Category: Uncategorized

wolfSSL at Embedded World 2025: Pioneering Advanced Cryptographic Solutions

Secure your Embedded Projects with wolfSSL, the Leader in Advanced Cryptographic Protocols

wolfSSL is returning to the Embedded World Exposition and Conference in 2025, bringing the best-tested cryptography and industry-leading security solutions for embedded systems.

Join us March 11th – 13th in Nuremberg, Germany. Visit Hall 4, Booth #4-201a to explore how wolfSSL’s advanced cryptographic protocols and open-source cybersecurity solutions can safeguard your embedded projects.

Schedule a one-on-one meeting with our cryptography experts – email us at facts@wolfssl.com to book a meeting.

With over 5 billion secured connections, wolfSSL continues to set the standard for embedded security. Backed by the largest cryptography-focused engineering team, our solutions ensure seamless integration, maximum efficiency, and future-proof security across industries. Get started today: wolfssl.com/download.

Live Demos at Embedded World 2025

Join us at Hall 4, Booth #4-201a, and partner booths to see live demonstrations showcasing secure boot, post-quantum cryptography, TLS acceleration, and more.

  • Demo 1: Launching Safe and Secure Systems with Intel, Curtiss Wright, wolfSSL and SYSGO
    Location: Hall 4, Booth #4-201a

    Secure boot is essential for mission-critical systems. This demo highlights wolfBoot integrated with wolfCrypt, running on Curtiss-Wright’s VPX3-1262 SBC with 13th Gen Intel Core i7 and SYSGO PikeOS RTOS. See how DO-178C DAL-A certifiable wolfBoot and wolfCrypt protects avionics systems.

  • Demo 2: wolfSSL and NXP / Infineon
    Location: Hall 4, Booth #4-201a

    Power up your embedded security with wolfSSL (TLS), wolfMQTT, wolfSSH, and wolfTPM on NXP FRDM-MCXN947 (Cortex-M33, 150MHz) with Infineon SLB9673 TPM 2.0, ensuring secure communication and authentication. Also, explore wolfBoot on NXP FRDM-MCXW71, designed for trusted firmware updates in resource-constrained environments.

  • Demo 3: wolfSSL and ST
    Location: Hall 4, Booth #4-201a

    Optimize security without compromising performance. Watch wolfCrypt and wolfSSL TLS benchmarks on ST32MP257F (Dual Cortex-A35 1.5GHz + Cortex-M33 400MHz) running OpenSTLinux. This demo demonstrates how wolfSSL’s cryptographic library accelerates encryption speed, reduces resource consumption, and ensures ultra-low latency for TLS handshakes.

  • Demo 4: wolfSSL and Winbond
    Location: Hall 4A, Booth #4A-635

    Future-proof your firmware security with wolfCrypt Post-Quantum LMS. This demo features Winbond W77Q Secure Flash on Raspberry Pi Zero over SPI, demonstrating quantum-resistant firmware updates to protect devices from emerging cyber threats.

Why Choose wolfSSL for Embedded Security?

  • Lightweight and Fast: Written in C, wolfSSL boasts a compact footprint, up to 20 times smaller than OpenSSL, minimizing memory usage and maximizing performance on even the most resource-constrained microcontrollers and processors. Integrated robust security into your embedded systems without sacrificing functionality or performance.
  • Industry Leading TLS 1.3 and DTLS 1.3 Support: As the first commercial implementation of TLS 1.3, we offer the most up-to-date security protocols, keeping your data secure with the latest standards.
  • Comprehensive Hardware Integration: wolfSSL supports a wide range of hardware cryptography schemes, including Intel AES-NI, ARMv8, and various secure elements like NXP SE050 and Microchip ATECC, providing enhanced security and performance. Check out the every hardware cryptography scheme wolfSSL has ever enabled.


  • Rigorous Testing and Certification: Our solutions are best-tested and come with incomparable certifications, including FIPS 140-3 validated certificate (#4718), ensuring they meet stringent security standards.
  • Dedicated Support: We offer 24/7 support from our team of engineers, ensuring you receive immediate assistance whenever you need it.

Connect with wolfSSL at Embedded World 2025

Don’t miss the chance to see wolfSSL in action! Visit us at Hall 4 Booth #4-201a to explore our cutting-edge cryptographic solutions and live demos. Want a personalized discussion? Email us at facts@wolfssl.com to schedule a one-on-one meeting with our experts. See you in Nuremberg!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Partner Webinar: How AI-Automated Fuzzing Uncovered a Vulnerability in wolfSSL

Despite wolfSSL’s rigorous software testing practices, in October 2024, Code Intelligence—an application security vendor—discovered a potentially exploitable defect in wolfSSL. Remarkably, the potential vulnerability was found without human intervention. The only manual step was executing a single command to trigger autonomous fuzz testing.

Join wolfSSL and Code Intelligence for a live webinar featuring a real-time demo of AI-driven fuzz testing and an in-depth analysis of a heap-based use-after-free vulnerability in wolfSSL.

Register now: How AI-Automated Fuzzing Uncovered a Vulnerability in wolfSSL
Date: February 26th | 9 AM PT / 6 PM CET

This webinar will cover:

  • Discover how wolfSSL tests its code to ensure quality and security.
  • Learn how AI-automated fuzz testing works and how it autonomously found the vulnerability.
  • Watch a live demo of AI-automated fuzz testing on wolfSSL’s libraries.

Register now and be the first to see how AI-driven security testing is shaping the future!

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSH 1.4.20: Enhanced Features and Stability

The wolfSSL team has released wolfSSH version 1.4.20, introducing some new features and nice fixes!

New Features:

  • DH Group 16 and HMAC-SHA2-512 Support: This addition gives more options for algorithms used when connecting and more interoperability with other implementations.
  • Keyboard-Interactive Authentication: Providing a more versatile authentication method implementing RFC 4256.

Enhancements and Fixes:

  • Memory Management Improvements: wolfSSH now handles memory more efficiently, particularly in RNG initialization and the SCP example, ensuring cleaner resource management.
  • Stability Enhancements: Updates to wolfSSHd include better handling of failures and connections, making the server more robust and reliable.
  • Resolved Issues: Fixes address SFTP compilation problems with WOLFSSH_FATFS and simplify the autogen script for easier integration.

Check out the ChangeLog for a full list of features and fixes.

Stay updated with wolfSSH for ongoing enhancements! If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Deprecation Notice: ARC4

The wolfSSL team is announcing the deprecation of the ARC4 cipher. This decision is part of our ongoing effort to simplify the wolfSSL codebase and focus on supporting the most secure and widely-used ciphers.

The ARC4 cipher has been shown to have significant weaknesses, including:

  • Key biases and correlations
  • Plaintext recovery attacks
  • Increased risk of data breaches

Removing ARC4 will allow us to reduce the complexity of our codebase and devote more resources to maintaining and improving our supported ciphers.

Recommendations:

  • Begin transitioning away from ARC4 and towards more secure ciphers, such as AES or ChaCha20.
  • Consult the wolfSSL documentation and support resources for guidance on migrating away from ARC4.

We will provide additional information on the removal timeline in the future. If you have any questions or concerns about this deprecation, please don’t hesitate to reach out to the wolfSSL support team.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfMQTT Releases v1.19.2

In the realm of lightweight MQTT (Message Queuing Telemetry Transport) implementations, wolfMQTT maintains its commitment to reliability and performance. With the release of version 1.19.2, wolfMQTT strengthens its core functionality through targeted improvements and enhanced testing infrastructure.

Key Improvements:

  1. Enhanced Connection Reliability
    The implementation of improved error handling in the “mqttsimple” client ensures more robust connection management, particularly beneficial for embedded applications where connection stability is crucial.
  2. Optimized Keep-Alive Mechanism
    A significant enhancement to the ping response handling improves the reliability of MQTT keep-alive functionality, ensuring more stable long-term connections and better resource management.
  3. Strengthened Testing Infrastructure
    • Modernized continuous integration workflow with Ubuntu 22.04
    • Enhanced artifact testing procedures for more comprehensive quality assurance
    • Improved Zephyr platform compatibility through targeted build fixes

Release 1.19.2 has been developed according to wolfSSL’s development and QA process and successfully passed the quality criteria.

Check out the ChangeLog for a full list of features and fixes, or contact us at facts@wolfssl.com with any questions.

While you’re there, show us some love and give the wolfMQTT project a Star!

You can download the latest wolfMQTT release from our website or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Using wolfCLU To Verify a Certificate Chain of More than 2 Certificates

With the release of wolfCLU 0.1.7, you can now verify long certificate chains! Our way of doing it is a bit unique.

You will need to verify the certificates in your chain one by one. For example, suppose you have a certificate chain where there is a root, intermediate, another intermediate and leaf certificate. If they are named first.pem, second.pem, third.pem and fourth.pem you will need to verify like this:

$ ./wolfssl verify -CAfile first.pem second.pem
$ ./wolfssl verify -partial_chain -CAfile second.pem third.pem
$ ./wolfssl verify -partial_chain -CAfile third.pem fourth.pem

This will work for short chains as well as long chains.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Getting Stater with wolfSSL Using Visual Studio 2022

Learn how to integrate wolfSSL with Visual Studio 2022 for secure development.

Are you looking to level up your development skills and implement secure communication in your applications? Join our webinar, “Getting Started with wolfSSL Using Visual Studio 2022,” on February 19th at 10 AM PT. Discover how to seamlessly integrate wolfSSL’s powerful TLS library with Visual Studio 2022 for secure, high-performance applications.

Register today: Getting Started with wolfSSL Using Visual Studio 2022
Date: February 19th | 10 AM PT

This webinar will cover:

  • What is wolfSSL?
    Discover the power of the TLS library and how it supports secure communications.
  • What is Visual Studio 2022?
    Explore the capabilities of this world-class IDE for application development.
  • Where are wolfSSL and Visual Studio used?
    Explore practical applications in Windows apps, embedded systems, and beyond.
  • How is wolfSSL Customized?
    Learn to tailor wolfSSL for your specific project needs.

Gain hands-on experience with wolfSSL and Visual Studio 2022 while mastering best practices for integrating TLS encryption into your projects. Register now to access exclusive resources and take the first step toward mastering secure development.

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Inc. SP800-140C and Post-Quantum efforts update!

This is an update to previous post Everything wolfSSL is Preparing for Post-Quantum as of Spring 2024 and an extension to post wolfSSL Support for Post-Quantum.

The National Institute of Standards and Technology (NIST) has recently updated its guidelines, enabling the certification of several post-quantum cryptographic algorithms through the Cryptographic Module Validation Program (CMVP). Notably, the digital signature algorithms ML-DSA (CRYSTALS-Dilithium), LMS, and XMSS are now fully certifiable under the updated SP800-140C standards.

In response to these developments, wolfSSL Inc. is proactively planning submissions to the CMVP for these algorithms. wolfSSL Inc. has a strong track record in cryptographic module validation, having previously achieved FIPS 140-3 Certificate #4718 for its wolfCrypt Module, the world’s first SP 800-140Br1 validated certificate.

While ML-KEM (CRYSTALS-Kyber) is not yet included in the approved security function list of SP 800-140C, wolfSSL is taking a forward-thinking approach by incorporating ML-KEM into its offerings. This strategic inclusion ensures that once ML-KEM receives approval and is certifiable, wolfSSL will be prepared to submit all four algorithms, ML-DSA, LMS, XMSS, and ML-KEM, for certification.

By staying ahead of regulatory changes and actively engaging in the certification process, wolfSSL continues to demonstrate its commitment to providing robust and compliant cryptographic solutions in the evolving landscape of post-quantum security.

Please don’t hesitate to contact us at support@wolfSSL.com or fips@wolfSSL.com anytime to share your feedback or input on this subject!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

SPAKE and wolfSSL in Kerberos 5

In today’s digital landscape, the need for robust authentication mechanisms has never been more crucial. Among the various methods available, SPAKE (Simple Password-Authenticated Key Exchange) stands out as an enhanced security solution for authenticating users.

SPAKE represents a significant advancement over traditional password-based authentication, which often relies on static hashes. By leveraging a shared secret key, SPAKE ensures that passwords are never directly exposed during the authentication process, thereby mitigating risks associated with compromised credential storage.

The integration of wolfSSL into the Kerberos 5 implementation further elevates security by providing FIPS 140-3 certified cryptography. This compliance ensures that cryptographic modules meet stringent security standards, crucial for organizations prioritizing data protection and regulatory adherence.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

IPsec vs TLS: what are the differences

IPsec (Internet Protocol Security) and TLS (Transport Layer Security) are both used to protect data in transit between devices, and to secure network traffic over public or private internet. Both have cryptographic mechanisms for encryption, integrity checking, mutual authentication, replay protection, key exchange, etc. However, they operate at different network layers, and have different strengths and security goals in mind. The purpose of this blog post is to help our readers understand the differences.

IPsec

IPsec operates at the IP (Internet Protocol) network layer, and has reserved IP protocol numbers of 50 for ESP (Encapsulating Security Payload) and 51 for AH (Authentication Header) security protocols. AH provides integrity checks and data origin authentication, while ESP provides confidentiality, integrity checks, and authentication. IPsec supports both IPv4 and IPv6 protocol versions.

At the most basic level IPsec protects traffic between a pair of src and dst IP addresses that share security associations (SA). For example, if Alice and Bob use ip xfrm to provision shared SAs between their linux computers with ESP rfc4106(gcm(aes)), then all IP traffic between their two computers would be protected with authenticated encryption, regardless of whether they were carrying TCP or UDP, or some higher level application protocol. Thus IPsec provides blanket security guarantees that can be useful for large organizations and for constructing private networks. Furthermore, legacy applications that don’t support modern TLS can be protected.

The disadvantages of IPsec are that it can be complicated to configure and maintain, and in the embedded space the network stack may not support IPsec at all.

TLS

In contrast, TLS is agnostic of the underlying transport mechanism, and is not tied to a specific network abstraction layer. While the most common use case is over TCP (TLS) and UDP (DTLS), TLS can be implemented over UART or I2C in embedded devices. Therefore TLS is really about securing application layer communication: e.g. protecting data in transit between a web browser and an email server, or between remote sensors in the field and a hub collecting data.

The value of TLS is in its individualized and flexible nature. A user of TLS can know that their communication is protected even over an untrusted network. Furthermore, TLS can be used on bare metal devices that lack an operating system and only have a minimal network stack. Finally, TLS is the true standard of the bulk of public internet communications. As such, it is the most widely tested security protocol available.

IPsec vs TLS, and Zero Trust

In short, TLS and IPsec are simply two different models for solving the same problem, with unique strengths and tradeoffs. If you need to secure a device in the field that connects back to servers, then TLS is likely the better fit. If you need to build a large secure network, or create a secure tunnel between networks, then IPsec may make more sense.

If your use case combines aspects of both (a remote worker’s device connecting to a corporate VPN), then likely both TLS and IPsec will be needed. The reality is that modern networks are increasingly heterogeneous and distributed, and both IPsec and TLS will be needed for complementary layers of security in a Zero Trust posture. Thus IPsec and TLS should be considered synergistic rather than antagonistic security models.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 5 6 195 196 197