Month: May 2025

Announcing wolfMQTT v1.20.0: Now with WebSocket Support

We are excited to announce the release of wolfMQTT v1.20.0, which introduces WebSocket support as its headline feature. This release continues our commitment to providing a lightweight, secure, and feature-rich MQTT client implementation for embedded systems and IoT applications.

What’s New in v1.20.0

The wolfMQTT v1.20.0 release includes several significant enhancements:

WebSocket Support

The most notable addition in this release is comprehensive support for MQTT over WebSockets. This feature allows wolfMQTT clients to connect to MQTT brokers through WebSocket endpoints, which is particularly valuable in environments where traditional MQTT ports might be blocked or when integrating with web applications.

Both standard WebSockets and secure WebSockets (WSS) are now supported, providing flexibility for various security requirements:

  • Standard WebSockets: Connect to brokers using the WebSocket protocol without encryption
  • Secure WebSockets: Use TLS to encrypt the WebSocket connection for enhanced security

Secure WebSocket CI Testing

To ensure the reliability of the new WebSocket functionality, we’ve added continuous integration testing specifically for secure WebSockets. This testing helps maintain the high quality and stability that users expect from wolfMQTT.

Improved CMake Support

This release includes improvements to the CMake build system:

  • Enhanced duplicate component checking in CMake builds
  • Better compatibility with the latest Managed Components

Additional Improvements

  • Updated examples for the latest Managed Components
  • Fixed an issue with OQS’s Mosquitto being out of date

About wolfMQTT

wolfMQTT is a lightweight, embedded MQTT client implementation written in C that supports SSL/TLS via the wolfSSL library. It was built from the ground up to be multi-platform, space conscious, and extensible. The library supports:

  • MQTT v3.1.1 and v5.0 protocols
  • MQTT-SN (MQTT for Sensor Networks)
  • Quality of Service (QoS) levels 0-2
  • TLS encryption via wolfSSL
  • Non-blocking communications
  • Multithreading for parallel operations
  • Integration with popular IoT platforms (AWS IoT, Azure IoT Hub, IBM Watson IoT)

Getting wolfMQTT v1.20.0

The wolfMQTT v1.20.0 release is available now on our download page and GitHub.

Release 1.20.0 has been developed according to wolfSSL’s development and QA process and successfully passed the quality criteria.

Check out the ChangeLog for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions.

While you’re there, show us some love and give the wolfMQTT project a Star!

You can download the latest wolfMQTT release from our website or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Advanced libcurl with Daniel Stenberg

Looking to master libcurl beyond the basics? Join Daniel Stenberg, creator of curl, for a live webinar on May 8th at 10 AM PT, focused on advanced libcurl techniques for real-world use.

This live webinar is ideal for developers integrating libcurl into performance-critical applications or anyone ready to explore libcurl APIs in depth.

Register Now: Advanced libcurl
Date: May 8th | 10 AM PT

What You’ll Learn:

  • Libcurl debugging best practices
  • Setting up complex transfer configurations
  • Using transfer control for precision workflow
  • Managing concurrent transfers with the Multi API
  • Sharing resources through the Share API
  • Simplifying URLs with the URL API
  • Managing HTTP headers through the Headers API

This practical session will help you optimize, debug, and scale your data transfers. Whether you’re looking to manage concurrent transfers or dive into advanced libcurl APIs, this webinar will provide the expert guidance you need.

Register now to reserve your spot and learn from the creator of curl.

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Chimera Certificate Standards Compliance

In the evolving landscape of cryptographic security, supporting multiple signature algorithms within a single certificate has become increasingly important. These certificates are known as Chimera certificates, a moniker coined by the X9.146 banking standards team. They provide enhanced security, flexibility, and agility, especially for the transition to post-quantum cryptography. As well, wolfSSL also understands the new TLS 1.3 CKS extension as defined by the X9.146 banking standard draft.

Chimera certificates are X.509 certificates that contain two public keys and signatures. These certificates are implemented through the use of three extensions:

  • Subject Alternative Public Key Info (SAPKI): Contains an alternative public key
  • Alternative Signature Algorithm: Specifies the algorithm used for the alternative signature
  • Alternative Signature Value: Contains the actual bitstring of the alternative signature

In X.509 certificates, extensions can be marked as either “critical” or “non-critical.” Critical extensions MUST be understood and processed by the certificate validator. If a validator doesn’t recognize a critical extension, it MUST reject the certificate. Non-critical extensions can be safely ignored if not understood.

Before release 5.8.0, wolfSSL’s dual algorithm certificate implementation did not properly support the parsing of these extensions if they were marked as Critical. This was because the whole purpose of these extensions was to facilitate migration by allowing unmigrated systems to ignore the alternative public key and signatures. In that context, marking these extensions as critical made no sense.

That said, these extensions are standardized in the 2019 edition of the ITU-T X.509 standard. In that document, under recognition that there might be other future applications for these extensions, marking these extensions as critical is permitted.

The addition of critical extension support for Chimera certificates extensions represents an important compliance step. Without standards, interoperability would not be possible.

As the cryptographic landscape continues to evolve, especially with the ongoing transition to post-quantum algorithms, enhancements such as Chimera certificate support will become increasingly valuable. wolfSSL continues to demonstrate its commitment to providing a robust, standards-compliant, and forward-looking cryptographic library.

If you have question about any of the above, please contact us at >a href=”mailto”facts@wolfssl.com”>facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfProvider Integration with nginx: Secure Your Web Server with wolfSSL FIPS Cryptography

Securing web servers with robust cryptography is essential in today’s threat landscape. wolfProvider offers a seamless way to enhance nginx security by integrating wolfSSL’s high-performance cryptographic implementations through OpenSSL’s provider framework. This integration allows nginx to leverage wolfSSL’s FIPS cryptography without modifying code.

What is wolfProvider?

wolfProvider is an OpenSSL provider that integrates the wolfCrypt FIPS cryptographic library with OpenSSL’s provider framework. It allows applications using the OpenSSL API, such as nginx, to seamlessly leverage wolfSSL’s FIPS approved cryptographic implementations without modifying application code.

Supported nginx Versions

Our continuous integration testing confirms compatibility with the following nginx versions:
nginx master branch
nginx release-1.27.4

Key Benefits for nginx users

  • Enhanced Security: Access to wolfSSL’s FIPS 140-2/3 validated cryptographic modules for compliance requirements
  • Optimized Performance: Benefit from wolfSSL’s highly optimized cryptographic implementations
  • Seamless Integration: No modifications to nginx or openssl, a simple config file change enables new wolfProvider integration
  • Comprehensive Algorithm Support: Full suite of modern cryptographic algorithms including:
    • AES (128/192/256-bit with ECB, CBC, CTR, GCM, CCM modes)
    • RSA, RSA-PSS for signing, verification, and key operations
    • ECC with ECDSA and ECDH support
    • SHA-1, SHA-2, and SHA-3 family hash functions

Testing and Verification

Our GitHub Actions workflows automatically test the integration to validate the following functionality:

TLS handshakes complete successfully
HTTP/2 connections work properly
Stream and mail modules function correctly
All cryptographic operations perform as expected

Stay updated with wolfProvider for ongoing enhancements! If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2