RECENT BLOG NEWS
Preliminary cryptographic benchmarks on new Apple A12Z Bionic Platform
wolfSSL is up and running and tested on Apple’s new A12Z platform, and with the right options it is blazing fast! The key options that we benchmarked include our out of the box defaults vs some key optimizations described below. Some notes to help you decipher these benchmarks:
- SP is Single Precision Math. It is a wolfSSL developed math library that is extremely well optimized for ARM environments and cryptographic math calculations.
- SP ASM is the assembly component of the SP math library.
- ARMASM is the assembly code functionality provided by ARM. As many of our savvy readers know, we have the best support for ARMv8 cryptography extensions, and they work great!
- MB/Sec is the number of megabytes of data that you can encrypt or decrypt per second. If you have big files to encrypt/decrypt, then you will really enjoy the power of SP math and the ARMv8 cryptography extensions!
- This is our first pass of optimizations for these benchmarks. We’ll do more, and we expect that a few more passes of optimizations will yield 20% to 40% more performance on any given cipher.
See below for more details!
Algorithm | Throughput (Default Options, MB/sec, higher is faster) | Throughput (SP + SP ASM + ARM ASM, MB/sec, higher is faster)) |
---|---|---|
RNG | 69.21 | 512.621 |
AES-128-CBC-enc | 228.03 | 1102.22 |
AES-128-CBC-dec | 255.75 | 6407.078 |
AES-256-CBC-enc | 171.38 | 848.61 |
AES-256-CBC-dec | 185.67 | 4103.814 |
AES-GCM-128-enc | 55.067 | 1344.808 |
AES-GCM-128-dec | 55.04 | 729.65 |
AES-256-GCM-enc | 51 | 1350.216 |
AES-256-GCM-dec | 50.967 | 708.081 |
CHACHA | 305.358 | 1284.298 |
CHA-POLY | 256.692 | 907.553 |
MD5 | 405.448 | 405.685 |
POLY1305 | 1616.658 | 3099.69 |
SHA | 453.143 | 587.883 |
SHA-256 | 151.601 | 1831.661 |
HMAC-MD5 | 405.415 | 405.678 |
HMAC-SHA | 452.972 | 576.566 |
HMAC-SHA256 | 151.556 | 1831.624 |
HMAC-SHA512 | 302.308 | 367.16 |
Algorithm | Throughput (Default Options, ms/op, lower is faster) | Throughput (SP + SP ASM + ARM ASM, ms/op, lower is faster) |
---|---|---|
RSA 2048 Pub | 0.612 | 0.022 |
RSA 2048 Priv | 6.274 | 0.722 |
DH 2048 Key Gen | 1.339 | 0.338 |
DH 2048 Key Agree | 2.008 | 0.338 |
ECC 256 Key Gen | 2.554 | 0.022 |
ECC 256 Key Agree | 2.54 | 0.061 |
EC-DSA Sign | 2.653 | 0.034 |
EC-DSA Verify | 1.76 | 0.073 |
To enable SP + SP ASM + ARM ASM and achieve maximum performance on Apple’s A12Z, pass in the following options to configure:
./configure --host=aarch64-apple-darwin --enable-sp --enable-sp-asm --enable-armasm
Note that the host flag is only required if the host is not detected as aarch64 by default. Check config.log after running configure to confirm this.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
What’s the difference between SSL and TLS?
Both SSL and TLS are terms that refer to protocols designed to secure communications over the Internet. They stand for Secure Socket Layer and Transport Layer Security, respectively.
Historical Background
SSL was designed by Netscape Communications and implemented in their browsers; several vulnerabilities were discovered in SSL, and the version was upgraded to continue revisions in terms of security. However, with the discovery of vulnerabilities due to the POODLE attack, the last specification, SSL 3.0 was also discontinued by the Internet Engineering Task Force (IETF) in 2015. After this, SSL should not be used.
In 1996, before SSL was decommissioned, the IETF started to develop a specification for TLS, and TLS continued to be revised to include countermeasures against new attack methods discovered one after another, with the now widely used TLS 1.2 being established in 2008. The most current standard is TLS 1.3, which was published in August 2018.
SSL and TLS have different names, but the purpose and role are the same, and the two are often used interchangeably. wolfSSL also still uses “SSL” in its company and product names.
Differences in Specifications
Both SSL and TLS provide a means to encrypt and exchange data on the communication path (usually TCP/IP). Major 3 processes are:
- Authenticate the other party to communicate
- Determine a method and key to encrypt communication data
- Encrypt and decrypt communication data
It is said that the difference between the first version of TLS, TLS1.0, and the last version of SSL, SSL3.0, in terms of this feature, was minimal. Therefore, rather than knowing this boundary, it is more meaningful to know how the current TLS1.3 specification has changed.
What is the difference between TLS 1.3 and before?
The following specification changes have been made:
* Sifted through encryption algorithms and change encryption suite notation
* Reduced and sped up packet round trips by reorganizing handshake messages
* Encryption begins earlier in the handshake
Cryptographic suites previously had hundreds of definitions. The number of algorithms has been reduced to 5 by removing the algorithms that are no longer used, limiting them to essential algorithms, and organizing the encryption suite notation. Only the temporary key Diffie-Hellmann remained as the key exchange algorithm. Packet round-trip during handshaking is minimized to one round-trip. Also, encryption is performed in the middle of the handshake. The TLS 1.3 specification is designed to improve both security and communication speed.
Conclusion
Both SSL and TLS are still used interchangeably to refer to handshakes performed on clients and servers. However, SSL as a specification term is now a specification of the past and is not used in actual products. As of 2020, even servers that use TLS 1.1 will receive security warnings from typical browsers. The difference between SSL and TLS will only be questioned when looking back on history.
What’s important as a TLS user is to be aware of the differences between TLS 1.3 and the current mainstream TLS 1.2.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
Related page:
What is a Cipher Suite?
A Cipher Suite is a set of cryptographic instructions or algorithms that helps secure network connections through Transport Layer Security(TLS)/Secure Socket Layer (SSL). It helps determine how your web server will communicate secure data over HTTPS, and makes sure to secure the communications between client and server.
To start a HTTPS connect, the web server and the client perform what is a SSL handshake. The SSL handshake is a process that leverages various cryptographic functions to achieve a HTTPS connection. During the handshake, the two parties agree on a cipher suite, which is then used to secure the HTTPS connection.
During the handshake, the cipher suite typically uses these algorithms;
-
- Key Exchange Algorithm
- A method by which keys can be exchanged
- Ex: RSA, DH, ECDH, ECDHE, PSK
- Bulk Encryption Algorithm
- A method by which symmetric key algorithms will be used to encrypt data
- Ex: AES, 3DES, CAMELLIA, ARIA
- Authentication Algorithm
- A method that dictates how server authentication and client authentication is implemented
- Ex: RSA, DSA, ECDSA
- Message Authentication Code (MAC) Algorithm
- A method that determines which connections to use for data integrity checks
- Ex: SHA, MD5, POLY1305
- Key Exchange Algorithm
These ciphers are used at various points of the connection to perform authentication, key generation and exchange, and a checksum to ensure integrity. The client and web server will start by deciding which specific algorithms to use in the cipher suite.
A typical Cipher Suite contains 1 key exchange, 1 bulk encryption, 1 authentication, and 1 MAC algorithm. C
Here is an example from Security Boulevard
“Starting from left to right, ECDHE determines that during the handshake the keys will be exchanged via ephemeral Elliptic Curve Diffie Hellman (ECDHE). ECDSA or Elliptic Curve Digital Signature Algorithm is the authentication algorithm. AES128-GCM is the bulk encryption algorithm: AES running Galois Counter Mode with 128-bit key size. Finally, SHA-256 is the hashing algorithm.”
Why Cipher Suites are Important
Cipher suites are important for ensuring the security, compatibility and performance of the HTTPS connections. The cipher suite is like a recipe that dictates which algorithms to use to make secure and reliable connections.
- Security – The security level of the HTTPS traffic (or the safety of both server and client data) depends on the cipher suites the web server uses
- Compatibility – The compatibility of the HTTPS traffic (or who has access to errors, warnings etc) depends on the cipher suites the web server uses
- Performance – The performance of the HTTPS traffic (or the page speed) depends on the cipher suites the web server uses.
wolfSSL and Cipher Suites
wolfSSL is modular. We’ve got two key modules: wolfSSL handles all TLS/SSL needs while wolfCrypt handles all cryptographic needs including block ciphers, stream ciphers, message digests, hashing, public key cryptography, certificates, and various helper utilities.
The wolfCrypt cryptography engine is a lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfCrypt supports the most popular algorithms and ciphers as well as progressive ones such as HC-128, RABBIT, and NTRU. wolfCrypt is stable, production-ready, and backed by our excellent team of security experts.
A complete description of wolfCrypt and our ciphers is available here: https://www.wolfssl.com/docs/wolfssl-manual/ch10/.
Conclusion
Cipher suites are an integral part of how websites function over HTTPS. They are a combination of ciphers used during the SSL/TLS handshake to determine the security settings of an HTTPS connection. Choosing and maintaining the appropriate cipher suites, both in the web server and the client, is important to ensure the security, performance, and compatibility of your HTTPS communications.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSLs’ Proprietary ACVP client
ANNOUNCEMENT:
wolfSSL is very proud to let our FIPS community know that wolfCrypt has received its’ first two consolidated ACVP vector certificates!
Both of these consolidated certificates were for embedded operating environments (OEs’) and wolfSSL will soon be working on adding a Linux 4.4 on ARM OE, CMSIS-RTOS on EFM32 OE, WINCE on ARM OE and more!
BACKGROUND:
As many in the FIPS world are aware NIST retired CAVP (Cryptogrphic Algorithm Validation Protocol) testing on June 30th of 2020, permanently replacing CAVP with ACVP (Automated Cryptographic Validation Protocol), also referred to as ACVTS (Automated Cryptographic Validation Test System).
In order to prepare for this transition NIST offered a “demo server” that Vendors like wolfSSL and FIPS Labs could utilize in standup of the new protocol. Once the transition was completed NIST also setup “production servers” which only FIPS Labs with a trusted certificate issued by NIST can connect to. Production Vectors passing are now the gateway to Algorithm Certification (IE certs like the ones wolfSSL just received!).
Algorithm Certification is a prerequisite to CMVP FIPS 140-2 (and 140-3) validations. This design keeps in place the need for a FIPS lab to achieve algorithm certification but it now allows for Vendors such as wolfSSL to pre-test in advance of requesting production vectors for certification!
USE-CASES:
The ACVP client wolfSSL has developed can do several things:
- Connect to the demo server, request test vectors for 1 (or many) algorithms, process them, and return the responses ultimately receiving either a “pass” or “fail” result.
- Support for testing on full Operating System such as Linux/Windows/Unix
- Support for testing on embedded Operating Environments (Yes even those that are barely above bare-metal)!
- Process JSON files received from a FIPS lab containing production vectors and write out JSON response files for returning to a FIPS lab.
- Support for testing on full Operating System such as Linux/Windows/Unix
- Support for testing on embedded Operating Environments (even those that are barely above bare-metal)!
- The wolfSSL ACVP client also has some local known-answer tests it can run to check algorithms without an RNG component IE most bulk encryption algorithms without an integrity check, and hash algorithms. Bulk encryption algorithms with an integrity check, public key algorithms, and the DRBG can only be sanity-checked against the demo server as the outputs are random and can not be simply diffed with a static known-answer test file.
Users who may want to prepare in advance for the possibility of doing a FIPS validation could use the wolfSSL proprietary ACVP client to test their implementations are ready before pulling the trigger on a FIPS effort with a FIPS lab! If you have any questions or are interested in hearing more about the wolfSSL ACVP client or having wolfSSL validate an Operating Environment so that you can win those deals with customers that need a FIPS validated software module, please contact us at support@wolfssl.com or fips@wolfssl.com anytime!
Sources:
https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cst-lab-transition
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSL Has Blazing Fast Throughput for Key Ciphers
We at wolfSSL have recently been benchmarking the performance of our core TLS read and write functions, wolfSSL_read and wolfSSL_write. With assembly optimizations enabled, read and write throughput can reach well over 1 GB/s! The data in the charts below was collected using an Intel Core i5-7300HQ CPU @ 2.50GHz and Ubuntu 18.04.4 LTS. Server and client were both run on this machine, with each given exclusive access to its own CPU core. Benchmarking was done for both TLS version 1.2 and 1.3. We picked a few widely used ciphers and measured throughput on the client side of the TLS connection after the handshake was complete, transmitting 1 MB to the server and receiving 1 MB back. For each cipher, we did this 1000 times and averaged the throughput in each direction (RX and TX). We collected data using our crypto library (wolfCrypt) built with assembly optimizations (configure option –enable-intelasm) and without. If you’re looking for a high throughput TLS implementation, check out wolfSSL!
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
FIPS 140-3 and KDF’s (Key Derivation Functions)
Hi! As our readers know, wolfSSL produces the first embedded TLS library that has begun testing for the new FIPS 140-3 standard, as listed here: https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/iut-list
One of the things that is critical to our users is Key Derivation Functions, which are explained here: https://en.wikipedia.org/wiki/Key_derivation_function
Key derivation functions are consumed by TLS 1.2, TLS 1.3, and SSH. We will support KDF’s for all three in our new FIPS 140-3 certificate.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfTPM Support for Parameter Encryption
The TPM feature for parameter encryption and HMAC verification has been added to wolfTPM! The TCG TPM 2.0 specification allows protection of the first parameter of a command or response using parameter encryption. When using an authenticated session it also adds HMAC validation to prove the TPM entity is trusted and integrity of command and response.
Encryption is supported using AES CFB or XOR. The authenticated sessions now support salted unbound sessions with HMAC or Policy type.
The effort was integrated in this GitHub pull request: https://github.com/wolfSSL/wolfTPM/pull/129 and is in the wolfTPM v2.0 release.
Features:
- Added AES CFB support
- Added calculation of command hash and HMAC for sessions
- Added response HMAC validation
- Fixes and cleanups for KDFa
- Added KDFa unit test (passes)
- Inlined the param encryption buffers
- Added “-aes” and “-xor” options to most examples to enable parameter encryption
- Refactor of the session authentication
- Fixes for nonce and auth count
- Added support for encrypted RSA salt and salted-unbounded session
- Added innerWrap and outerWrap support for sensitive to private
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
Support for Apache httpd 2.4.46
The wolfSSL team is happy to announce support for the latest version of Apache httpd, 2.4.46, with both our standard and FIPS-compliant code. In addition to building wolfSSL with –enable-apachehttpd, users will also need to add –enable-postauth. To support this latest version, we have added new OpenSSL compatibility functions to wolfSSL, updated our Apache httpd documentation, and implemented patch code for httpd to make it play with wolfSSL.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSL Support’s Has Speedy Response Times
wolfSSL provides the most secure embedded SSL/TLS libraries. Our products are run by high-powered, lightweight encryption engines for maximum efficiency and speed. But in the case that a client’s needs are not met, our products are followed by an exceptional support team.
We have established a channel to hear questions or concerns through support@wolfssl.com. On this platform, we receive over 1400 support inquiries throughout the year that range from simple logistical procedures such as certificate signings to more complex issues users may have such as RSA operations assistance, optimizing performance or build size and more. Upon receiving an inquiry, the appropriate members of the wolfSSL support team are contacted for personal consultation. Instead of forwarding your concerns to a call center where information is ambiguous and answers can be nebulous, we pair you up with individuals who are specialized in your specific area of concern, all of whom have directly contributed to the product itself. Our clients have their questions answered to the full extent by professionals who understand the product and can explain the process in a concise, cohesive, and intuitive manner.
The speed of wolfSSL support is reflected by the speed of our technologies. On average, our support inquiries are resolved in less than 2 hours. With our premium support package, many wolfSSL support tickets are resolved in under 30 minutes, due to our emphasis on timeliness and getting you connected to the right person. Our fast turnaround times are incredibly beneficial in high-pressure environments and time-sensitive projects. We offer the type of support that lets you quickly get to a resolution and gets your focus back on your project.
wolfSSL Support is offered at four levels. Depending on the coverage needed, there is a tailored package for you. More details on our packages can be viewed on wolfSSL’s support options page at www.wolfssl.com/products/support-packages/.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSL also supports TLS 1.3! More information can be viewed here: https://www.wolfssl.com/docs/tls13/.
wolfSSL Renesas TSIP Support
The wolfSSL embedded SSL/TLS library supports the Renesas Trusted Secure IP Driver (TSIP) and has been tested on the Renesas RX65N platform. Using the TSIP driver, wolfSSL can offload supported cryptographic and TLS operations to the underlying Renesas hardware for increased performance.
Supported TSIP Capabilities
wolfSSL has been integrated with the following TSIP capabilities:
- TSIP driver open/close
- Random number generation, tested with SP 800-22
- SHA-1 and SHA-256 hash function support
- AES-128-CBC and AES-256-CBC support
- TLS capabilities including:
- Root CA verification
- Client and/or Server certificate verification including intermediate certificate verification
- Support for four TLS cipher suites:
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA256
Function TSIP API
TSIP driver open/close R_TSIP_Open
R_TSIP_Close
Random Number Generation R_TSIP_GenerateRandomNumber
SHA-1 and SHA-256 R_TSIP_Sha1/256Init
R_TSIP_Sha1/256Update
R_TSIP_Sha1/256Final
AES-128-CBC and AES-256-CBC R_TSIP_Aes128/256CbcEncryptInit
R_TSIP_Aes128/256CbcEncryptUpdate
R_TSIP_Aes128/256CbcEncryptFinal
R_TSIP_Aes128/256CbcDecryptInit
R_TSIP_Aes128/256CbcDecryptUpdate
R_TSIP_Aes128/256CbcDecryptFinal
Root CA Verification R_TSIP_GenerateTlsRsaPublicKeyIndex
R_TSIP_TlsRootCertificateVerification
Client or Server Certificate Verification R_TSIP_TlsCertificateVerification
TLS cipher suite support including AES-128-CBC, AES-256-CBC R_TSIP_TlsGeneratePreMasterSecret
R_TSIP_TlsEncryptPreMasterSecret
R_TSIP_TlsGenerateMasterSecret
R_TSIP_TlsGenerateSessionKey
R_TSIP_TlsGenerateVerifyData
R_TSIP_Sha1/256HmacVerifyInit
R_TSIP_Sha1/256HmacVerifyUpdate
R_TSIP_Sha1HmacVerifyFinal
The Renesas TSIP driver is outside the scope of the wolfSSL package download and needs to be obtained externally from Renesas.
Building wolfSSL with RX65N and TSIP Support
Support for Renesas RX65N and TSIP can be enabled at compile-time in wolfSSL by defining one or both of the following defines:
WOLFSSL_RENESAS_TSIP – enables Renesas TSIP support
WOLFSSL_RENESAS_RX65N – enables support for Renesas RX65N
wolfSSL TSIP Benchmarks
The following benchmarks show the performance improvement when using hardware cryptography on the Renesas RX65N through the Renesas TSIP driver.
Algorithm Software Crypto TSIP Accelerated Crypto
RNG 231.160 KB/s 1.423 MB/s
SHA 1.239 MB/s 22.254 MB/s
SHA-256 515.565 KB/s 25.217 MB/s
Cipher Suite Software Crypto (sec) TSIP Accelerated Crypto (sec)
TLS_RSA_WITH_AES_128_CBC_SHA 0.381 0.028
TLS_RSA_WITH_AES_128_CBC_SHA256 0.383 0.028
TLS_RSA_WITH_AES_256_CBC_SHA 0.382 0.030
TLS_RSA_WITH_AES_256_CBC_SHA256 0.385 0.029
Our tests have shown that the implementation of TSIP Accelerated Crypto increased processing speed by an average of 2334%, resulting in 92% faster processing times.
Limitations of TSIP with wolfSSL
The following limitations exist when using wolfSSL with Renesas TSIP:
- TSIP TLS capabilities are fully available only when using one of the TSIP-supported cipher suites. These cipher suites include:
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA256
- The TSIP TLS capabilities support generation of the normal TLS master secret, but do not support the TLS Extended Master Secret Extension. TSIP TLS is not available when Extended Master Secret is used.
- The TSIP TLS certificate verification capability is only available when verifying a certificate signed by “RSA 2048 PSS with SHA-256”.
- The TSIP TLS capability, common cryptography, is available on client-side only. Server-side is not currently supported by the TSIP driver.
- TSIP uses one root CA certificate bundle signature signed by RSA-2048-PSS with SHA-256 available at runtime. When using a different root CA for TSIP TLS capabilities, applications need to call wolfCrypt_Init() to reset the TSIP driver state, then inform TSIP of a new signature and key through the tsip_inform_cert_sign() and tsip_inform_user_keys() APIs.
References
TSIP (Trusted Secure IP) Module Firmware Integration Technology APPLICATION NOTE Rev. 1.06
Support
More information on using wolfSSL in combination with Renesas and wolfSSL’s support for Renesas can be found here: https://www.wolfssl.com/docs/renesas/
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
Weekly updates
Archives
- November 2024 (26)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)