Month: March 2015

We currently in the process of changing the name of our embedded SSL/TLS library from CyaSSL to wolfSSL. This name change benefits our users and us a with a more consistent and standardized naming convention across our company and products.

A CyaSSL compatibility layer will remain available for those wanting to continue using the CyaSSL API. However, users are encouraged to update to the wolfSSL API upon release.

Aside from the new name, the structure and licensing of the CyaSSL library will remain the same. The FIPS branch of wolfCrypt, which was submitted to NIST for FIPS 140-2 cryptographic module validation, is unaffected by the name change.

Please follow our blog to for the latest information on the CyaSSL to wolfSSL name change. For any questions, please contact us at facts@wolfssl.com.

Release 3.4.0 wolfSSL has bug fixes and new features including:

• wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt headers which will enable the compatibility APIs for the foreseeable future
• Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c
• Example use of the wolfSSL API can be found in examples/client/client.c
• Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon
• Improvements in the build configuration under AIX
• Microchip PIC32 MZ updates
• TI-RTOS updates
• PowerPC updates
• Xcode project update
• Bidirectional shutdown examples in client/server with -w (wait for full shutdown) option
• Cycle counts on benchmarks for x86_64, more coming soon
• ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA keys
• Various compile warnings
• Scan-build warning fixes
• Changed a memcpy to memmove in the sniffer (if using sniffer please update)
• No high level security fixes that requires an update though we always recommend updating to the latest

The FREAK Attack exploits legacy SSL cipher suites from the 1990s that use RSA export keys.  By definition a server in export mode has to use a low bit strength RSA key (512 bits or less), which can now be cracked in around 12 hours.  Even if a client supports export cipher suites but doesn’t broadcast support for them a man in the middle attacker can force the server to use the low grade key.  Fortunately for wolfSSL and CyaSSL users we do no support export cipher suites and key derivation.  No versions of wolfSSL or CyaSSL are vulnerable to the FREAK attack.  For more information check out: https://freakattack.com and  https://www.smacktls.com/#freak .

Or feel free to visit our website at wolfssl.com or email us at facts@wolfssl.com .