RECENT BLOG NEWS

Below is a link to wolfSSL’s SSL/TLS tutorial video on setting up a basic client and server with the CyaSSL lightweight, embedded SSL/TLS library. This video provides a detailed step-by-step set of instructions, including code, for incorporating CyaSSL into an application. The tutorial walks through Chapter 11 of the CyaSSL manual. SSL/TLS Tutorial with CyaSSL […]

Some TLS implementations are vulnerable to the October POODLE attack that at the time was thought to be limited to SSLv3 only: https://www.imperialviolet.org/2014/12/08/poodleagain.html .  These implementations are incorrectly using a SSLV3 decoding function while in TLS mode.  wolfSSL is not susceptible, it correctly uses TLS decoding while in TLS mode.  We would like to reiterate Adam Langley’s […]

CyaSSL version 3.3.0 offers: • Secure countermeasures for Handshake message duplicates, CHANGE CIPHER without FINISHED, and fast forward attempts added to our source code.  Thanks to Karthikeyan Bhargavan from the Prosecco team at INRIA Paris-Rocquencourt for the report.  This is an important fix and all users should update! • Complete testing for FIPS 140-2 version […]

INSTEON is leading the way in the field of home automation and control technology with a line of products that include a wide range of smart home devices such as lighting, motion detectors, and security systems. All INSTEON products can be centrally accessed through the Hub, a product that has the ability to connect the […]

The next release of CyaSSL will have official support for the PicoTCP TCP/IP stack. wolfSSL has been working closely with the developers at TASS to add out-of-the-box support for this new, lightweight, and dual-licensed TCP/IP stack – making it easier to secure Internet of Things devices running on top of PicoTCP. For those not familiar […]

Hi! We’ve been telegraphing our plans to drop support for SSL 3.0 for the last year. With the emergence of the POODLE breach, we’ve decided to accelerate our plan. Over the coming weeks and months, we’ll be doing the following: 1. Disabling SSL 3.0 by default at runtime. 2. Disabling our SSL 3.0 code by […]

SSL, the predecessor to TLS, reached version 3.0 before changing names to TLS. TLS versions currently defined include TLS 1.0, 1.1, and 1.2, with the 1.3 specification still being worked out. “Padding Oracle On Downgraded Legacy Encryption” Bug (POODLE) was disclosed on October 14th, 2014 and allows an attacker to read information encrypted with SSL […]

Implementation of curve25519 is to the point where it is going through a testing cycle. We are looking for interested beta testers and cryptography enthusiasts who wish to test out just how fast it can be. If interested in getting the source code for the curve25519 implementation, contact us at facts@wolfssl.com.

Secure Renegotiation will allow for a server to differentiate between an initial connection and a renegotiation, protecting against “man-in-the-middle” attacks during renegotiations. “Secure Socket Layer (SSL) and Transport Layer Security (TLS) renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and […]

Simple Certificate Enrollment Protocol, better known as SCEP, is a way to simplify certificate handling for everyday users. This Public Key Infrastructure communication protocol is designed to enable certificate management and certificate/CRL queries within a closed network. According to the Internet Engineering Task Force, SCEP uses PKCS#7 and PKCS#1 over HTTP and supports CA and […]