wolfSSL Inc, embedded SSL/TLS and cryptography provider for the IoT, has partnered with Renesas Electronics, a global leader of semiconductor manufacture. Through the support for their high performance microprocessor series of RX and RZ, wolfSSL delivers secure connections of IoT solution with a lightweight high throughput secure communication library.
PSK cipher suites are a superb choice in low resource environments where both ends of the connection can be controlled. With PSK, each side of the connection has an already agreed upon key to use rather than agreeing on one during the TLS handshake. This reduces resource consumption for each session using PSK.
For example, on one of wolfSSL’s test machines the cipher suite DHE-PSK-AES128-CBC-SHA256 has an average connection time of 3.498 milliseconds with a peak byte usage of 6,335. On the same machine a similar cipher suite DHE-RSA-AES128-SHA256, not using PSK, has an average connection time of 7.146 milliseconds and peak byte usage of 19,431. wolfSSL always recommends using ephemeral keys (DHE or ECDHE) to maintain forward secrecy but in an ultra limited resource environment, memory and speed can be further improved by using a static PSK cipher suite such as PSK-AES128-CBC-SHA.
In addition to RAM reduction, using PSK can reduce the library footprint size as well. One of the smallest wolfSSL builds to date has been the LeanPSK build, which comes in at around 21kB. For comparison, a typical build on an embedded, optimized compiler will be 60-100kB.
Version 1.3.0 of wolfSSL JNI is now available for download. wolfSSL JNI provides Java applications with a convenient Java API to the widely-used wolfSSL embedded SSL/TLS library, including support for TLS 1.2 and DTLS 1.2.
Release 1.3.0 has bug fixes and new features including:
– Updated support to wolfSSL 3.7.0
– Added finalizers for WolfSSLContext and WolfSSLSession classes
– Fix for SSLv3 now disabled by default in wolfSSL proper
– SSLv3 now marked as @Deprecated
– PSK (pre-shared key) support for client and server
– Better error checking and exception handling
– New WolfSSLJNIException class
– WolfSSLSession now cached in native WOLFSSL struct for callbacks
– Easier inclusion of junit4 in build.xml
wolfSSL has a new feature to allow for users to plug in their own crypto for RSA if they so choose. This is a great feature for students looking to test their own RSA operations in a SSL/TLS connection or for those wanting to see if they can speed up operations in the IoT realm and on embedded devices. This option can be used with the build flag “–with-user-crypto”. An example of building a module can be found in the directory “wolfssl_root/wolfcrypt/user-crypto/” and built with the commands:
sudo make install
This example makes use of Intel’s IPP libraries and needs them installed and existing on the system before being able to build. For any questions on use, or about the wolfSSL embedded SSL/TLS library in general, contact us at firstname.lastname@example.org
Intel IPP libraries https://software.intel.com/en-us/intel-ipp .