RECENT BLOG NEWS
Strengthening RSA default minimum to 2048 bits
wolfSSL helps make the internet secure. Part of this task is continually updating our default settings to keep up with adversarial advancements. A recent article detailed the use of default RSA key sizes by an IoT manufacturer, which resulted in a 512 bit key being used for authentication. “The factoring required $70 in cloud computing costs and less than 24 hours.”
Since wolfSSL also had the default minimum set to 512 bits, we decided to update the default minimum to 2048 bits. The decision to use 2048 bit for the minimum was based on NIST recommendations and security industry best practices. This affects key generation using wc_MakeRsaKey. Testing infrastructure was also updated to be sure the smaller key sizes are still being covered by CI tests. The default RSA key size minimum can be overridden in the configuration using the RSA_MIN_SIZE macro.
For more information about using RSA in wolfSSL or have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
ExpressVPN’s Benchmark Results with wolfSSL
wolfSSL’s trusted partner, ExpressVPN, recently announced impressive cryptographic benchmark results comparing unaccelerated and hardware-accelerated performance with wolfSSL. Check out ExpressVPN’s benchmarks and download Lightway Core, ExpressVPN’s modern VPN protocol, on GitHub.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Azure Removing TLS 1.0 & TLS 1.1
Are you prepared for the upcoming security enhancements in Azure, which will remove support for TLS 1.0 and TLS 1.1? By the end of October, Azure will no longer accept connections using TLS 1.0 and TLS 1.1 (Azure announcement). This is great news! The older TLS protocols are less secure compared to the newer TLS 1.2 and TLS 1.3 standards. wolfSSL supports both TLS 1.2 and TLS 1.3, and can assist in upgrading your product’s security to prepare for the deprecation of TLS 1.0 and TLS 1.1 in Azure.
For more information and upgrade assistance contact facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Securing medical and industrial/connected products using WolfTPM and ST33KTPM
Explore the security features of the ST33KTPM TPM 2.0 module and learn how to apply them to real-world use cases. We’ll also cover using STM32CubeIDE tools for TPM 2.0 and Secure Boot, including a live demo.
Register today: Securing medical and industrial/connected products using WolfTPM and ST33KTPM
Date: September 19th | 9 AM PT
The need to secure connected products is integral to FDA and other industrial/infrastructure specifications for OEM products, where compromises could have significant impacts and liabilities.
Learn why using ST’s FIPS140-3 and Common Criteria certified ST33KTPM for your products’ connected identity and root-of-trust meets government security standards.
We’ll introduce wolfTPM, simplifying TPM use for secure identity, secure boot, and secure data management with MCU/MPU devices. This session includes using the STM32CubeIDE tools to generate a wolfSSL project supporting TPM use-cases on the STM32H753.
We’ll review installing long-lived identities, comparing a TPM shipped securely personalized by ST versus applying these identities in the security IP of an MPU/MCU/SoC, the foundation of your device’s secure identity and root-of-trust.
- Security drivers impacting medical/industrial/infrastructure products and how using a certified ST33KTPM serves them
- Comparison of the security achievable with and without using an certified ST33KTPM
- The advantages of using a TPM with pre-installed long-lived identities
- Integration of all the above into an STMicroelectronics high performance MCU (STM32H753) WolfSSL example and including the simplification of device personalization by using a pre-personalized ST33KTPM.
- Secure boot (WolfBoot) using ST33KTPM
Duration: 60mins
Seats are limited. Register now for this informative webinar!
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfProvider v1.0.1 Release
wolfSSL is proud to announce the release of wolfProvider 1.0.1. This release contains several fixes and improvements. Most notably, we have added AES CFB support. A better logging of code execution has been added to make debugging easier. Scripted compilation of dependencies (such as wolfSSL and OpenSSL) have been added to get started easier.
wolfProvider is intended for use by customers who want to have a FIPS validated module, but are already invested with using OpenSSL. The provider gives drop-in replacements for the cryptographic algorithms used by OpenSSL. The wolfProvider uses the wolfCrypt engine underneath which is FIPS 140-3 certified.
Refer to the README.md found in the release for usage instructions. We also maintain a ChangeLog.md for a list of changes in each release.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfCrypt FIPS 140-3 on ARM
Do you need a FIPS 140-3 validated cryptography library for your ARM-based platform? wolfCrypt has been FIPS 140-3 validated (certificate #4718). While full FIPS 140-3 support on ARM isn’t available just yet, it’s on our radar. We’re making strides to bring this capability to you soon.
FIPS validating a crypto library on a resource-constrained device can be more involved than doing a validation on a standard desktop-like platform. Variances in OS, Flash/RAM, filesystem (or lack of), entropy, communication, and more can make things interesting. Going through our past ARM-based validations, we have figured out how to make this process easier with wolfCrypt!
If you are interested in exploring FIPS 140-3 cryptography validations on ARM platforms, reach out to us at either facts@wolfSSL.com or +1 425 245 8247!
To learn more about our FIPS 140-3 certification, check out wolfCrypt FIPS Q&A.
Download wolfSSL Now
New FIPS Operating Environments
wolfSSL fans! Do you like FIPS? Do you like virtual machines? Guess what – wolfSSL’s crypto library, wolfCrypt, has been validated as the world’s first SP800-140Br1 FIPS 140-3 certificate! However, with the recent changes to the FIPS submission process, OE additions are slightly delayed via a manual process until such time as the CMVP can update the automated WebCryptik tool to support OEUP scenarios. wolfSSL Inc. is moving forward with our CSTL hoping to achieve our first OEUP manual submission in the very near future! As the landscape continues to evolve, wolfSSL remains committed to keeping wolfCrypt compliant with the latest FIPS standards. Stay tuned for more updates!
If you’re interested in getting a FIPS 140-3 approved crypto library running in your virtual or any operating environment, or if you have any questions about the process, please don’t hesitate to contact us at fips@wolfSSL.com or facts@wolfSSL.com, or call us at +1 425 245 8247. We look forward to hearing from you.
Download wolfSSL Now
wolfSSL FIPS-Ready
Several years back with the release of wolfSSL 4.0.0, the wolfSSL team decided to also start releasing a new product: the wolfSSL FIPS Ready library. This product features new, state of the art concepts and technology. In a single sentence, wolfSSL FIPS Ready is a testable and free to download open source embedded SSL/TLS library with support for FIPS validation, with FIPS enabled cryptography layer code included in the wolfSSL source tree. To further elaborate on what FIPS Ready really means, you do not get a FIPS certificate and you are not FIPS validated or approved. FIPS Ready means that you have included FIPS code ready to be certified by the CMVP into your build and that you are operating according to the FIPS enforced best practices of default entry point, and Pre-Operational Self Test (POST) plus Conditional Algorithm self test (CAST).
FIPS validation is a government certification for cryptographic modules that states that the module in question has undergone thorough and rigorous testing to be certified. FIPS validation specifies that a software/encryption module is able to be used within or alongside government systems. The most recent FIPS specification is 140-3, with various levels of security offered (1-4). Currently, wolfCrypt has the world’s first SP800-140Br1 FIPS 140-3 validation with Certificate #4718! When trying to get software modules FIPS validated, this is often a costly and time-consuming effort and as such causes the FIPS validated modules to have high price tags.
Since the majority of wolfSSL products use the wolfCrypt encryption engine, this also means that if wolfSSH, wolfMQTT (with TLS support), wolfBoot, and other wolfSSL products in place can be tested FIPS validated code with their software before committing.
wolfSSL FIPS Ready can be downloaded from the wolfSSL download page.
For more information about wolfSSL and its FIPS Ready initiative, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Quantum Leap in Avionics: Enhancing Security, Airworthiness, and Safety
Explore the latest advancements in avionics security with industry leaders wolfSSL and SYSGO. Discover how our cutting-edge solutions and certifications are driving a quantum leap in security, airworthiness, and safety across critical aerospace systems.
Register Today: Quantum Leap in Avionics: Enhancing Security, Airworthiness, and Safety
Date: September 12th | 7 AM PT
Learn why wolfSSL and SYSGO are key to advancing avionics security.
Discover wolfSSL top-tier security solutions, including a lightweight, FIPS 140-3 validated TLS/SSL library designed for real-time embedded systems. With high performance, a small footprint, and compatibility with industry standards like DO-178C and protocols such as TLS 1.3, wolfSSL ensures secure communication while maintaining compliance and reliability in avionics applications.
Learn about SYSGO’s PikeOS, which offers advanced real-time operating systems and embedded virtualization. Its robust partitioning and isolation ensure critical avionics systems operate securely and reliably, with a strong emphasis on safety certification and compliance with standards like DO-178C.
This webinar will cover:
- Technology overview from SYSGO and wolfSSL
- Competitive differentiators from wolfSSL: What sets us apart from the competition
- SYSGO products and certification: Insights into SYSGO’s offerings and their certifications within industry standards
Don’t miss this opportunity to learn from industry leaders, gain valuable insights, and witness next-gen avionics security in action. Register today!
Duration: 60 minutes
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 and CNSA 2.0 with a Single TLS Connection
Can you believe it? With wolfSSL you can now have a TLS 1.3 connection that is compliant with both FIPS 140-3 and the CNSA 2.0! Want to know how?
For key establishment, we can use the new ML-KEM-1024 (also known as Kyber-1024 which is at security level 5 as defined by NIST) hybridized with ECDH on curve P-521.
In terms of authentication, we can use our dual algorithm certificates where the conventional algorithm is ECDSA on curve P-521 and the alternative algorithm is ML-DSA-87 (also known as Dilithium 5 which is at security level 5 as defined by NIST). The server would then also have conventional and alternative private keys so they would both be used to sign the transcript.
For the cipher suite, We can use AES-256-GCM-SHA384; this is approved by both FIPS 140-3 and CNSA 2.0.
And just like that, we have dual compliance! Want more details and a demo with steps to do it yourself? Not to worry, we’ll have a webinar soon to explain how you can achieve this yourself as well! Please stay tuned.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- April 2025 (1)
- March 2025 (22)
- February 2025 (21)
- January 2025 (23)
- December 2024 (22)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)