wolfMQTT Release 1.6.0

The team at wolfSSL is proud to announce the latest iteration of wolfMQTT. This release is focused on polishing the user experience and squashing bugs. The multithread feature was thoroughly tested, and we managed to correct a couple of synchronization issues that were reported. Additionally a new “simple client” example was added that demonstrates the bare-bones essential API needed to allow an IoT device to communicate with a broker service.

Check out the changelog here:
https://github.com/wolfSSL/wolfMQTT/blob/master/ChangeLog.md

While you’re there, show us some love and give the wolfMQTT project a Star!
You can download the latest release here: https://www.wolfssl.com/download/
Or clone directly from our GitHub repository: https://github.com/wolfSSL/wolfMQTT

To learn more about wolfMQTT, the wolfSSL embedded SSL/TLS library, or one of our other products, contact us today at facts@wolfssl.com.

Netflix leverages TLS 1.3 for safer and faster streaming experiences

The Netflix Tech Blog recently shared how Netflix is leveraging TLS 1.3 for faster and more secure connections.  They concluded:

“From the security analysis, we are confident that TLS 1.3 improves communication security over TLS 1.2. From the field test, we are confident that TLS 1.3 provides us a better streaming experience.

At the time of writing this article, the Internet is experiencing higher than usual traffic and congestion. We believe saving even small amounts of data and round trips can be meaningful and even better if it also provides a more secure and efficient streaming experience.

Therefore, we have started deploying TLS 1.3 on newer consumer electronics devices and we are expecting even more devices to be deployed with TLS 1.3 capability in the near future.”

The wolfSSL embedded SSL/TLS library was one of the first TLS libraries to implement support for TLS 1.3, and we are happy to see successful adoption stories like this!  Contact us at facts@wolfssl.com to start using TLS 1.3 in your projects!

Initial MQTT Support in cURL, send us Feedback!

Earlier this month, we worked on adding MQTT support to cURL which is now available as “experimental” in the latest curl 7.70.0 release! For full details of the current integration, see Daniel Stenberg’s blog post titled “CURL + MQTT = TRUE“.

We’re curious how our users want to use MQTT in cURL, and we want to hear your feedback to help direct our future cURL+MQTT plans! We think MQTT support could be helpful for a variety of use cases ranging from service techs that require a tool to help test and develop MQTT-based solutions, to easily scripting MQTT commands. Let us know your feedback at facts@wolfssl.com and we’ll be happy to listen!

New Features in the wolfSSL 4.4.0 Release

wolfSSL Inc is proud to announce the release of wolfSSL v4.4.0, the embedded TLS library for devices, IoT, and the cloud. Included in the release are:

  • Qualcomm Hexagon SDK support. The Hexagon SDK is used for building code to run on DSP processors. Use of the Hexagon toolchain to offload ECC verify operations has been added to wolfSSL. This can free up the main CPU for other operations or lead to future optimizations with HVX on some algorithms that use vector operations. The Makefile for building with the Hexagon toolchain and a README with more information can be found in the directory wolfssl-4.4.0/IDE/HEXAGON.
  • Apache 2.4.39 support. Use wolfSSL with Apache’s mod_ssl. Apache is the most commonly used web server in the world. You can now use wolfSSL as a part of your Apache installation. You can benefit from wolfSSL’s world class support. Ask us for more information.
  • OpenVPN support. Use wolfSSL with OpenVPN. OpenVPN is one of the top VPN products on the market. wolfSSL can secure your connections.
  • Renesas Synergy S7G2 support. Are you prototyping a new embedded application with a Renesas Synergy S7G2 board? wolfCrypt can take advantage of its on-board cryptography hardware. Offload AES, RSA, SHA, and GHASH to the hardware. See our benchmarks page to see the comparison of the software crypto and the hardware acceleration.
  • Curve448, X448, and Ed448 support. We at wolfSSL like to stay on top of progressive ciphers. Curve448 is an efficient to calculate elliptic curve. It offers 224-bits of security and works well with ECDH key agreement.

Contact us at facts@wolfssl.com with any questions about using new features available in the wolfSSL embedded SSL/TLS library!

Upcoming wolfSSL Webinar: Common libcurl Mistakes

wolfSSL will be hosting a webinar on common libcurl mistakes on May 7th, 2020. Hear from cURL author and maintainer Daniel Stenberg on the most common mistakes developers make when using libcurl, how to troubleshoot, and best practices for making your libcurl applications seamless and secure.

Common libcurl Mistakes presented by Daniel Stenberg
Thursday, May 7th, 2020 at 10AM Pacific time (GMT-8)

Register below for the upcoming live webinar from wolfSSL:
https://us02web.zoom.us/webinar/register/WN_8PZSl5sMRa27FeqTCcPUlw

Bring questions about our commercial curl support, tiny curl, curl with wolfCrypt FIPS, or the latest integration with MQTT. We look forward to having you join us! Additional resources:
– wolfSSL support for curl: https://www.wolfssl.com/products/curl/
– Daniel’s blog: https://daniel.haxx.se/blog/

What Is ACVP?

ACVP stands for (Automated Cryptographic Validation Protocol) and it is the upcoming protocol that will be used for FIPS validation. It makes testing cryptographic algorithms and modules more efficient than the current method and more automated. There are three main parts to ACVP – a server, a proxy, and a client.

  • The server side handles requests for test vectors and requests for validation among other requests. This side is operated by a FIPS lab or by NIST themselves.
  • A proxy with ACVP can be used to communicate to offline systems and handle transferring information from the system being tested to the server. Often an ACVP client is used instead.
  • The last part being a client, which is most relevant to users who are wanting to get their cryptography FIPS validated. An ACVP client is directly hooked up to the module to be tested and then communicates with the ACVP server to send requests for test vectors, responses of the results from running those tests, and requests for algorithm validation. There are multiple pieces required to build a ACVP client in order to complete a validation process, some of the large portions of the effort go into
    • JSON parsing / creation for communication with a ACVP server
    • HTTPS GET / POST / PUT / DELETE messages used for securely transporting information
    • 2 factor authentication with TOTP (Time-Based One-Time Password Algorithm)
    • Plugging in the test harness that runs crypto operations

Ultimately an ACVP client communicates with the server to validate cryptographic operations. This includes creating, or referencing meta data such as; vendor, OE, and module information. A simplified message flow for getting an algorithm validated is as follows:

wolfSSL is in the process of developing our own ACVP client based off of the current draft (draft-fussell-acvp-spec-01). Having many algorithms already completing the validation process through the NIST operated ACVP Demo server. Where our test vendor information can be seen publicly listed on the demo site here (https://demo.acvts.nist.gov/home). We can assist with your FIPS needs. Contact us at facts@wolfssl.com for questions or more information.

More information from NIST’s website about the ACVP project can be found here:
https://csrc.nist.gov/Projects/Automated-Cryptographic-Validation-Testing.

wolfSSL Upcoming Webinar: Safe Flying with wolfSSL – Security in Avionics Webinar

wolfSSL is excited to announce that we will be hosting a webinar on April 23rd, 2020. Please join wolfSSL engineer Tesfa Mael for the live webinar, Security in Avionics. We will talk about the future and the importance of security in avionics and how wolfSSL is involved.

When: ?April 23, 2020, 10:00 AM Pacific Time (US and Canada)
Topic: Safe Flying with wolfSSL – Security in Avionics Webinar

If you are interested, please register in advance for this webinar: https://us02web.zoom.us/webinar/register/WN_RQytbTVMRZC-B6HI8HO6-Q

After registering, you will receive a confirmation email containing information about joining the webinar. We hope to see you there!  As always, please email us at facts@wolfssl.com with any questions!

wolfSSL Version 4.4.0 is Now Available!

The spring release of wolfSSL, v4.4.0, is now available! This release has many new features, optimizations, and bug fixes. Some of the new features we added to the wolfSSL embedded SSL/TLS library include:

  • Qualcomm Hexagon SDK support.
  • DSP builds to offload ECC verify operations.
  • Certificate Manager callback support.
  • New APIs for running updates to ChaCha20/Poly1305 AEAD.
  • Support for use with the Apache web server.
  • Add support for IBM s390x.
  • PKCS8 support for ED25519.
  • OpenVPN support.
  • Add P384 curve support to SP.
  • Add BIO and EVP API.
  • Add AES-OFB mode.
  • Add AES-CFB mode.
  • Add Curve448, X448, and Ed448.
  • Add Renesas Synergy S7G2 build and hardware acceleration.

Check out the README from the download for a full list, or contact us at facts@wolfssl.com with any questions.

wolfTPM in Bare-Metal to Enable Measured Boot

wolfBoot can use the wolfTPM 2.0 software interface in bare metal environments and take advantage of your pre-existing TPM silicon, including Microchip’s ATTPM20P, ST33TP*, Infineon SLB9670 and Nations Tech Z32H330TC modules.

Measured Boot uses the TPM Platform Configuration Registers (PCR)? to determine if the boot parameters remain the same. The PCR’s allow SHA-1 or SHA-256? hash reset, update and read. There are typically 24 of these PCR’s available.

wolfTPM and wolfBoot support use in a bare-metal environment with no external dependencies. This enables reduced code size, minimal attack surfaces and ease of maintenance.

For details please email us at facts@wolfssl.com.

Partnering with AC6 to Bring Support to System Workbench for Linux

wolfSSL is excited to announce a new partnership with French company AC6, creator of System Workbench for Linux, a development tool to simplify building, debugging and maintaining Linux-based embedded systems.

For years, wolfSSL has improved our support for Linux, whether by adding new ports for Intel SGX on Linux, compatibility for Microsoft Window’s Linux subsystem, and continuing to support Linux OEs with new developments such as our DO-178C certification kit.

Now we are partnering with AC6 in the creation and deployment of highly secure Linux images. To learn more, check out their website and stay tuned for upcoming webinars as we roll out the collaboration.

Need more Linux in your life? Write to us at facts@wolfSSL.com to tell us about your Linux projects.

Posts navigation

1 2