wolfSSL on the Espressif ESP32-C3 RISC-V

More and more customers are asking about the Espressif ESP32 RISC-V SoC products. The answer is an enthusiastic YES. We support all of the Espressif ESP-32 chipsets, including the ESP32-C6 and the ESP32-C3 RISC-V devices.

Check out our recent video: Getting Started with wolfSSL on the ESP32. Our Espressif examples make it easier than ever to take wolfSSL for a test drive. See also the recent blog on the ESP Component Registry and other blogs on the ESP32 topic.

Shown below is an out-of-the-box, default-settings version of wolfSSL running the Benchmark app on the ESP32-C3 in a typical ESP-IDF v5.1 environment. Keep in mind there are numerous wolfSSL settings to fine-tune our libraries to your product.

We currently have RISC-V hardware acceleration in development. This means that some of the performance metrics should improve by upwards of 10x faster.

Interested in other boards as well? Check out our partial and growing list of supported boards.

I (31) boot: chip revision: v0.4
I (35) boot.esp32c3: SPI Speed      : 80MHz
I (40) boot.esp32c3: SPI Mode       : DIO
I (44) boot.esp32c3: SPI Flash Size : 2MB
 wolfSSL version 5.6.3
Math:   Multi-Precision: Wolf(SP) word-size=32 bits=3072 sp_int.c
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG                        725 KiB took 1.027 seconds,  705.940 KiB/s Cycles per byte =  55.33
AES-128-CBC-enc             50 KiB took 1.082 seconds,   46.211 KiB/s Cycles per byte = 845.33
AES-128-CBC-dec             50 KiB took 1.088 seconds,   45.956 KiB/s Cycles per byte = 850.03
AES-192-CBC-enc             50 KiB took 1.297 seconds,   38.551 KiB/s Cycles per byte = 1013.13
AES-192-CBC-dec             50 KiB took 1.303 seconds,   38.373 KiB/s Cycles per byte = 1017.77
AES-256-CBC-enc             50 KiB took 1.511 seconds,   33.091 KiB/s Cycles per byte = 1180.73
AES-256-CBC-dec             50 KiB took 1.517 seconds,   32.960 KiB/s Cycles per byte = 1185.42
AES-128-GCM-enc             50 KiB took 1.187 seconds,   42.123 KiB/s Cycles per byte = 927.09
AES-128-GCM-dec             50 KiB took 1.186 seconds,   42.159 KiB/s Cycles per byte = 927.11
AES-192-GCM-enc             50 KiB took 1.405 seconds,   35.587 KiB/s Cycles per byte = 1097.49
AES-192-GCM-dec             50 KiB took 1.405 seconds,   35.587 KiB/s Cycles per byte = 1097.53
AES-256-GCM-enc             50 KiB took 1.623 seconds,   30.807 KiB/s Cycles per byte = 1267.69
AES-256-GCM-dec             50 KiB took 1.623 seconds,   30.807 KiB/s Cycles per byte = 1267.73
GMAC Default               478 KiB took 1.000 seconds,  478.000 KiB/s Cycles per byte =  81.71
3DES                       375 KiB took 1.003 seconds,  373.878 KiB/s Cycles per byte = 104.48
MD5                      10625 KiB took 1.000 seconds, 10625.000 KiB/s Cycles per byte =   3.67
SHA                       5400 KiB took 1.000 seconds, 5400.000 KiB/s Cycles per byte =   7.23
SHA-224                   1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte =  23.30
SHA-256                   1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte =  23.30
SHA-384                   1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512                   1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512/224               1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512/256               1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA3-224                   925 KiB took 1.006 seconds,  919.483 KiB/s Cycles per byte =  42.47
SHA3-256                   875 KiB took 1.008 seconds,  868.056 KiB/s Cycles per byte =  45.02
SHA3-384                   675 KiB took 1.010 seconds,  668.317 KiB/s Cycles per byte =  58.47
SHA3-512                   475 KiB took 1.019 seconds,  466.143 KiB/s Cycles per byte =  83.77
SHAKE128                  1075 KiB took 1.009 seconds, 1065.411 KiB/s Cycles per byte =  36.68
SHAKE256                   875 KiB took 1.008 seconds,  868.056 KiB/s Cycles per byte =  45.02
RIPEMD                    4325 KiB took 1.005 seconds, 4303.483 KiB/s Cycles per byte =   9.07
HMAC-MD5                 10525 KiB took 1.000 seconds, 10525.000 KiB/s Cycles per byte =   3.71
HMAC-SHA                  5375 KiB took 1.004 seconds, 5353.586 KiB/s Cycles per byte =   7.30
HMAC-SHA224               1675 KiB took 1.007 seconds, 1663.357 KiB/s Cycles per byte =  23.48
HMAC-SHA256               1675 KiB took 1.006 seconds, 1665.010 KiB/s Cycles per byte =  23.48
HMAC-SHA384               1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte =  31.38
HMAC-SHA512               1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte =  31.38
PBKDF2                       0 KiB took 1.092 seconds,    0.200 KiB/s Cycles per byte = 194936.64
RSA     2048   public        48 ops took 1.001 sec, avg 20.854 ms, 47.952 ops/sec
RSA     2048  private         2 ops took 9.438 sec, avg 4719.000 ms, 0.212 ops/sec
ECC   [      SECP256R1]   256  key gen         8 ops took 1.159 sec, avg 144.875 ms, 6.903 ops/sec
ECDHE [      SECP256R1]   256    agree         8 ops took 1.154 sec, avg 144.250 ms, 6.932 ops/sec
ECDSA [      SECP256R1]   256     sign         8 ops took 1.176 sec, avg 147.000 ms, 6.803 ops/sec
ECDSA [      SECP256R1]   256   verify         4 ops took 1.119 sec, avg 279.750 ms, 3.575 ops/sec
CURVE  25519  key gen         3 ops took 1.136 sec, avg 378.667 ms, 2.641 ops/sec
CURVE  25519    agree         4 ops took 1.512 sec, avg 378.000 ms, 2.646 ops/sec
ED     25519  key gen        73 ops took 1.004 sec, avg 13.753 ms, 72.709 ops/sec
ED     25519     sign        62 ops took 1.007 sec, avg 16.242 ms, 61.569 ops/sec
ED     25519   verify        40 ops took 1.033 sec, avg 25.825 ms, 38.722 ops/sec
Benchmark complete

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.

Download wolfSSL

Is my part supported?

If you are wondering if your part is supported by wolfSSL, the answer is “Yes!!” That said, what follows is an abbreviated incomplete list sorted by manufacturer:

Note: no matter how hard we try to make these lists, they will never be complete because the week after the list is made, there will be more to add.

Part Manufacturer
S5L SoC Ambarella
Xilinx Zynq Ultrascale+ XCZU9EG AMD
Xilinx Zynq Ultrascale+ AMD
Xilinx Zynq-7000 AMD
Xilinx Versal AMD
Xilinx ZCU102 AMD
Xilinx UltraZed-EG AMD
MAXQ1065 Analog Devices
MAXQ1080 Analog Devices
ADSP-BF516 Analog Devices
Apple A14 Bionic Apple
Apple M1 Max Apple
Apple M1 Apple
Apple A8 Apple
BCM5634 Broadcom
BCM6858 Broadcom
BCM6838 Broadcom
ARMv8 Cortex-A72 ARM
ARMv8 Cortex-A53 ARM
ARMv7 Cortex-A9 ARM
ARMv7 ARM Cortex-A8 ARM
SAMD21Xplained Pro Atmel
SAM E54 Xplained Pro Evaluation Kit Atmel/Microchip
WINC1500 Xplained Pro Extension Kit Atmel/Microchip
AVR UC3 Evaluation Kit – UC3-A3 Xplained Atmel/Microchip
CryptoAuth Xplained Pro Evaluation Kit Atmel/Microchip
CryptoAuthentication Kits Atmel/Microchip
PIC32 MX Atmel/Microchip
PIC32 MZ Atmel/Microchip
PIC24EP512GU810 Atmel/Microchip
PIC24FJ1024GB610 Atmel/Microchip
PIC32MZ Embedded Conecctivity STARTER KIT Atmel/Microchip
PIC32 Multimedia Expansion Board II Atmel/Microchip
PIC32 Ethernet Starter Kit Atmel/Microchip
Wi-Fi Client Module Demo Board Atmel/Microchip
PIC32CZ CA70 Xplained Atmel/Microchip
SAM L11 Xplained Pro Atmel/Microchip
PSoC6 Cypress
CYW43907 Evaluation Kit CYW943907AEVAL1F WICED Cypress
CT8200 ARM FA626TE Dialight
NS9210 Digi
ConnectCore 6 Digi
Arty A7-100T Digilent
ESP8266 Espressif
ESP32 Espressif
ESP32 WROOM Espressif
ESP32 WROVER Espressif
ESP32-S2 Espressif
ESP32-S3 Espressif
ESP32-C3 Espressif
ESP32-C6 Espressif
ESP32-H2 Espressif
SiFive Development Kit HiFive
LeMaker HiKey
TriCore AURIX TX3XX Infineon
GD32VF103 GigaDevice
Sipeed Longan Nano GigaDevice
Google Glass Explorer Edition Version 2.0 Google
Infineon TPM 1.2 Module Infineon
Core i3-7101 Intel
Core i5 Intel
Core i5 with SGX support Intel
Core i7-7600U Intel
Core i7-7820 Intel
Core i7-1255U Intel
Core i7-5850EQ Intel
Core i7-8569U Intel
Core i7-10610U Intel
Core i7-3720QM Intel
Core i7-2640M Intel
Atom C2558 Intel
Atom C3758 Intel
Atom D525 Intel
Atom E3930 Intel
Atom E3940 Intel
Xeon Gold 6338N Intel
Xeon Gold 6230N Intel
Xeon E5-2640 Intel
Xeon E5-2650 Intel
Xeon E5-2403 Intel
Xeon E5335 Intel
Xeon E3 Intel
Xeon E3-1225 Intel
Xeon 1275v3 Intel
Xeon W-2155 Intel
Xeon E-2234 Intel
Xeon E5-2603 Intel
Xeon Silver 4116 Intel
Xeon E-2244G Intel
Xeon X5650 Intel
Xeon Gold 5218 Intel
Xeon Silver 4316 Intel
Xeon Silver 4210 Intel
Galileo Intel
MCB1800 Evaluation Board & Starter Kit Keil
88PA6270 Marvell
WiFi 88MC200 Marvell
Octeon II Marvell
Octeon III Marvell
DS28C36 evaluation system Maxim Integrated
Azure Sphere MT3620 Mediatek
WiFi3 Click MikroElektronika
MinnowBoard V1 MinowBoard
MOD54415LC Netburner
nRF52840 Nordic
i.MX 6SoloX Arm® Cortex®-A9 NXP/Freescale
i.MX6 Quad/DualLite NXP/Freescale
i.MX6 DualLite ARMv7 Cortex-A9 NXP/Freescale
i.MX7 Arm® Cortex®-A7 NXP/Freescale
i.MX25 Arm9™ NXP/Freescale
i.MX 6ULL Arm® Cortex®-A7 NXP/Freescale
i.MX8 Quad Max NXP/Freescale
i.MX7 Dual ARM® Cortex-A7 NXP/Freescale
i.MX-RT1050 NXP/Freescale
i.MX-RT1060 NXP/Freescale
i.MX-RT1064 NXP/Freescale
i.MX-RT1170 NXP/Freescale
i.MX-RTxx NXP/Freescale
i.MX6 NXP/Freescale
i.MX5 NXP/Freescale
i.MX8 NXP/Freescale
MCF547X NXP/Freescale
MCF548X NXP/Freescale
Kinetis K50 NXP/Freescale
Kinetis K60 NXP/Freescale
Kinetis K70 NXP/Freescale
Kinetis K80 NXP/Freescale
Kinetis K64f NXP/Freescale
Kinetis K84f NXP/Freescale
Vybrid VF500 NXP/Freescale
StarCore SC3850 DSP NXP/Freescale
QorIQ T1024 NXP/Freescale
QorIQ T2080 NXP/Freescale
QorIQ P1021 NXP/Freescale
MPC8650 NXP/Freescale
LPC54606 NXP/Freescale
LPCXpresso18S37 NXP/Freescale
LPCXpresso43S37 NXP/Freescale
Coldfire MCF5484CZP200 NXP/Freescale
TWR-K70F120M Tower System module NXP/Freescale
TWR-SER serial module NXP/Freescale
TWR-ELEV primary elevator module NXP/Freescale
TWR-MCF5225X Tower System Module NXP/Freescale
FRDM-K82F NXP/Freescale
FRDM-K64F NXP/Freescale
FRDM-KL46Z NXP/Freescale
X-TWR-K80F150M-S NXP/Freescale
K81 for use with K80 development prototype NXP/Freescale
LCPXpresso Board NXP/Freescale
LPC General Purpose Shield NXP/Freescale
Wireless Mustang Sensor HW Development Package Primex
Snapdragon 865 Qualcomm
Snapdragon 835 APQ8098 / MSM8998 Qualcomm
QB6640-23UF SoC Qualcomm
Krait 400 Qualcomm
Pi Pico RaspberryPi
Pi2 RaspberryPi
Pi3 RaspberryPi
Pi4 RaspberryPi
Pi Zero RaspberryPi
rp2040 RaspberryPi
RX65N Renesas
RX72N Renesas
RX MPU Renesas
Synergy DK-S7G2 Renesas
EFM32G Gecko Silicon Labs
EFR32 Silicon Labs
SLWSTK6023A Silicon Labs
TNETV1050 Texas Instruments
TM4C1294 Texas Instruments
Tiva C Series TM4C1294 Texas Instruments
iMCU7200 EVB Evaluation Board WIZnet

If you do not see your part on this list, don’t worry. Please reach out to us at facts@wolfSSL.com, or call us at +1 425 245 8247 letting us know the details of your system and we can get you in touch with our porting experts. Chances are, it is already done!

If you do see your part and are wondering about benchmarking statistics you can also reach out to facts@wolfSSL.com for performance information. Check out our public benchmarks.

Download wolfSSL

Announcing wolfSSL sniffer support for key log files (SSLKEYLOGFILE)

We are excited to announce that the wolfSSL sniffer now supports TLS session decryption for recorded TLS traffic using a SSLKEYLOGFILE!

If you didn’t already know about our sniffer tool, it is a utility library built into wolfSSL that can be used to capture and decrypt live traffic or recorded PCAP traces. Previously, the sniffer could only decrypt traffic from sessions where either the static private key (RSA, ECC) or the ephemeral key (DHE, ECDHE) was known and able to be provided to the sniffer at runtime. This required keeping track of the private or ephemeral key files for every session you wanted to sniff, which was cumbersome for packet captures containing a large number of sessions, especially for TLS v1.3 where each session would require a new ephemeral key to decrypt.

If your server or client is able to generate a key log file (which wolfSSL can do with the `–enable-keylog-export` option), you can now simply register this file with the sniffer and the sniffer will be able to decrypt all applicable traffic in your packet capture, regardless of the cipher suite used!

To build wolfSSL with the sniffer enabled use the `–enable-sniffer` configure option. To enable key log file support in the sniffer, simply define `WOLFSSL_SNIFFER_KEYLOGFILE`:

./configure --enable-sniffer CFLAGS=“-DWOLFSSL_SNIFFER_KEYLOGFILE”

WolfSSL provides the snifftest demo application that demonstrates how to use the sniffer library to sniff traffic from both live and recorded packet captures. Using the snifftest app to sniff traffic from a packet capture with an associated key log file is as simple as running:

# Sniffs traffic from a server at on port 11111
./snifftest -pcap /path/to/your.pcap \
            -keylogfile /path/to/your/keylogfile.log \
            -server \
            -port 11111 

For more information and examples showing how to get started with the sniffer, please refer to the snifftest demo application and README.

As always, if you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Live Stream: Mastering the cURL Command Line

We are excited to announce that Daniel Stenberg, the creator of cURL, will be hosting a live stream on Mastering the cURL Command Line Training on August 31st at 9 am PT.

Join the live stream: 8/31/2023 at 9 am PT

cURL, a versatile software project, enables you to securely transfer data using various protocols, such as FTP, FTPS, HTTP, HTTPS, and more.

During the live stream, Daniel will dive into the full potential of cURL and how you can utilize cURL in your projects to achieve maximum security in data transfer. Don’t miss out on this exclusive event to gain knowledge and technical skills directly from Daniel Stenberg, the creator of cURL!

Sneak peek of the live stream:

  • An overview of the cURL project
  • Command line essentials, including options, URLs, and advanced features
  • Practical usage of cURL, covering topics like downloads, uploads, and transfer controls
  • In-depth insights into TLS and proxy configurations
  • Exploring HTTP protocols, including methods, response codes, and security
  • Navigating FTP functionalities, including authentication and file transfers
  • Looking at cURL’s future

During the livestream, You will have opportunities to ask questions in the live chat and engage with Daniel to get your questions answered.

If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Added Support for DTLS 1.3 Authentication and Integrity-Only Cipher Suites

As you may already know, DTLS is a protocol designed to secure communication over UDP, particularly suited for constrained IoT devices and use cases where low latency is crucial. wolfSSL stands out as the first provider of a production-ready implementation of the DTLS v1.3 protocol, which is based on TLS v1.3. One of the key advantages of wolfSSL’s DTLS v1.3 implementation is its ability to reuse most parts of the mature wolfSSL TLS 1.3 stack. This not only enables broad hardware support but also ensures that all wolfSSL features, such as post-quantum, HSMs, etc. are supported out of the box.

Indeed only some minor tweaks were needed to add Authentication and Integrity-Only cipher suites support for DTLS v1.3 in wolfSSL version 5.6.2! These cipher suites (TLS_SHA256_SHA256 and TLS_SHA384_SHA384) ensure authentication and integrity but do not provide confidentiality, as messages are sent in clear form. This means that you can be assured of the identity of the communicating entities and promptly detect any unauthorized modifications of the messages, even if they can be read by anyone that can intercept the communication.

There are numerous use cases where authenticity and integrity are of utmost importance, even if confidentiality is not a requirement. This can be especially advantageous for memory and performance-constrained devices, where no confidentiality can lower the number of required cryptographic algorithms, leading to efficient utilization of scarce resources. Industrial automation, industrial control, railways, and civil avionics are a few examples of industries where these cipher suites find practical applications. In other scenarios, third-party inspection of the communication is needed while preserving authenticity and integrity properties; this is also supported thanks to the lack of confidentiality of these cipher suites.

For example RFC 9372 (L-Band Digital Aeronautical Communications System – LDACS), explain how ICAO doc 9896 foresee layer security for all aeronautical data and that DTLS v1.3 provides the security requirement reported from ARINC 858P1. To further insights into how Authentication and Integrity-Only Cipher Suites can be used, refer to RFC 9150, which outlines typical use case scenarios.

In summary wolfSSL’s DTLS v1.3 implementation offers yet another feature: the ability to run on highly constrained memory and performance devices with Authentication and Integrity-Only Cipher Suites. This paves the way for providing authentication and integrity protection while allowing third-party inspection of the communication. To start exploring these capabilities, you can download the source code from our repository on GitHub at https://github.com/wolfSSL/wolfssl.

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

TLS on the Microchip PIC24

Looking to add TLS to your PIC24 application? Given the resource constraints of the MCU, the wolfSSL lightweight library is the ideal TLS solution for you.

As you may know, wolfSSL has been leveraged in a variety of embedded use cases whether its for its low footprint, high performance, or its cutting-edge crypto engine, wolfCrypt. Now after some recent work, users can take advantage of these same qualities on the 16-Bit PIC24. The libraries’ configurability allows users to focus on their code instead of exhaustive attempts to fit it into ROM alongside their application.

Interested in ensuring secure communication in your PIC24?

As always, if you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Live Webinar: SM Ciphers are now implemented in wolfSSL; how to access them, use them, and what sets them apart

We are excited to announce that the SM cipher webinar will once again be available for those residing in the European time zone! We invite you to join us for an enlightening webinar discussing the launch of wolfSSL’s SM cipher implementations.

Watch the webinar here: SM Ciphers are now implemented in wolfSSL; how to access them, use them, and what sets them apart

As many people know, Chinese government regulators are now mandating use of SM2, SM3 and SM4 in critical systems, including automobiles, avionics, power systems, and communication systems. Since many of our customers are multi-nationals that do business in China, they have been requesting the addition of these algorithms in wolfSSL products.

We recently released our supported versions of SM2, SM3, and SM4, with the intention to release the ZUC stream cipher at some point this year to completely satisfy SM9. We are also in contact with labs regarding support of OSCCA certification at some point in the future. This is really great news for our customers in Chinese markets!

For those readers considering using wolfSSL products, here’s some additional notes:

  1. The SM Ciphers are fully supported in wolfSSL’s TLS 1.3 and DTLS 1.3 implementations.
  2. wolfSSH, wolfBoot and our other products will support ShangMi ciphers.
  3. ARM, Intel, and RiscV assembly is in the works for our SM implementations for maximum performance
  4. We support bare metal for SM2, SM3, and SM4.
  5. We have maximized performance and minimized size, so the ShangMi algorithms will work well for embedded systems use cases on a wide variety of microcontrollers (MCU’s). They will be available for all of the MCU silicon that we currently support, including STM32, NXP i.MX, RISC-V, Renesas RA, RX, and Synergy, Nordic NRF32, Microchip PIC32, Infineon Aurix, TI MSP, and many others.
  6. Our GPLv2 versions of the SM ciphers are available for download on GitHub

Commercially licensed versions are available.

Watch it now!

As always, our webinars will include Q&A sessions throughout the webinar. If you have questions about the ShangMi ciphers and algorithms, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Experimental support for realm

Looking to add FIPS-certified crypto to your Realm database app? WolfSSL can help!

We are working on getting wolfSSL upstreamed into Realm as a TLS and crypto provider, and can provide a preliminary version tested on Linux for interested customers. We can also work with you to get other platforms like Android and iOS supported by request.

If you want your Realm database to harness the power and security of wolfSSL, please reach out to us and let us know!

As always, if you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Static library framework for Apple devices

We’ve got an exciting new update for our Apple ecosystem support! wolfSSL now contains a script that automates building and packaging wolfSSL static libraries as an XCFramework that can run on all Apple platforms and targets, further simplifying integration into your Xcode projects.

Instead of manually adding all wolfSSL source files to your Xcode project and having to use a user_settings.h file, you can now simply run the script with your desired configure options to build and package wolfSSL, and then drag-and-drop the imported framework bundle into XCode. The framework bundle contains wolfSSL static libraries targeting all modern Apple platforms and simulators. This includes MacOS (arm64, x86_64), iPhone (arm64), iPhoneSimulator (arm64, x86_64), appleTV (arm64), appleTVSimulator (arm64, x86_64), appleWatch (arm64), and appleWatchSimulator (arm64, x86_64). We also include a new “wolfssl-multiplatform” demo application in Xcode demonstrating how a swift application can use a “bridging header” to call into C code and use wolfSSL.

You can find the new build utilities and the “wolfssl-multiplatform” example app in the wolfSSL source tree at IDE/apple-universal. Check out the README to get started. Integrating wolfSSL to your Xcode project has never been easier!

As always, if you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

How and why to use ECH (Encrypted Client Hello)

In early 2023 wolfSSL added support for the Encrypted Client Hello draft extension for TLS 1.3 (formerly known as Encrypted Server Name Indication(ESNI)). The Encrypted Client Hello (ECH) extension encrypts the client_hello message meant for a TLS 1.3 server and sends it as an extension of an outer client_hello that has the sensitive fields removed. This encryption obfuscates the sensitive parts of the client_hello (such as the Server Name Indication (SNI)) from any passive observer that may capture the client_hello.

Why use ECH?

Data in the client hello can be used to identify which site a client is trying to access behind a reverse proxy, which may be used to track the user across the internet or disrupt a reverse proxy by identifying the number of servers active or where the server may be geographically. If you would like more detailed information on ECH, check out the draft extension and for more information on reverse proxies checkout Cloudflare’s article on proxies.

We recently added a new example of how to set up our TLS 1.3 server to use ECH, available at https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/server-ech-local.c along with an example client that will set the ECH configs out of band and then connect to it https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-ech-local.c. When the server starts it creates ech-configs, which are a list of Hybrid Public Key Encryption (HPKE) keys and server names that the server will accept for an ECH connection. Once the configs are generated they can be shared out of band with the client or can be obtained through the retry-configs method by connecting and disconnecting the client with a GREASE ECH. In this example the server will print out the base64 encoded configs that can then be passed to the example client as a command line argument and it will load the configs and use them for ECH. In a typical real world application the ECH configs would be published as a DNS record that the client’s web server fetches but that is outside the scope of wolfSSL.

For more information on HPKE check out our blog post. For an example of how to obtain ECH configs through the retry-configs method, check out our other ECH example. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Posts navigation

1 2 3