 documentation provides information on the recently added PKCS#11 API.

More information about the new release of wolfSSL v3.15.5 can be found here: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
wolfSSL v3.15.5 download: https://www.wolfssl.com/download/
Wikipedia article on PKCS#11: https://en.wikipedia.org/wiki/PKCS_11

wolfSSL TLS 1.3-only build (#TLS13)

wolfSSL v3.15.5 was released last week which features many new additions to the library. One of those options is the availability of a TLS 1.3 only build, which enables the wolfSSL embedded SSL/TLS library to built such that use of TLS 1.2 and prior protocols is effectively disabled.

The TLS 1.3 only build is useful when forward secrecy and extra security are desired in embedded systems or applications. This option will cause attempted connections with other clients or servers to fail during the handshake unless they support the use of TLS 1.3, which prevents insecure connections from even being formed in the first place. Additionally, this TLS 1.3 option also streamlines the library. By enabling just TLS 1.3, the portions of the library that provide functionality for prior TLS protocol versions are not included when building the library, reducing the build size.

The newest version of wolfSSL can be downloaded from the download page. To build the wolfSSL library in TLS 1.3 only mode once downloaded, it requires the following options be used when running the configure script:

--enable-tls13
--disable-tlsv12
--disable-oldtls

References

wolfSSL v3.15.5 release notes: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
Differences between SSL/TLS protocol versions: https://www.wolfssl.com/differences-between-ssl-and-tls-protocol-versions-3/

Please contact us at facts@wolfssl.com with questions about using TLS 1.3 with wolfSSL, or compiling the library for your platform.

Posts navigation

1 2 3 120 121 122 123 124 125 126 194 195 196

Weekly updates

Archives