wolfSSH Support for Windows CE

wolfSSL's wolfSSH lightweight SSH library shares some similarities with the wolfSSL library - it has minimal resource usage, high performance, and is highly portable. An example that showcases the portability of wolfSSH is its ability to also be built within multiple operating environments, including Windows CE. Windows CE is an operating system that is a subfamily of the Microsoft Windows operating system.

The wolfSSH library provides many different features that could be utilized effectively on machines running Windows CE, such as pseudo-terminals, remote execution, and SFTP. wolfSSH also has example applications that can be run on Windows that show these features in action. More information on the wolfSSH example applications can be found here: 

For more information about wolfSSH and its usage, please contact facts@wolfssl.com.

wolfSSL Support’s Speedy Response Times

While wolfSSL does provide one of the most secure embedded SSL/TLS libraries a high-powered and lightweight encryption engine, and other products, wolfSSL also provides various services. One of these services is the exemplary support offered by the wolfSSL support team.

On average, wolfSSL receives between 700 and 800 support inquiries each year through support@wolfssl.com. These inquiries cover topics ranging from certificate signing, certificate verification errors, RSA operations, and much more. These inquiries are received, assigned to the appropriate members of the wolfSSL support team whose specialty applies to the topic, and is resolved efficiently and effectively. On average, wolfSSL support tickets are received and resolved in under 2 hours. In some cases, wolfSSL support tickets can even be resolved in under 30 minutes. These fast turnaround times can be incredibly beneficial when working on time-sensitive or blocking issues.

wolfSSL Support is offered at four levels (1 free, 3 paid). Details on these support levels can be viewed in a side-by-side comparison on wolfSSL's support options page, here: https://www.wolfssl.com/products/support-packages/.

To have your own questions answered, or to obtain support for wolfSSL, please contact support@wolfssl.com. Additionally, other general information about the wolfSSL library can be obtained by contacting facts@wolfssl.com.

wolfSSL also supports TLS 1.3! More information can be viewed here: https://www.wolfssl.com/docs/tls13/.

Remote Execution via wolfSSH

wolfSSL provides many different embedded, lightweight, and portable products. One of which is the wolfSSH lightweight embedded SSH Library, based on the SSHv2 protocol. wolfSSH comes with support for a long list of platforms, multiple hashing functions, SCP, SFTP, and more.

Additionally, wolfSSH provides support for remote execution, one of the core features of an SSH library or SSH clients/servers. Remote execution is exactly what its name implies, the execution of commands on a device which is typically remote and may not be physically accessible from another device. wolfSSH remote execution allows the user to execute commands, update devices, and also allows the user to pipe input/output from the remote device to the client. Remote execution can be used to trigger a single action on a device, or can be used to trigger several actions. This speed up development processes on embedded devices, and can also eliminate the need for physical access in some cases.

For more information about wolfSSH and its usage, please contact facts@wolfssl.com.

wolfTPM 1.5.0 Now Available

wolfTPM version 1.5.0 was recently released, and features many new updates and additions to the wolfTPM library.

Summary:

  • Added support for the Microchip ATTPM20 TPM 2.0 module
  • Added Barebox bootloader support.
  • Added TPM wrappers for HMAC, AES Key Loading.
  • Added Benchmarking support for RNG, AES, Hashing and TLS.
  • Improvements for TLS client/server examples and overall performance.

Detail:

  • Fixed issue with cleanup not unregistering the crypto callback.
  • Added support for Microchip ATTPM20 part.
  • Added support for Barebox (experimental).
  • Added TLS benchmarking for CPS and KB/Sec. Enabled with TLS_BENCH_MODE.
  • Added TLS client/server support for symmetric AES/HMAC/RNG. Enabled with WOLFTPM_USE_SYMMETRIC.
  • Added TLS client/server support for mutual authentication.
  • Added TIS locking protection for concurrent process access. Enabled using WOLFTPM_TIS_LOCK.
  • Added symmetric AES encrypt and decrypt wrappers and examples.
  • Added HMAC wrappers and examples.
  • Added wrappers and examples for loading external HMAC and AES keys.
  • Added delete key wrapper and example.
  • Added ECDH support for ephemeral key generation and shared secret.
  • Added benchmark support for RNG, AES (CTR, CBC, CFB) 128/256 and SHA-1, SHA-256, SHA-384 and SHA-512.
  • Added new wolfTPM2_GetCapabilities wrapper API for getting chip info.
  • Added command and response logging using ./configure --enable-debug=verbose or #define WOLFTPM_DEBUG_VERBOSE.
  • Added option to enable raw IO logging using WOLFTPM_DEBUG_IO.
  • Added option to disable TPM Benchmark code using NO_TPM_BENCH.
  • Added examples/README.md for setup instructions.
  • Tuned max SPI clock and performance for supported TPM 2.0 chips.
  • Cleanup to move common test parameters into examples/tpm_test.h.
  • Updated benchmarks and console output for examples in README.md.

For more information about wolfTPM or other wolfSSL libraries, please contact facts@wolfssl.com.

wolfSSH SFTP Performance

wolfSSL provides many different products, one of which is the wolfSSH library. wolfSSH itself provides a lightweight embedded SFTP solution. SFTP can be used to securely transfer files, and to manage the filesystem of a peer. wolfSSH’s implementation of SFTP uses less than a third of the memory that OpenSSH does for a SFTP connection. The following figures outline the performance of wolfSSH's SFTP solution compared with OpenSSH's performance.

wolfSSH v1.3.0 configured with " ./configure --enable-static --disable-shared --enable-sftp CFLAGS="-DDEFAULT_WINDOW_SZ=4096" ":

In comparison the default OpenSSH SFTP on the system used 103 KiB of memory. “OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g”:

For more information about using wolfSSH and its features, please contact facts@wolfssl.com.

Additionally, wolfSSL also provides support for using TLS 1.3! More information is available here: https://www.wolfssl.com/docs/tls13/.

Differences between TLS 1.2 and TLS 1.3 (#TLS13)

wolfSSL's embedded SSL/TLS library has included support for TLS 1.3 since early releases of the TLS 1.3 draft. Since then, wolfSSL has remained up-to-date with the TLS 1.3 specification. In this post, the major upgrades of TLS 1.3 from TLS 1.2 are outlined below:

TLS 1.3

This protocol is defined in RFC 8446. TLS 1.3 contains improved security and speed. The major differences include:

  • The list of supported symmetric algorithms has been pruned of all legacy algorithms. The remaining algorithms all use Authenticated Encryption with Associated Data (AEAD) algorithms.
  • A zero-RTT (0-RTT) mode was added, saving a round-trip at connection setup for some application data at the cost of certain security properties.
  • Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
  • All handshake messages after the ServerHello are now encrypted.
  • Key derivation functions have been re-designed, with the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) being used as a primitive.
  • The handshake state machine has been restructured to be more consistent and remove superfluous messages.
  • ECC is now in the base spec  and includes new signature algorithms. Point format negotiation has been removed in favor of single point format for each curve.
  • Compression, custom DHE groups, and DSA have been removed, RSA padding now uses PSS.
  • TLS 1.2 version negotiation verification mechanism was deprecated in favor of a version list in an extension.
  • Session resumption with and without server-side state and the PSK-based ciphersuites of earlier versions of TLS have been replaced by a single new PSK exchange.

More information about the TLS 1.3 protocol can be found here: https://www.wolfssl.com/docs/tls13/. Additionally, please contact facts@wolfssl.com for any questions.

wolfSSL 24×7 support

wolfSSL provides support on four levels, one of which is the 24x7 support level. This support level includes many key features not available on the others, such as an unlimited number of support incidents, around-the-clock support from dedicated members of the wolfSSL support team, and remains in effect for an entire year.

wolfSSL provides three other levels of paid support, which also include some of the same features provided by 24x7 support. More details on the wolfSSL support packages and levels can be viewed here: https://www.wolfssl.com/products/support-packages-options/

wolfSSL also provides support for the latest version of the TLS protocol, TLS 1.3! Read more about wolfSSL's implementation and the protocol itself here: https://www.wolfssl.com/docs/tls13/

For more information, please contact facts@wolfssl.com.

TLS 1.3 combined with FIPS (#FIPS #TLS13)

wolfSSL is a lightweight TLS/SSL library that is targeted for embedded devices and systems. It has support for the TLS 1.3 protocol, which is a secure protocol for transporting data between devices and across the Internet. In addition, wolfSSL uses the wolfCrypt encryption library to handle its data encryption.

Because there is a FIPS 140-2 validated version of wolfCrypt, this means that wolfSSL not only has support for the most current version of TLS, but it also has the encryption backbone to support your FIPS 140-2 needs if required.

Some key benefits of combining TLS 1.3 with FIPS validated software include:

  1. Software becomes marketable to federal agencies - without FIPS, a federal agency is not able to use cryptographic-based software
  2. Single round trip
  3. 0-RTT (a mode that enable zero round trip time)
  4. After Server Hello, all handshake messages are encrypted.

And much more! For more information regarding the benefits of using TLS 1.3 or using the FIPS validated version of wolfCrypt, check out wolfSSL's TLS 1.3 Protocol Support and our wolfCrypt FIPS page.

FIPS 140-2 is a government validation that certifies that an encryption module has successfully passed rigorous testing and meets high encryption standards as specified by NIST. For more information or details on FIPS 140-2, it may be helpful to view this Wikipedia article: https://en.wikipedia.org/wiki/FIPS_140-2

For more details about wolfSSL, TLS 1.3, or if you have any other general inquiries please contact facts@wolfssl.com

To find out more about FIPS, check out the NIST FIPS publications or contact fips@wolfssl.com

wolfSSL Integration with cURL

wolfSSL's embedded SSL/TLS library comes with support for many other tools and libraries, one of which is cURL. cURL is a computer software project that produces two products (libcurl and cURL) that are used for transferring data using various protocols. In addition to support for cURL, wolfSSL will also be integrating the cURL library in conjunction with Daniel Stenberg (an original author of cURL and one of the founders) joining the wolfSSL team.

With this integration and Daniel Stenberg joining wolfSSL, wolfSSL will now also be providing support and consulting for the cURL library.

wolfSSL also provides support for the latest versions of the TLS protocol, including TLS 1.3! As such, wolfSSL is considering adding TLS 1.3 support to cURL in the future. More information about wolfSSL and TLS 1.3 can be found here: https://www.wolfssl.com/docs/tls13/.

For more information regarding wolfSSL, TLS 1.3, cURL, or all of the above, please contact facts@wolfssl.com.

wolfSSL FAQ page

The wolfSSL FAQ page can be useful for information or general questions that need need answers immediately. It covers some of the most common questions that the support team receives, along with the support team's responses. It's a great resource for questions about wolfSSL, embedded TLS, and for solutions to problems getting started with wolfSSL.

To view this page for yourself, please follow this link here.

Here is a sample list of 5 questions that the FAQ page covers:

  1. How do I build wolfSSL on ... (*NIX, Windows, Embedded device) ?
  2. How do I manage the build configuration of wolfSSL?
  3. How much Flash/RAM does wolfSSL use?
  4. How do I extract a public key from a X.509 certificate?
  5. Is it possible to use no dynamic memory with wolfSSL and/or wolfCrypt?

Have a  question that isn't on the FAQ? Feel free to email us at support@wolfssl.com.