Category: Uncategorized

Release 2.9.4 includes important Security Fixes for issues found by Ivan Fratric of the Google Security Team and Suman Jana with security researchers at UT Austin and UC Davis.  CVE details to be posted today for issues with memory corruption, null pointer deference, out of bound read, and unknown certificate extensions.  All users should upgrade […]

Read MoreMore Tag

A recently-discovered bug in OpenSSL’s implementation of the TLS Heartbeat Extension makes it possible for malicious attackers to potentially recover the private keys and sensitive data that should normally be secured by SSL/TLS. The vulnerability has been recorded as CVE-2014-0160. The purpose of this note is not to gloat over a competing projects problems, as […]

Read MoreMore Tag

If you missed our recent presentation at FOSDEM, we just put our slide deck up online at the following URL: https://speakerdeck.com/wolfssl/wolfssl-year-in-review wolfSSL made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in an ever-growing range of platforms and environments. These slides (and talk) provides an […]

Read MoreMore Tag

The new release of wolfSSL, v2.9.0, is now ready to download from our website. New features include: Platforms: – Freescale Kinetis * RNGB support (K53 Sub-Family Reference Manual, Chapter 33) * mmCAU support (ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User Guide) – Microchip * MPLAB Harmony support TLS Extensions: – Supported Curves – Secure […]

Read MoreMore Tag

We are back to talk about TLS extensions again. Today we present the addition of Supported Elliptic Curves on wolfSSL! RFC 4492 introduces five new ECC-based key exchange algorithms for TLS: ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA and ECDH_anon. However, it may be desirable in constrained environments to only support a limited number of curves. When a […]

Read MoreMore Tag

Hi!  Do you need OCSP (Online Certificate Status Protocol) in wolfSSL?  We added OCSP as a wolfSSL feature back in 2011.  At this point it is well tested by our users and well into the deployment phase.  More information on the protocol is available here:  http://www.ietf.org/rfc/rfc2560.txt.  The gist of the feature is that a client […]

Read MoreMore Tag

Hi!  If you`re interested in smart grid security, and specifically the security required when connecting an electric car to the smart grid, this post is for you! wolfSSL has recently been supporting the development efforts of eNterop (as of 26 March 2018 at 9:30m MDT, this link no longer works and has no alternative), which is […]

Read MoreMore Tag

2013 was an interesting year in the world of cryptography and computer security.  We have seen and mitigated against attacks such as Lucky13 and watched with interest as existing technologies such as Dual_EC_DRBG have become widely regarded as insecure.  wolfSSL has been happy to provide our users with timely fixes, suggestions, and new technologies to […]

Read MoreMore Tag

Hi!  Someone told us the other day that Software Defined Networking (SDN) is stupid.  No way will SDN ever replace the high end networking gear, we were told. We were reminded of a scientific study that proved unequivocally that babies are stupid, courtesy of The Onion.  But of course babies grow, and eventually have much greater […]

Read MoreMore Tag

wolfSSL will be presenting a session titled “Technologies and Techniques for Securing Connected Devices” at the upcoming 2014 Embedded World Conference in Nürnberg, Germany. If you are going to be attending the conference, we welcome you to come and listen to our presentation. Technologies and Techniques for Securing Connected DevicesSession: 17Day: 02.27.2014Time: 11:30am – 12:00pmSpeaker: […]

Read MoreMore Tag