Azure Removing TLS 1.0 & TLS 1.1
Are you prepared for the upcoming security enhancements in Azure, which will remove support for TLS 1.0 and TLS 1.1? By the end of October, Azure will no longer accept connections using TLS 1.0 and TLS 1.1 (Azure announcement). This is great news! The older TLS protocols are less secure compared to the newer TLS 1.2 and TLS 1.3 standards. wolfSSL supports both TLS 1.2 and TLS 1.3, and can assist in upgrading your product’s security to prepare for the deprecation of TLS 1.0 and TLS 1.1 in Azure.
For more information and upgrade assistance contact facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Securing medical and industrial/connected products using WolfTPM and ST33KTPM
Explore the security features of the ST33KTPM TPM 2.0 module and learn how to apply them to real-world use cases. We’ll also cover using STM32CubeIDE tools for TPM 2.0 and Secure Boot, including a live demo.
Register today: Securing medical and industrial/connected products using WolfTPM and ST33KTPM
Date: September 19th | 9 AM PT
The need to secure connected products is integral to FDA and other industrial/infrastructure specifications for OEM products, where compromises could have significant impacts and liabilities.
Learn why using ST’s FIPS140-3 and Common Criteria certified ST33KTPM for your products’ connected identity and root-of-trust meets government security standards.
We’ll introduce wolfTPM, simplifying TPM use for secure identity, secure boot, and secure data management with MCU/MPU devices. This session includes using the STM32CubeIDE tools to generate a wolfSSL project supporting TPM use-cases on the STM32H753.
We’ll review installing long-lived identities, comparing a TPM shipped securely personalized by ST versus applying these identities in the security IP of an MPU/MCU/SoC, the foundation of your device’s secure identity and root-of-trust.
- Security drivers impacting medical/industrial/infrastructure products and how using a certified ST33KTPM serves them
- Comparison of the security achievable with and without using an certified ST33KTPM
- The advantages of using a TPM with pre-installed long-lived identities
- Integration of all the above into an STMicroelectronics high performance MCU (STM32H753) WolfSSL example and including the simplification of device personalization by using a pre-personalized ST33KTPM.
- Secure boot (WolfBoot) using ST33KTPM
Duration: 60mins
Seats are limited. Register now for this informative webinar!
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfProvider v1.0.1 Release
wolfSSL is proud to announce the release of wolfProvider 1.0.1. This release contains several fixes and improvements. Most notably, we have added AES CFB support. A better logging of code execution has been added to make debugging easier. Scripted compilation of dependencies (such as wolfSSL and OpenSSL) have been added to get started easier.
wolfProvider is intended for use by customers who want to have a FIPS validated module, but are already invested with using OpenSSL. The provider gives drop-in replacements for the cryptographic algorithms used by OpenSSL. The wolfProvider uses the wolfCrypt engine underneath which is FIPS 140-3 certified.
Refer to the README.md found in the release for usage instructions. We also maintain a ChangeLog.md for a list of changes in each release.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfCrypt FIPS 140-3 on ARM
Do you need a FIPS 140-3 validated cryptography library for your ARM-based platform? wolfCrypt has been FIPS 140-3 validated (certificate #4718). While full FIPS 140-3 support on ARM isn’t available just yet, it’s on our radar. We’re making strides to bring this capability to you soon.
FIPS validating a crypto library on a resource-constrained device can be more involved than doing a validation on a standard desktop-like platform. Variances in OS, Flash/RAM, filesystem (or lack of), entropy, communication, and more can make things interesting. Going through our past ARM-based validations, we have figured out how to make this process easier with wolfCrypt!
If you are interested in exploring FIPS 140-3 cryptography validations on ARM platforms, reach out to us at either facts@wolfSSL.com or +1 425 245 8247!
To learn more about our FIPS 140-3 certification, check out wolfCrypt FIPS Q&A.
Download wolfSSL Now
New FIPS Operating Environments
wolfSSL fans! Do you like FIPS? Do you like virtual machines? Guess what – wolfSSL’s crypto library, wolfCrypt, has been validated as the world’s first SP800-140Br1 FIPS 140-3 certificate! However, with the recent changes to the FIPS submission process, OE additions are slightly delayed via a manual process until such time as the CMVP can update the automated WebCryptik tool to support OEUP scenarios. wolfSSL Inc. is moving forward with our CSTL hoping to achieve our first OEUP manual submission in the very near future! As the landscape continues to evolve, wolfSSL remains committed to keeping wolfCrypt compliant with the latest FIPS standards. Stay tuned for more updates!
If you’re interested in getting a FIPS 140-3 approved crypto library running in your virtual or any operating environment, or if you have any questions about the process, please don’t hesitate to contact us at fips@wolfSSL.com or facts@wolfSSL.com, or call us at +1 425 245 8247. We look forward to hearing from you.
Download wolfSSL Now
wolfSSL FIPS-Ready
Several years back with the release of wolfSSL 4.0.0, the wolfSSL team decided to also start releasing a new product: the wolfSSL FIPS Ready library. This product features new, state of the art concepts and technology. In a single sentence, wolfSSL FIPS Ready is a testable and free to download open source embedded SSL/TLS library with support for FIPS validation, with FIPS enabled cryptography layer code included in the wolfSSL source tree. To further elaborate on what FIPS Ready really means, you do not get a FIPS certificate and you are not FIPS validated or approved. FIPS Ready means that you have included FIPS code ready to be certified by the CMVP into your build and that you are operating according to the FIPS enforced best practices of default entry point, and Pre-Operational Self Test (POST) plus Conditional Algorithm self test (CAST).
FIPS validation is a government certification for cryptographic modules that states that the module in question has undergone thorough and rigorous testing to be certified. FIPS validation specifies that a software/encryption module is able to be used within or alongside government systems. The most recent FIPS specification is 140-3, with various levels of security offered (1-4). Currently, wolfCrypt has the world’s first SP800-140Br1 FIPS 140-3 validation with Certificate #4718! When trying to get software modules FIPS validated, this is often a costly and time-consuming effort and as such causes the FIPS validated modules to have high price tags.
Since the majority of wolfSSL products use the wolfCrypt encryption engine, this also means that if wolfSSH, wolfMQTT (with TLS support), wolfBoot, and other wolfSSL products in place can be tested FIPS validated code with their software before committing.
wolfSSL FIPS Ready can be downloaded from the wolfSSL download page.
For more information about wolfSSL and its FIPS Ready initiative, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Quantum Leap in Avionics: Enhancing Security, Airworthiness, and Safety
Explore the latest advancements in avionics security with industry leaders wolfSSL and SYSGO. Discover how our cutting-edge solutions and certifications are driving a quantum leap in security, airworthiness, and safety across critical aerospace systems.
Register Today: Quantum Leap in Avionics: Enhancing Security, Airworthiness, and Safety
Date: September 12th | 7 AM PT
Learn why wolfSSL and SYSGO are key to advancing avionics security.
Discover wolfSSL top-tier security solutions, including a lightweight, FIPS 140-3 validated TLS/SSL library designed for real-time embedded systems. With high performance, a small footprint, and compatibility with industry standards like DO-178C and protocols such as TLS 1.3, wolfSSL ensures secure communication while maintaining compliance and reliability in avionics applications.
Learn about SYSGO’s PikeOS, which offers advanced real-time operating systems and embedded virtualization. Its robust partitioning and isolation ensure critical avionics systems operate securely and reliably, with a strong emphasis on safety certification and compliance with standards like DO-178C.
This webinar will cover:
- Technology overview from SYSGO and wolfSSL
- Competitive differentiators from wolfSSL: What sets us apart from the competition
- SYSGO products and certification: Insights into SYSGO’s offerings and their certifications within industry standards
Don’t miss this opportunity to learn from industry leaders, gain valuable insights, and witness next-gen avionics security in action. Register today!
Duration: 60 minutes
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 and CNSA 2.0 with a Single TLS Connection
Can you believe it? With wolfSSL you can now have a TLS 1.3 connection that is compliant with both FIPS 140-3 and the CNSA 2.0! Want to know how?
For key establishment, we can use the new ML-KEM-1024 (also known as Kyber-1024 which is at security level 5 as defined by NIST) hybridized with ECDH on curve P-521.
In terms of authentication, we can use our dual algorithm certificates where the conventional algorithm is ECDSA on curve P-521 and the alternative algorithm is ML-DSA-87 (also known as Dilithium 5 which is at security level 5 as defined by NIST). The server would then also have conventional and alternative private keys so they would both be used to sign the transcript.
For the cipher suite, We can use AES-256-GCM-SHA384; this is approved by both FIPS 140-3 and CNSA 2.0.
And just like that, we have dual compliance! Want more details and a demo with steps to do it yourself? Not to worry, we’ll have a webinar soon to explain how you can achieve this yourself as well! Please stay tuned.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Do you have code that can be upgraded to Post Quantum?
By now most people interested in security have heard about the NIST Post Quantum Announcement and the specific algorithms derived from CRYSTALS-Dilithium, CRYSTALS-KYBER and SPHINCS. Our team was there at the White House!
We’ve had experimental Post Quantum support for years. See our blog from 2021: Hybrid Post Quantum Groups in TLS 1.3. Post Quantum has also been in cURL since 2021 as well. We’ve developed PQ libraries that work on everything from the largest computer systems to the smallest devices such as the Espressif ESP32!
But do you know if and how your code can be upgraded to take advantage of these new standards? We can help! We have a variety of public and internal tools that can be used to quickly and efficiently search your codebase for API calls that are targets for Post Quantum upgrades.
When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #4718.
For more details, see our blog What is FIPS (In-Depth Overview).
Have specific requests or technical questions? We’d love to hear from you! Please reach out to us at support@wolfSSL.com or open an issue on GitHub. For general inquiries, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Rapid prototyping with Arduino and wolfSSL
Do you have an idea for a project but want a quick prototype without the hassle of a custom board? We’re happy to announce that our latest wolfSSL v5.7.2 library is now available in the Arduino Registry for rapid prototypes.
Just type “wolfSSL” in the Library Manager of the Arduino IDE. If nothing happens right away, check to see if the IDE is downloading updates as indicated in the lower-right corner of the app and wait for the process to complete.
There are TLS Client and Server apps, as well as a bare-bones Hello World that just prints the wolfSSL version. See the bottom of the list in Files – Examples – “Examples from Custom Libraries” in the IDE.
Just edit the SSID and Password:
All of the source code is available at: https://github.com/wolfSSL/Arduino-wolfSSL. We also have a more detailed Getting Started with wolfSSL on Arduino guide.
Want to check performance? Check out our recent blog: How do you benchmark cryptography?
When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #471.
See our prior blogs on:
- What is the difference between FIPS 140-2 and FIPS 140-3?
- FIPS vs FedRAMP Compliance and Requirements
The What is FIPS (Quick Overview) blog also applies to RISC-V with regards to how your RISC-V Operating Environment (“OE”) can be certified:
- You send us your hardware and toolchain.
- We run the initial tests which ensure the cryptography module behaves according to specification given your specific hardware and operating system.
- The CMVP certified lab runs and verifies the tests and their documentation.
- The test results are submitted to CMVP for review.
- Your specific operating environment is added to our certificate.
- You are FIPS 140 compliant in 60-90 days.
For more details, see our blog What is FIPS (In-Depth Overview).
Have specific requests or technical questions? We’d love to hear from you! Please reach out to us at support@wolfSSL.com or open an issue on GitHub. For general inquiries, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now