RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

Introducing rustls-wolfcrypt-provider: wolfCrypt for Rustls

rustls-wolfcrypt-provider integrates the wolfCrypt cryptographic library as a backend for Rustls, allowing developers to use wolfCrypt’s secure cryptographic functions with Rustls’ modern TLS stack. Currently in alpha, this library offers flexibility for those needing an alternative crypto provider, especially for projects requiring FIPS 140-3 readiness.

Other reasons to consider wolfCrypt as your Rustls provider include the following:

  1. Hardware encryption support, wolfCrypt supports hardware encryption and assembly optimizations for systems big and small. See our list of supported hardware encryption schemes.
  2. Support: we will support Rustls when used in conjunction with wolfCrypt.
  3. Consulting: If you need help making all of this work in your environment, we’ll help!

Supported Cipher Suites

TLS 1.3:

  • TLS13_CHACHA20_POLY1305_SHA256
  • TLS13_AES_128_GCM_SHA256
  • TLS13_AES_256_GCM_SHA384

TLS 1.2:

  • TLS12_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS12_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS12_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS12_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

With rustls-wolfcrypt-provider, developers can combine the cryptographic strengths of wolfCrypt with the modern TLS capabilities of Rustls, supporting Rustls version 0.23.9. This integration is ideal for projects that require both strong security and the flexibility of wolfCrypt’s cryptography.

Are you interested in Rust solutions with wolfSSL integration?

If you have questions about any of the above or need assistance, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Everything You Need to Know about FIPS 140-3

Join us on September 25th at 10 AM PT for an in-depth look at FIPS 140-3 with wolfSSL Senior Software Engineer, Kaleb Himes. This is your chance to get the inside scoop on how FIPS 140-3 can enhance your security!

Register Now: Everything You Need to Know about FIPS 140-3
Date: September 25th at 10am PT

This webinar will cover:

  • Basic & Benefits: Discover why FIPS 140-3 is essential for secure systems and what makes it a must-have.
  • Difference Between FIPS 140-2 and FIPS 140-3: Understand the key distinctions and improvements from FIPS 140-2.
  • wolfCrypt’s Achievement: Learn about wolfCrypt’s milestone as the first to receive the SP800-140Br1 FIPS 140-3 validated certificate (#4718).
    And much more…

Whether you’re new to FIPS 140-3, looking to deepen your knowledge or seeking FIPS 140-3 support, this webinar will provide valuable insights and practical information.

Don’t miss out on this opportunity to enhance your understanding and stay ahead in cybersecurity. Register now and secure your spot!

As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Strengthening RSA default minimum to 2048 bits

wolfSSL helps make the internet secure. Part of this task is continually updating our default settings to keep up with adversarial advancements. A recent article detailed the use of default RSA key sizes by an IoT manufacturer, which resulted in a 512 bit key being used for authentication. “The factoring required $70 in cloud computing costs and less than 24 hours.”

Since wolfSSL also had the default minimum set to 512 bits, we decided to update the default minimum to 2048 bits. The decision to use 2048 bit for the minimum was based on NIST recommendations and security industry best practices. This affects key generation using wc_MakeRsaKey. Testing infrastructure was also updated to be sure the smaller key sizes are still being covered by CI tests. The default RSA key size minimum can be overridden in the configuration using the RSA_MIN_SIZE macro.

For more information about using RSA in wolfSSL or have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Azure Removing TLS 1.0 & TLS 1.1

Are you prepared for the upcoming security enhancements in Azure, which will remove support for TLS 1.0 and TLS 1.1? By the end of October, Azure will no longer accept connections using TLS 1.0 and TLS 1.1 (Azure announcement). This is great news! The older TLS protocols are less secure compared to the newer TLS 1.2 and TLS 1.3 standards. wolfSSL supports both TLS 1.2 and TLS 1.3, and can assist in upgrading your product’s security to prepare for the deprecation of TLS 1.0 and TLS 1.1 in Azure.

For more information and upgrade assistance contact facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Securing medical and industrial/connected products using WolfTPM and ST33KTPM

Explore the security features of the ST33KTPM TPM 2.0 module and learn how to apply them to real-world use cases. We’ll also cover using STM32CubeIDE tools for TPM 2.0 and Secure Boot, including a live demo.

Register today: Securing medical and industrial/connected products using WolfTPM and ST33KTPM
Date: September 19th | 9 AM PT

The need to secure connected products is integral to FDA and other industrial/infrastructure specifications for OEM products, where compromises could have significant impacts and liabilities.

Learn why using ST’s FIPS140-3 and Common Criteria certified ST33KTPM for your products’ connected identity and root-of-trust meets government security standards.

We’ll introduce wolfTPM, simplifying TPM use for secure identity, secure boot, and secure data management with MCU/MPU devices. This session includes using the STM32CubeIDE tools to generate a wolfSSL project supporting TPM use-cases on the STM32H753.

We’ll review installing long-lived identities, comparing a TPM shipped securely personalized by ST versus applying these identities in the security IP of an MPU/MCU/SoC, the foundation of your device’s secure identity and root-of-trust.

  • Security drivers impacting medical/industrial/infrastructure products and how using a certified ST33KTPM serves them
  • Comparison of the security achievable with and without using an certified ST33KTPM
  • The advantages of using a TPM with pre-installed long-lived identities
  • Integration of all the above into an STMicroelectronics high performance MCU (STM32H753) WolfSSL example and including the simplification of device personalization by using a pre-personalized ST33KTPM.
  • Secure boot (WolfBoot) using ST33KTPM

Duration: 60mins

Seats are limited. Register now for this informative webinar!

As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfProvider v1.0.1 Release

wolfSSL is proud to announce the release of wolfProvider 1.0.1. This release contains several fixes and improvements. Most notably, we have added AES CFB support. A better logging of code execution has been added to make debugging easier. Scripted compilation of dependencies (such as wolfSSL and OpenSSL) have been added to get started easier.

wolfProvider is intended for use by customers who want to have a FIPS validated module, but are already invested with using OpenSSL. The provider gives drop-in replacements for the cryptographic algorithms used by OpenSSL. The wolfProvider uses the wolfCrypt engine underneath which is FIPS 140-3 certified.

Refer to the README.md found in the release for usage instructions. We also maintain a ChangeLog.md for a list of changes in each release.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfCrypt FIPS 140-3 on ARM

Do you need a FIPS 140-3 validated cryptography library for your ARM-based platform? wolfCrypt has been FIPS 140-3 validated (certificate #4718). While full FIPS 140-3 support on ARM isn’t available just yet, it’s on our radar. We’re making strides to bring this capability to you soon.

FIPS validating a crypto library on a resource-constrained device can be more involved than doing a validation on a standard desktop-like platform. Variances in OS, Flash/RAM, filesystem (or lack of), entropy, communication, and more can make things interesting. Going through our past ARM-based validations, we have figured out how to make this process easier with wolfCrypt!

If you are interested in exploring FIPS 140-3 cryptography validations on ARM platforms, reach out to us at either facts@wolfSSL.com or +1 425 245 8247!

To learn more about our FIPS 140-3 certification, check out wolfCrypt FIPS Q&A.

Download wolfSSL Now

New FIPS Operating Environments

wolfSSL fans! Do you like FIPS? Do you like virtual machines? Guess what – wolfSSL’s crypto library, wolfCrypt, has been validated as the world’s first SP800-140Br1 FIPS 140-3 certificate! However, with the recent changes to the FIPS submission process, OE additions are slightly delayed via a manual process until such time as the CMVP can update the automated WebCryptik tool to support OEUP scenarios. wolfSSL Inc. is moving forward with our CSTL hoping to achieve our first OEUP manual submission in the very near future! As the landscape continues to evolve, wolfSSL remains committed to keeping wolfCrypt compliant with the latest FIPS standards. Stay tuned for more updates!

If you’re interested in getting a FIPS 140-3 approved crypto library running in your virtual or any operating environment, or if you have any questions about the process, please don’t hesitate to contact us at fips@wolfSSL.com or facts@wolfSSL.com, or call us at +1 425 245 8247. We look forward to hearing from you.

Download wolfSSL Now

wolfSSL FIPS-Ready

Several years back with the release of wolfSSL 4.0.0, the wolfSSL team decided to also start releasing a new product: the wolfSSL FIPS Ready library. This product features new, state of the art concepts and technology. In a single sentence, wolfSSL FIPS Ready is a testable and free to download open source embedded SSL/TLS library with support for FIPS validation, with FIPS enabled cryptography layer code included in the wolfSSL source tree. To further elaborate on what FIPS Ready really means, you do not get a FIPS certificate and you are not FIPS validated or approved. FIPS Ready means that you have included FIPS code ready to be certified by the CMVP into your build and that you are operating according to the FIPS enforced best practices of default entry point, and Pre-Operational Self Test (POST) plus Conditional Algorithm self test (CAST).

FIPS validation is a government certification for cryptographic modules that states that the module in question has undergone thorough and rigorous testing to be certified. FIPS validation specifies that a software/encryption module is able to be used within or alongside government systems. The most recent FIPS specification is 140-3, with various levels of security offered (1-4). Currently, wolfCrypt has the world’s first SP800-140Br1 FIPS 140-3 validation with Certificate #4718! When trying to get software modules FIPS validated, this is often a costly and time-consuming effort and as such causes the FIPS validated modules to have high price tags.

Since the majority of wolfSSL products use the wolfCrypt encryption engine, this also means that if wolfSSH, wolfMQTT (with TLS support), wolfBoot, and other wolfSSL products in place can be tested FIPS validated code with their software before committing.

wolfSSL FIPS Ready can be downloaded from the wolfSSL download page.

For more information about wolfSSL and its FIPS Ready initiative, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 12 13 14 15 16 17 18 196 197 198

Weekly updates

Archives