The CRIME attack and wolfSSL embedded SSL

The CRIME attack has been in the news recently, and some of our users have been asking about it.  The short version of responding to the attack is simple:  disable TLS compression.  In wolfSSL, compression is disabled by default.  The Tor project has posted an excellent explanation of the attack in their blog.  For more details, see:  https://blog.torproject.org/blog/some-thoughts-crime-attack.  

If you have questions on this attack in relation to wolfSSL, please contact us at info@yassl.com.

Avoid BEAST attack when using CyaSSL lightweight SSL implementation

Hi!  To our users concerned about the following security advisory:  http://www.securelist.com/en/advisories/50605 (as of 26 March 2018 at 9:28am MDT, this link no longer works and has no alternative), it is a vulnerability related specifically to SSL 3.0 and TLS 1.0.  When using CyaSSL, you can avoid this vulnerability using one of several methods, including:

  1. 1. Using a higher level of the SSL/TLS protocol – either TLS 1.1 or TLS 1.2

  2. 2. Using TLS 1.0 or SSL 3.0 with a stream cipher. CyaSSL supports several, including RC4, HC-128, and RABBIT.

3.  If you must use SSL 3.0 or TLS 1.0 with a block cipher, split the first SSL write at the application level into fragments (as modern browsers do).

If you have further concerns or questions, please contact us at info@yassl.com.

yaSSL at IDF 2012 – AES-NI and RDRAND

yaSSL is attending IDF 2012 (#idf2012) this week in San Francisco.  As exhibitors and visitors are busy talking about the newest technology advancements from Intel and their partners, yaSSL is talking about several Intel technology features related to CyaSSL as well.  CyaSSL currently supports Intel’s AES-NI to accelerate AES operations on supported processors.  In addition, CyaSSL will soon be getting support for Intel’s RDRAND.  To learn more about these features and the CyaSSL embedded SSL library, visit us at booth 424 this week at IDF 2012!

wolfSSL is Now Available in the MacPorts Project

If you are a user of the popular MacPorts project on OS X, you may be happy to hear that the wolfSSL embedded SSL library is now available as a MacPorts package. If you are not familiar with the MacPorts Project, a brief summary from their website does an excellent job of explaining the project. At the time this post was written, there were 15,657 ports in the MacPorts tree.

As stated on their homepage, “The MacPorts Project is an open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on the Mac OS X operating system. To that end we provide the command-line driven MacPorts software package under a BSD License, and through it easy access to thousands of ports that greatly simplify the task of compiling and installing open-source software on your Mac.

We provide a single software tree that attempts to track the latest release of every software title (port) we distribute, without splitting them into “stable” Vs. “unstable” branches, targeting mainly the current Mac OS X release (10.8, A.K.A. Mountain Lion) and the immediately previous two (10.7, A.K.A. Lion and 10.6, A.K.A. Snow Leopard).”

To install the wolfSSL MacPorts package on OS X, there are only a few simple steps required:

1. Download and install MacPorts (http://www.macports.org/install.php)
2. From the OS X terminal, run the command, “sudo port install cyassl”. This will install wolfSSL into the /opt/local directory.

To learn more about MacPorts, please visit their website at www.macports.com.