RECENT BLOG NEWS
Post-Quantum Script Magician: Igor Barshteyn
Today we’d like to give a quick shout out to Igor Barshteyn! He is a long time and active member of the cryptography and information security communities. His interests are very apparent in his posts on LinkedIn.
Besides sleuthing out the the NIST post-quantum draft standards the day before their release and a multitude of other interesting posts, he has come up with a script to allow for easy experimentation in wolfSSL with post-quantum algorithms hybridized with NIST ECC curves in our fips-ready releases. But why would he do that?
Well, if you’re interested in cryptographic compliance, then you will know that the NSA’s CNSA 2.0 guidance requires the use of Kyber. You’ll also know that FIPS 140-2/3 requires the use of FIPS approved ECC curves for key exchange. Moreover, NIST has stated that an ECC key exchange done in a FIPS 140 approved mode of operation can be hybridized a with a post-quantum algorithm and still be considered in a FIPS 140 approved mode of operation. See FQAs for more detail.
Are you curious to see how hybrid FIPS 140 approved mode of key exchange hybridized with the CNSA 2.0 approved Kyber will perform in your environment or on your system? You can find out today!! Check out Igor’s post which has great instructions and a link to his script!Are you curious to see how hybrid FIPS 140 approved mode of key exchange hybridized with the CNSA 2.0 approved Kyber will perform in your environment or on your system? You can find out today!! Check out Igor’s post which has great instructions and a link to his script!
If you have questions on any of above, please contact us at facts@wolfSSL.com, or call us as +1 425 245 8247.
Download wolfSSL
Live Webinar: Reasons to Migrate from OpenSSL to wolfSSL
Are you seeking a superior alternative to OpenSSL with better support and smoother workflow?
wolfSSL can fulfill your needs, addressing the gaps you might be experiencing while using OpenSSL. Join our upcoming webinar hosted by wolfSSL engineer Anthony, where he will focus on advantages of switching to wolfSSL. Discover why choosing wolfSSL over OpenSSL can reshape your projects.
Watch the webinar here: Migrate from OpenSSL to wolfSSL
Sneak peek of the webinar:
- Certified FIPS provider
- Support for the QUIC protocol (–enable-quic)
- Support for Post-quantum integration
- Top-notch support services
- And much more!
Anthony will provide in-depth insights into what sets wolfSSL apart from OpenSSL. Watch it now to explore the potential benefits of using wolfSSL. Let us introduce you to solutions that work best for your projects!
As always, our webinars will include Q&A sessions throughout the webinar. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.
Download wolfSSL
Benchmarking wolfCrypt on Cortex M0+
We added a benchmark running on Raspberry Pi PIco-W. It runs with Cortex M0+, 125MHz. If you are interested in how wolfSSL/wolfCrypt works on low end MCU, this should be a good example benchmark to look into.
Here are some highlights:
- Hash operations such as SHA256 run faster than 1 M bytes per second.
- Symmetric algorithms like AES-GCM enc/dec faster than 300 k bytes per second.
- ECDH keygen/agreement, ECDSA sign/verify around 100mSec to 50mSec per operation.
Visit our ‘Raspberry Pi Pico-W’ benchmark page for further details.
If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.
Download wolfSSL
DTLS Support Added to wolfMQTT-SN
wolfSSL is delighted to announce that we have added a secure way for sensors to communicate to the gateway using DTLS and MQTT-SN! We used the Paho MQTT-SN Gateway project’s recent addition of DTLS support for testing.
Testing details are in the pull request.
Let us know what you think by sending a note to facts@wolfSSL.com.
You can download the latest release, or clone directly from our GitHub repository.
While you’re there, show us some love and give the wolfMQTT project a Star!
If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.
Download wolfSSL
Live Webinar: SM ciphers are implemented in wolfSSL
Join the webinar to discover how the latest SM cipher implementations from wolfSSL comply with Chinese regulations and can secure your critical systems! wolfSSL engineer Sean will reveal all the details to help you find the best solutions for your critical systems on September 7th at 2pm PT.
Watch the webinar here: SM ciphers are implemented in wolfSSL
The Chinese government mandates the use of SM2, SM3, and SM4 in critical systems such as automobiles, avionics and more. wolfSSL is proud to announce our supported versions of these ciphers tailored to our customers in the Chinese market. We also have a plan to release the ZUC stream cipher later this year to completely satisfy SM9. Additionally, we’re actively communicating with labs regarding support of OSCCA certification in the future.
This exciting development is fantastic news for our customers in the Chinese market, ensuring they remain compliant with the latest regulations.
Benefits of using wolfSSL products:
- The SM Ciphers are fully supported in wolfSSL’s TLS 1.3 and DTLS 1.3 implementations.
- wolfSSH, wolfBoot and our other products will support ShangMi ciphers.
- ARM, Intel, and RiscV assembly is in the works for our SM implementations for maximum performance
- We support bare metal for SM2, SM3, and SM4
- We have maximized performance and minimized size, so the ShangMi algorithms will work well for embedded systems use cases on a wide variety of microcontrollers (MCU’s). They will be available for all of the MCU silicon that we currently support, including STM32, NXP i.MX, RISC-V, Renesas RA, RX, and Synergy, Nordic NRF32, Microchip PIC32, Infineon Aurix, TI MSP, and many others
- Our GPLv2 versions of the SM ciphers are available on GitHub
Commercially licensed versions are available.
Don’t miss this opportunity to discover solutions for your system security and compliance. Join our webinar to explore the full potential of SM cipher implementations from wolfSSL.
As always, our webinars will include Q&A sessions throughout the webinar. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.
Download wolfSSL
Every hardware cryptography scheme wolfSSL has ever enabled
At wolfSSL we support hardware cryptography for a wide range of platforms. The benefits of hardware cryptography include reduced code footprint size, improved security, acceleration of cryptographic operations, and utilization of true random number generators. For example, this allows everything from wolfBoot to TLS cipher suites to enjoy acceleration of cryptographic operations.
Furthermore, we have deep partnerships with industry leaders such as Intel, NXP, and Renesas. We support standard Intel instruction extensions such as AES-NI, AVX, and ADX and BMI2, and have recently published a joint whitepaper on using wolfBoot with 11th Gen Intel Core processors. We also support NXP’s Cryptographic Accelerator and Assurance Module (CAAM), and have leveraged this for hardware acceleration on a number of NXP i.MX series processors. Other examples include Espressif and Analog Devices, to name but a few.
If you’re curious for a list of every hardware cryptography scheme and platform we have enabled, then read on:
-
- Intel ADX and BMI2: Intel and AMD x86.
RSA Curve25519 256 bit Ed25519 256 bit References:
- Intel ADX and BMI2: Intel and AMD x86.
-
- RDRAND/RDSEED: Intel 64 and IA-32, and AMD Zen processor families.
RNG References:
- RDRAND/RDSEED: Intel 64 and IA-32, and AMD Zen processor families.
-
- STMicroeletronics STM32 Public Key Accelerator (on WB55, H7):
AES–CBC 128, 192, 256 bit SHA2 SHA-224, SHA-256 ECC 256 bit (NIST-P256) RNG References:
- STMicroeletronics STM32 Public Key Accelerator (on WB55, H7):
-
- Cypress PSoC6 (32-bit Arm Cortex M4)
SHA2 SHA-256, SHA-512 ECC Supports up to NIST P-521
- Cypress PSoC6 (32-bit Arm Cortex M4)
-
- Xilinx Zynq UltraScale+ MPSoC
AES–GCM 256 bit RSA 2048, 4096 bits SHA3 SHA-384 References:
- Xilinx Zynq UltraScale+ MPSoC
- MAXQ1065 and MAXQ1080:
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit ECC NIST-P256 SHA2 SHA-256 References:
Do you have a platform requiring hardware cryptographic support that isn’t on our list, or are you curious about benchmarking? Please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247 with the details of your platform and we will be glad to help you! Also, check out our wolfSSL and wolfCrypt benchmark page.
Download wolfSSL
wolfSSL on the Espressif ESP32-C3 RISC-V
More and more customers are asking about the Espressif ESP32 RISC-V SoC products. The answer is an enthusiastic YES. We support all of the Espressif ESP-32 chipsets, including the ESP32-C6 and the ESP32-C3 RISC-V devices.
Check out our recent video: Getting Started with wolfSSL on the ESP32. Our Espressif examples make it easier than ever to take wolfSSL for a test drive. See also the recent blog on the ESP Component Registry and other blogs on the ESP32 topic.
Shown below is an out-of-the-box, default-settings version of wolfSSL running the Benchmark app on the ESP32-C3 in a typical ESP-IDF v5.1 environment. Keep in mind there are numerous wolfSSL settings to fine-tune our libraries to your product.
We currently have RISC-V hardware acceleration in development. This means that some of the performance metrics should improve by upwards of 10x faster.
Interested in other boards as well? Check out our partial and growing list of supported boards.
I (31) boot: chip revision: v0.4 I (35) boot.esp32c3: SPI Speed : 80MHz I (40) boot.esp32c3: SPI Mode : DIO I (44) boot.esp32c3: SPI Flash Size : 2MB ------------------------------------------------------------------------------ wolfSSL version 5.6.3 ------------------------------------------------------------------------------ Math: Multi-Precision: Wolf(SP) word-size=32 bits=3072 sp_int.c wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) RNG 725 KiB took 1.027 seconds, 705.940 KiB/s Cycles per byte = 55.33 AES-128-CBC-enc 50 KiB took 1.082 seconds, 46.211 KiB/s Cycles per byte = 845.33 AES-128-CBC-dec 50 KiB took 1.088 seconds, 45.956 KiB/s Cycles per byte = 850.03 AES-192-CBC-enc 50 KiB took 1.297 seconds, 38.551 KiB/s Cycles per byte = 1013.13 AES-192-CBC-dec 50 KiB took 1.303 seconds, 38.373 KiB/s Cycles per byte = 1017.77 AES-256-CBC-enc 50 KiB took 1.511 seconds, 33.091 KiB/s Cycles per byte = 1180.73 AES-256-CBC-dec 50 KiB took 1.517 seconds, 32.960 KiB/s Cycles per byte = 1185.42 AES-128-GCM-enc 50 KiB took 1.187 seconds, 42.123 KiB/s Cycles per byte = 927.09 AES-128-GCM-dec 50 KiB took 1.186 seconds, 42.159 KiB/s Cycles per byte = 927.11 AES-192-GCM-enc 50 KiB took 1.405 seconds, 35.587 KiB/s Cycles per byte = 1097.49 AES-192-GCM-dec 50 KiB took 1.405 seconds, 35.587 KiB/s Cycles per byte = 1097.53 AES-256-GCM-enc 50 KiB took 1.623 seconds, 30.807 KiB/s Cycles per byte = 1267.69 AES-256-GCM-dec 50 KiB took 1.623 seconds, 30.807 KiB/s Cycles per byte = 1267.73 GMAC Default 478 KiB took 1.000 seconds, 478.000 KiB/s Cycles per byte = 81.71 3DES 375 KiB took 1.003 seconds, 373.878 KiB/s Cycles per byte = 104.48 MD5 10625 KiB took 1.000 seconds, 10625.000 KiB/s Cycles per byte = 3.67 SHA 5400 KiB took 1.000 seconds, 5400.000 KiB/s Cycles per byte = 7.23 SHA-224 1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte = 23.30 SHA-256 1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte = 23.30 SHA-384 1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte = 30.91 SHA-512 1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte = 30.91 SHA-512/224 1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte = 30.91 SHA-512/256 1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte = 30.91 SHA3-224 925 KiB took 1.006 seconds, 919.483 KiB/s Cycles per byte = 42.47 SHA3-256 875 KiB took 1.008 seconds, 868.056 KiB/s Cycles per byte = 45.02 SHA3-384 675 KiB took 1.010 seconds, 668.317 KiB/s Cycles per byte = 58.47 SHA3-512 475 KiB took 1.019 seconds, 466.143 KiB/s Cycles per byte = 83.77 SHAKE128 1075 KiB took 1.009 seconds, 1065.411 KiB/s Cycles per byte = 36.68 SHAKE256 875 KiB took 1.008 seconds, 868.056 KiB/s Cycles per byte = 45.02 RIPEMD 4325 KiB took 1.005 seconds, 4303.483 KiB/s Cycles per byte = 9.07 HMAC-MD5 10525 KiB took 1.000 seconds, 10525.000 KiB/s Cycles per byte = 3.71 HMAC-SHA 5375 KiB took 1.004 seconds, 5353.586 KiB/s Cycles per byte = 7.30 HMAC-SHA224 1675 KiB took 1.007 seconds, 1663.357 KiB/s Cycles per byte = 23.48 HMAC-SHA256 1675 KiB took 1.006 seconds, 1665.010 KiB/s Cycles per byte = 23.48 HMAC-SHA384 1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte = 31.38 HMAC-SHA512 1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte = 31.38 PBKDF2 0 KiB took 1.092 seconds, 0.200 KiB/s Cycles per byte = 194936.64 RSA 2048 public 48 ops took 1.001 sec, avg 20.854 ms, 47.952 ops/sec RSA 2048 private 2 ops took 9.438 sec, avg 4719.000 ms, 0.212 ops/sec ECC [ SECP256R1] 256 key gen 8 ops took 1.159 sec, avg 144.875 ms, 6.903 ops/sec ECDHE [ SECP256R1] 256 agree 8 ops took 1.154 sec, avg 144.250 ms, 6.932 ops/sec ECDSA [ SECP256R1] 256 sign 8 ops took 1.176 sec, avg 147.000 ms, 6.803 ops/sec ECDSA [ SECP256R1] 256 verify 4 ops took 1.119 sec, avg 279.750 ms, 3.575 ops/sec CURVE 25519 key gen 3 ops took 1.136 sec, avg 378.667 ms, 2.641 ops/sec CURVE 25519 agree 4 ops took 1.512 sec, avg 378.000 ms, 2.646 ops/sec ED 25519 key gen 73 ops took 1.004 sec, avg 13.753 ms, 72.709 ops/sec ED 25519 sign 62 ops took 1.007 sec, avg 16.242 ms, 61.569 ops/sec ED 25519 verify 40 ops took 1.033 sec, avg 25.825 ms, 38.722 ops/sec Benchmark complete
If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.
Download wolfSSL
Is my part supported?
If you are wondering if your part is supported by wolfSSL, the answer is “Yes!!” That said, what follows is an abbreviated incomplete list sorted by manufacturer:
Note: no matter how hard we try to make these lists, they will never be complete because the week after the list is made, there will be more to add.
Part | Manufacturer |
---|---|
S5L SoC | Ambarella |
GX-412TC SoC | AMD |
Xilinx Zynq Ultrascale+ XCZU9EG | AMD |
Xilinx Zynq Ultrascale+ | AMD |
Xilinx Zynq-7000 | AMD |
Xilinx Versal | AMD |
Xilinx ZCU102 | AMD |
Xilinx UltraZed-EG | AMD |
MAXQ1065 | Analog Devices |
MAXQ1080 | Analog Devices |
ADSP-BF516 | Analog Devices |
Apple A14 Bionic | Apple |
Apple M1 Max | Apple |
Apple M1 | Apple |
Apple A8 | Apple |
BCM5634 | Broadcom |
BCM6858 | Broadcom |
BCM6838 | Broadcom |
ARMv8 Cortex-A72 | ARM |
ARMv8 Cortex-A53 | ARM |
ARMv7 Cortex-A9 | ARM |
ARMv7 ARM Cortex-A8 | ARM |
SAMD21Xplained Pro | Atmel |
SAM E54 Xplained Pro Evaluation Kit | Atmel/Microchip |
WINC1500 Xplained Pro Extension Kit | Atmel/Microchip |
AVR UC3 Evaluation Kit – UC3-A3 Xplained | Atmel/Microchip |
CryptoAuth Xplained Pro Evaluation Kit | Atmel/Microchip |
CryptoAuthentication Kits | Atmel/Microchip |
PIC32 MX | Atmel/Microchip |
PIC32 MZ | Atmel/Microchip |
PIC24EP512GU810 | Atmel/Microchip |
PIC24FJ1024GB610 | Atmel/Microchip |
PIC32MZ Embedded Conecctivity STARTER KIT | Atmel/Microchip |
PIC32 Multimedia Expansion Board II | Atmel/Microchip |
PIC32 Ethernet Starter Kit | Atmel/Microchip |
Wi-Fi Client Module Demo Board | Atmel/Microchip |
PIC32CZ CA70 Xplained | Atmel/Microchip |
SAM L11 Xplained Pro | Atmel/Microchip |
NITROX III | Cavium |
NITROX V | Cavium |
PSoC6 | Cypress |
CYW43907 Evaluation Kit CYW943907AEVAL1F WICED | Cypress |
CT8200 ARM FA626TE | Dialight |
NS9210 | Digi |
ConnectCore 6 | Digi |
Arty A7-100T | Digilent |
ESP8266 | Espressif |
ESP32 | Espressif |
ESP32 WROOM | Espressif |
ESP32 WROVER | Espressif |
ESP32-S2 | Espressif |
ESP32-S3 | Espressif |
ESP32-C3 | Espressif |
ESP32-C6 | Espressif |
ESP32-H2 | Espressif |
SiFive Development Kit | HiFive |
LeMaker | HiKey |
TriCore AURIX TX3XX | Infineon |
ML600NG | GE |
GD32VF103 | GigaDevice |
Sipeed Longan Nano | GigaDevice |
Google Glass Explorer Edition Version 2.0 | |
Infineon TPM 1.2 Module | Infineon |
Core i3-7101 | Intel |
Core i5 | Intel |
Core i5 with SGX support | Intel |
Core i7-7600U | Intel |
Core i7-7820 | Intel |
Core i7-1255U | Intel |
Core i7-5850EQ | Intel |
Core i7-8569U | Intel |
Core i7-10610U | Intel |
Core i7-3720QM | Intel |
Core i7-2640M | Intel |
Atom C2558 | Intel |
Atom C3758 | Intel |
Atom D525 | Intel |
Atom E3930 | Intel |
Atom E3940 | Intel |
Xeon Gold 6338N | Intel |
Xeon Gold 6230N | Intel |
Xeon E5-2640 | Intel |
Xeon E5-2650 | Intel |
Xeon E5-2403 | Intel |
Xeon E5335 | Intel |
Xeon E3 | Intel |
Xeon E3-1225 | Intel |
Xeon 1275v3 | Intel |
Xeon W-2155 | Intel |
Xeon E-2234 | Intel |
Xeon E5-2603 | Intel |
Xeon Silver 4116 | Intel |
Xeon E-2244G | Intel |
Xeon X5650 | Intel |
Xeon Gold 5218 | Intel |
Xeon Silver 4316 | Intel |
Xeon Silver 4210 | Intel |
Galileo | Intel |
MCB1800 Evaluation Board & Starter Kit | Keil |
88PA6270 | Marvell |
WiFi 88MC200 | Marvell |
Octeon II | Marvell |
Octeon III | Marvell |
DS28C36 evaluation system | Maxim Integrated |
Azure Sphere MT3620 | Mediatek |
WiFi3 Click | MikroElektronika |
MinnowBoard V1 | MinowBoard |
MOD54415LC | Netburner |
nRF52840 | Nordic |
i.MX 6SoloX Arm® Cortex®-A9 | NXP/Freescale |
i.MX6 Quad/DualLite | NXP/Freescale |
i.MX6 DualLite ARMv7 Cortex-A9 | NXP/Freescale |
i.MX7 Arm® Cortex®-A7 | NXP/Freescale |
i.MX25 Arm9™ | NXP/Freescale |
i.MX 6ULL Arm® Cortex®-A7 | NXP/Freescale |
i.MX8 Quad Max | NXP/Freescale |
i.MX7 Dual ARM® Cortex-A7 | NXP/Freescale |
i.MX-RT1050 | NXP/Freescale |
i.MX-RT1060 | NXP/Freescale |
i.MX-RT1064 | NXP/Freescale |
i.MX-RT1170 | NXP/Freescale |
i.MX-RTxx | NXP/Freescale |
i.MX6 | NXP/Freescale |
i.MX5 | NXP/Freescale |
i.MX8 | NXP/Freescale |
MCF547X | NXP/Freescale |
MCF548X | NXP/Freescale |
Kinetis K50 | NXP/Freescale |
Kinetis K60 | NXP/Freescale |
Kinetis K70 | NXP/Freescale |
Kinetis K80 | NXP/Freescale |
Kinetis K64f | NXP/Freescale |
Kinetis K84f | NXP/Freescale |
Vybrid VF500 | NXP/Freescale |
StarCore SC3850 DSP | NXP/Freescale |
QorIQ T1024 | NXP/Freescale |
QorIQ T2080 | NXP/Freescale |
QorIQ P1021 | NXP/Freescale |
MPC8650 | NXP/Freescale |
LPC54606 | NXP/Freescale |
LPCXpresso18S37 | NXP/Freescale |
LPCXpresso43S37 | NXP/Freescale |
Coldfire MCF5484CZP200 | NXP/Freescale |
TWR-K70F120M Tower System module | NXP/Freescale |
TWR-SER serial module | NXP/Freescale |
TWR-ELEV primary elevator module | NXP/Freescale |
TWR-MCF5225X Tower System Module | NXP/Freescale |
FRDM-K82F | NXP/Freescale |
FRDM-K64F | NXP/Freescale |
FRDM-KL46Z | NXP/Freescale |
X-TWR-K80F150M-S | NXP/Freescale |
K81 for use with K80 development prototype | NXP/Freescale |
LCPXpresso Board | NXP/Freescale |
LPC General Purpose Shield | NXP/Freescale |
Wireless Mustang Sensor HW Development Package | Primex |
Snapdragon 865 | Qualcomm |
Snapdragon 835 APQ8098 / MSM8998 | Qualcomm |
QB6640-23UF SoC | Qualcomm |
Krait 400 | Qualcomm |
Pi Pico | RaspberryPi |
Pi2 | RaspberryPi |
Pi3 | RaspberryPi |
Pi4 | RaspberryPi |
Pi Zero | RaspberryPi |
rp2040 | RaspberryPi |
RX65N | Renesas |
RX72N | Renesas |
RX MPU | Renesas |
Synergy DK-S7G2 | Renesas |
EFM32G Gecko | Silicon Labs |
EFR32 | Silicon Labs |
SLWSTK6023A | Silicon Labs |
STM32C0xx | STM |
STM32L0xx | STM |
STM32G0xx | STM |
STM32F0xx | STM |
STM32F1xx | STM |
STM32L1xx | STM |
STM32F2xx | STM |
STM32F3xx | STM |
STM32L4xx | STM |
STM32G4xx | STM |
STM32F4xx | STM |
STM32WBxx | STM |
STM32WLxx | STM |
STM32F5xx | STM |
STM32U5xx | STM |
STM32L5xx | STM |
STM32F7xx | STM |
STM32H7xx | STM |
STM32H5xx | STM |
TNETV1050 | Texas Instruments |
TM4C1294 | Texas Instruments |
Tiva C Series TM4C1294 | Texas Instruments |
iMCU7200 EVB Evaluation Board | WIZnet |
If you do not see your part on this list, don’t worry. Please reach out to us at facts@wolfSSL.com, or call us at +1 425 245 8247 letting us know the details of your system and we can get you in touch with our porting experts. Chances are, it is already done!
If you do see your part and are wondering about benchmarking statistics you can also reach out to facts@wolfSSL.com for performance information. Check out our public benchmarks.
Download wolfSSL
Announcing wolfSSL sniffer support for key log files (SSLKEYLOGFILE)
We are excited to announce that the wolfSSL sniffer now supports TLS session decryption for recorded TLS traffic using a SSLKEYLOGFILE!
If you didn’t already know about our sniffer tool, it is a utility library built into wolfSSL that can be used to capture and decrypt live traffic or recorded PCAP traces. Previously, the sniffer could only decrypt traffic from sessions where either the static private key (RSA, ECC) or the ephemeral key (DHE, ECDHE) was known and able to be provided to the sniffer at runtime. This required keeping track of the private or ephemeral key files for every session you wanted to sniff, which was cumbersome for packet captures containing a large number of sessions, especially for TLS v1.3 where each session would require a new ephemeral key to decrypt.
If your server or client is able to generate a key log file (which wolfSSL can do with the `–enable-keylog-export` option), you can now simply register this file with the sniffer and the sniffer will be able to decrypt all applicable traffic in your packet capture, regardless of the cipher suite used!
To build wolfSSL with the sniffer enabled use the `–enable-sniffer` configure option. To enable key log file support in the sniffer, simply define `WOLFSSL_SNIFFER_KEYLOGFILE`:
./configure --enable-sniffer CFLAGS=“-DWOLFSSL_SNIFFER_KEYLOGFILE”
WolfSSL provides the snifftest demo application that demonstrates how to use the sniffer library to sniff traffic from both live and recorded packet captures. Using the snifftest app to sniff traffic from a packet capture with an associated key log file is as simple as running:
# Sniffs traffic from a server at 127.0.0.1 on port 11111 ./snifftest -pcap /path/to/your.pcap \ -keylogfile /path/to/your/keylogfile.log \ -server 127.0.0.1 \ -port 11111
For more information and examples showing how to get started with the sniffer, please refer to the snifftest demo application and README.
As always, if you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.
Download wolfSSL
Live Stream: Mastering the cURL Command Line
We are excited to announce that Daniel Stenberg, the creator of cURL, will be hosting a live stream on Mastering the cURL Command Line Training on August 31st at 9 am PT.
Check out: Mastering the cURL Command Line webinar
cURL, a versatile software project, enables you to securely transfer data using various protocols, such as FTP, FTPS, HTTP, HTTPS, and more.
During the live stream, Daniel will dive into the full potential of cURL and how you can utilize cURL in your projects to achieve maximum security in data transfer. Don’t miss out on this exclusive event to gain knowledge and technical skills directly from Daniel Stenberg, the creator of cURL!
Sneak peek of the live stream:
- An overview of the cURL project
- Command line essentials, including options, URLs, and advanced features
- Practical usage of cURL, covering topics like downloads, uploads, and transfer controls
- In-depth insights into TLS and proxy configurations
- Exploring HTTP protocols, including methods, response codes, and security
- Navigating FTP functionalities, including authentication and file transfers
- Looking at cURL’s future
During the webinar, you will discover the full potential of cURL, which can boost your projects, and learn technical skills.
If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL
Weekly updates
Archives
- December 2024 (16)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)