As our readers know, wolfSSL is currently the leader in embedded FIPS certificates. The wolfCrypt module holds the world’s first SP800-140Br1 FIPS 140-3 Validated Certificate #4718. One of the things that is critical to our users is Key Derivation Functions. Key derivation functions are consumed by TLS 1.2, TLS 1.3, and SSH. We will support […]
Read MoreMore TagMonth: July 2024
Why wolfSSH is Immune to the regreSSHion
Recently, Qualys found an exploit in OpenSSH’s sshd server application that they named regreSSHion. This exploit lets attackers run arbitrary code by exploiting a race condition in a signal handler. wolfSSH is not a port or fork of OpenSSH. It is written from scratch by wolfSSL Inc. While wolfSSHd is using the same alarm signal […]
Read MoreMore TagWhy Would You Want wolfSSL’s FIPS 140-3 Certificate
As our readers know, wolfSSL is currently the leader in embedded FIPS certificates. The wolfCrypt module holds the world’s first SP800-140Br1 FIPS 140-3 Validated Certificate #4718, valid through July 10th, 2029. There are a few significant changes coming with FIPS 140-3. Over the years with many specification updates, a few things got a little inconsistent, […]
Read MoreMore TagEclipse Mosquitto Broker with wolfSSL
The wolfSSL team has expanded our Open Source Projects repository with a port for Mosquitto, an open source MQTT broker. Mosquitto users can benefit from wolfSSL’s lightweight SSL/TLS library. Why should you use wolfSSL with Mosquitto? Portability across platforms and OS/RTOS environments Low/optimized memory use (runtime and footprint) Best-tested SSL/TLS/crypto implementation available, reducing vulnerabilities Current […]
Read MoreMore TagACVP and FIPS 140-3
As many in the FIPS world are aware NIST retired CAVP (Cryptographic Algorithm Validation Protocol) testing on June 30th of 2020, permanently replacing CAVP with ACVP (Automated Cryptographic Validation Protocol), also referred to as ACVTS (Automated Cryptographic Validation Test System). In order to prepare for this transition NIST offered a “demo server” that Vendors like […]
Read MoreMore TagLive Webinar: Medical Device Security
Learn a comprehensive overview of the current medical device landscape, the associated security challenges, and how wolfSSL’s solutions can help you navigate these complexities effectively. Check it out: Medical Device Security: Key Strategies for Cyber Security and Data Protection In the rapidly evolving medical device sector, ensuring the security and integrity of devices is paramount. […]
Read MoreMore TagFIPS 140-3 and the TLS KDF
There has been a little turmoil between the CAVP and the FIPS community regarding the TLS KDF. The CAVP deprecated testing of the kdf-component-tls-1.0 at the beginning of the year. The community wasn’t ready and it was temporarily un-deprecated. wolfSSL and our wolfCrypt cryptography library are ready for the transition to the RFC7627 TLS KDF. […]
Read MoreMore TagChanges to Maximum Alternative Names Macro in wolfSSL
In the 5.7.2 release, a new macro WOLFSSL_MAX_ALT_NAMES was introduced to limit the maximum number of allowed subject alternative names to a default value of 128 to prevent a possible denial of service attack. Unfortunately, after the release, some commonly used certificates were brought to our attention that have more than 128 subject alternative names. […]
Read MoreMore TagFIPS 140-3 and SHA-1 Retirement
In December 2022, NIST announced that the venerable SHA-1 algorithm, introduced in 1995, is at end-of-life. While wolfSSL does not use or recommend SHA-1 for new designs, we implement and support it in our products. With the NIST announcement, that will soon change for new FIPS 140 submissions, as we too will retire SHA-1. The […]
Read MoreMore TagwolfProvider Release 1.0.0
wolfSSL is proud to announce the release of wolfProvider 1.0.0. This release is the first official support for being a Provider for OpenSSL 3.x. Intended for use by customers who want to have a FIPS validated module, but are already invested in using OpenSSL. The provider gives drop-in replacements for the cryptographic algorithms used by […]
Read MoreMore Tag