RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL 5.7.0 Now Available!

Version 5.7.0 of wolfSSL is now available! Many new and exciting features were added in this release. Near the top of that list is the addition of our Kyber implementation along with other post quantum algorithm support. This empowers you to future-proof your security measures, ensuring robust protection against evolving threats. In addition to introducing new features, we’ve addressed three vulnerabilities in this release. Two of these fixes target vulnerabilities related to row hammer attacks, while the other addresses a TLS 1.3 server-side issue. We take security seriously, and you can find more information about these fixes on our vulnerability page (https://www.wolfssl.com/docs/security-vulnerabilities/).

A full list of fixes, additions, and optimizations can be found in the ChangeLog, here are some of the highlights!

  • Experimental framework for using wolfSSL’s XMSS and LMS implementation. Explore and test advanced cryptographic techniques within the wolfSSL ecosystem. (PR 7161 & PR 7283)
  • Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with –enable-experimental –enable-kyber. Proactively prepare for quantum computing threats with Kyber integration and assembly optimizations. (PR 7318)
  • The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new –enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems. In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation.
  • BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations. Handles large data streams more effectively during PKCS7 operations. (PR 6961 & 7184)
  • Microchip PIC24 support and example project expands compatibility, facilitating integration with Microchip’s PIC24 microcontrollers. (PR 7151)
  • AutoSAR shim layer provides a standardized interface for RNG, SHA256, and AES (PR 7296)
  • wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)

This is a small subset of the optimizations and enhancements made in the last release are as follows:

  • Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
  • Support for RSA-PSS signatures with CRL use (PR 7119)
  • Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
  • Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
  • Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
  • Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)

Visit our download page or wolfSSL GitHub repository to download the latest release. If you have questions about any of the above, feel free to email us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: wolfSSL 2024 Roadmap

Discover the Future of Cybersecurity with wolfSSL. Join wolfSSL 2024 Roadmap Webinar. Mark your calendar for April 17th at 10am PT as we unveil the wolfSSL 2024 Roadmap. Duration of this webinar is about one hour. This highly anticipated event promises an exclusive preview of the groundbreaking developments shaping the future of wolfSSL.

During the webinar, wolfSSL will delve into upcoming features, enhancements, and advancements that will revolutionize the cybersecurity landscape in 2024.

Save the date: April 17th | 10am PT

It’s an unique chance to learn the key highlights of the wolfSSL 2024 Roadmap. From cutting-edge technologies to strategic partnerships, this webinar will provide valuable insights into the direction of wolfSSL and its role in safeguarding digital assets across various industries such as satellite, automotive, aerospace and much more.

Don’t miss this opportunity to be part of the conversation and shape the future of cybersecurity with wolfSSL. Register today for the wolfSSL 2024 Roadmap Webinar to secure your spot.

As always, our webinar includes Q&A sessions throughout. If you have any questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Managed Component v5.7.0 Update for for Espressif

Recently we announced our release of wolfSSL version 5.7.0. This release is now available in the Espressf Managed Component library.

Getting started with wolfSSL in Espressif projects has never been easier. See our prior blog with details on Getting Started with wolfSSL as a Managed Component.

Find out more

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.

See also:

Download wolfSSL Now

Building Qt 5.15 with wolfSSL Support

Did you know that you can build Qt 5.15 against the wolfSSL embedded SSL/TLS library instead of the default OpenSSL backend? Using wolfSSL as the TLS provider in Qt offers many advantages depending on application and industry. Some of these may include:

To compile wolfSSL for Qt, use the following configure options:

$ cd wolfssl
$ ./autogen.sh
$ ./configure  --enable-qt --enable-qt-test --enable-alpn --enable-rc2 --prefix=/path/to/wolfssl-install\
 CFLAGS="-DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS=0x1b"
$ make
$ make install

Depending on the environment, adding wolfSSL install path to LD_LIBRARY_PATH for Qt build

LD_LIBRARY_PATH=/path/to/wolfssl\install/lib:$LD_LIBRARY_PATH

To compile Qt with the wolfSSL follow the steps below:

  1. Follow the Building Qt Guide to download needed Qt dependencies and initialize the Qt repository. To clone Qt for v5.15.x, you can use the following command:
    $ git clone git://code.qt.io/qt/qt5.git --branch v5.15.x
    
  2. Init Qt repository
    $ cd qt5
    $ ./init-repository --module-subset=qtbase
    
  3. Apply the wolfSSL Qt patch file to qt5.
    $ wget https://raw.githubusercontent.com/wolfSSL/osp/master/qt/wolfssl-qt-515.patch
    $ cd qtbase
    $ git apply -v ../wolfssl-qt-515.patch
    
  4. Configure Qt5
    $ cd ../../
    $ mkdir build
    $ cd ./build
    $ ../qt5/configure -opensource -wolfssl-linked -confirm-license -ccache -no-pch -developer-build -I/path/to/wolfssl-install/include/wolfssl -I/path/to/wolfssl-install/include
    
  5. Build Qt
    $ make
    

To find more detailed steps and then run test cases, you can find them in README at our ops repository.

If you have questions about any of the above, feel free to email us at facts@wolfSSL.com or support@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL Now

cURL Up 2024 – Save The Date

Exciting news from cURL! We’re thrilled to announce the return of curl-up, scheduled to take place in Stockholm, Sweden from May 4th to the 5th! Our goal is to bring the community together for an unforgettable weekend of collaboration and learning.

We’re inviting all curl contributors, maintainers and fans to join us. Perfect opportunity for you to engage with Daniel Stenberg, the cURL founder, and maintainer of cURL, as well as other speakers and industry experts.

Save the date

  • Date: May 4th to the 5th
  • Location: Stockholm, Sweden

Stay updated on event details, including venue and agenda, on our dedicated web page, curl-up 2024. We’re open to agenda suggestions. Share your ideas on a curl mailing list or in the discussions section.

We would like to support our top-100 contributors with traveling and lodging expenses. Please read the funding attendance to see the regulation and eligibility requirements.

Registration is mandatory. Register now to secure your space! Let’s make curl-up 2024 an unforgettable weekend. See you there!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 9247.

Download wolfSSL Now

wolfSSL leading provider of cryptography and network security is leveraging wolfBoot in Avionic Systems

wolfSSL supports DO-178 secure boot on Intel’s 11th Gen Intel® Core™ Tiger Lake platform with TPM support and DO-178 certified artifacts.

EDMONDS, Wash., April 8, 2024 /PRNewswire-PRWeb/ — wolfSSL a leading provider of cryptography and network security is excited to share updates on new products and technology at Embedded World this April 9 – 11th in Nuremberg, Germany at Booth # 4-612.

wolfBoot in Avionic Systems:

wolfBoot, coupled with wolfCrypt cryptography library, offers a robust solution for avionic systems requiring DO-178C certification at specified Design Assurance Levels (DAL). This integration provides several advantages:

DO-178C Certification: wolfBoot can undergo the DO-178C certification process, meeting the stringent requirements for avionics applications. wolfSSL Inc. can provide the necessary certification evidence, ensuring compliance with aviation standards.

Code Optimization: wolfBoot allows for feature configuration and code tuning to minimize line count, thereby reducing costs and accelerating time to market. This optimization is crucial in avionics software development where efficiency and reliability are paramount.

Flexibility and Customizability: wolfBoot supports hardware-based cryptography and secure key storage solutions, including Intel-specific optimizations and TPM 2.0 modules. This flexibility enables integration with various hardware configurations and security architectures required in avionics systems.

Secure Boot Solutions: wolfBoot supports FIPS 140-2 or FIPS 140-3 validated cryptography for secure boot processes, ensuring firmware integrity and protection against malicious attacks during boot-up.

Acceleration on Intel Processors: Utilizing wolfCrypt on 11th Gen Intel Core processors offers significant performance enhancements. Intel AVX2 instructions accelerate SHA2 algorithms for verifying firmware integrity, while AES-NI instructions boost encryption and decryption operations for AES-encrypted firmware images.

Integration with Other Intel Security Features: With Intel’s emphasis on processor and platform security, there is potential for wolfBoot to extend its support for additional security features, leveraging Intel’s advancements in this domain.

The integration of wolfBoot and wolfCrypt on Intel processors provides a comprehensive solution for avionics. wolfBoot can meet all certification requirements, performance needs, and resource restrictions.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

The New wolfSSL “Experimental” Framework

The experimental framework in wolfSSL includes several components aimed at enhancing its capabilities, particularly in the realm of post-quantum cryptography. Here are some key aspects of the framework:

  • XMSS Implementation: wolfSSL’s Extended Merkle Signature Scheme (XMSS) implementation is available upon request. It is a stateful hash-based cryptographic signature scheme
  • LMS Implementation: wolfSSL’s Leighton-Micali Signature (LMS) scheme is also available upon request. It is another stateful hash based signature scheme that provides security against quantum computer attacks.
  • Kyber Implementation: The framework includes an experimental implementation of the Kyber (AKA ML-KEM) algorithm, a post-quantum key encapsulation mechanism. This is coupled with assembly optimizations and is already included in wolfSSL; no need for special request!
  • Post-Quantum Dual Key/Signature Certificates: Support for dual algorithm certificates is part of the experimental features, which is crucial for transitioning to post-quantum cryptography.

These features are part of wolfSSL’s efforts to stay ahead in the security domain by incorporating next-generation cryptographic standards and preparing for the advent of quantum computing. For more detailed information or to access these experimental features, you can visit the wolfSSL GitHub repository or download wolfSSL release 5.7.0 or higher.

Note that while these features are a part of the experimental framework, backwards compatibility should not be expected. As features eventually move out of the experimental framework, that is when backwards compatibility and stability can be expected.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Inc. Unveils Cutting-Edge Cryptography and Network Security Solutions at Embedded World 2024

wolfSSL Inc. is a leading provider of cryptography and network security solutions, offering a comprehensive suite of products and services designed to secure embedded systems, IoT devices, and connected applications. With a commitment to innovation and excellence, wolfSSL empowers developers worldwide to build secure, scalable, and efficient solutions for the most demanding cybersecurity challenges.

EDMONDS, Wash., April 8, 2024 /PRNewswire-PRWeb/ — wolfSSL Inc. Unveils Cutting-Edge Cryptography and Network Security Solutions at Embedded World 2024

wolfSSL Inc., a globally renowned leader in cryptography and network security solutions, is thrilled to announce its participation at Embedded World 2024, scheduled to take place from April 9th to 11th in Nuremberg, Germany. The company will showcase its latest innovations and advancements in the realm of cybersecurity at Booth #4-612.

Embedded World serves as a premier platform for companies to unveil their latest technologies and engage with industry professionals, and wolfSSL is poised to make a significant impact with its array of groundbreaking products and services.

Among the highlights of wolfSSL’s showcase are:

  1. Kyber: A cutting-edge post quantum cryptographic algorithm designed for robust security in a variety of applications. As a Key Encapsulation Method Kyber ensures the security of symmetric key material.
  2. LMS (Leighton-Micali Signature): An innovative digital signature scheme offering enhanced security and efficiency. LMS is particularly valuable in today’s evolving cyber threat landscape due to its resilience against quantum computing threats.
  3. XMSS (eXtended Merkle Signature Scheme): A state-of-the-art digital signature scheme known for its resistance against quantum computing attacks, providing long-term security for critical systems.
  4. SM Ciphers: wolfCrypt now includes the Chinese SM variants of hashing, encryption, and digital signatures.
  5. CNSA 2.0 Support: wolfSSL demonstrates its commitment to staying ahead of evolving security standards by offering support for the latest Cryptographic Algorithm Validation Program (CAVP) requirements, including CNSA 2.0 cryptographic algorithms.
  6. DTLS 1.3: Datagram Transport Layer Security version 1.3, is the latest iteration of the DTLS protocol, which is based on the TLS (Transport Layer Security) protocol. It is designed to provide secure communication for datagram protocols, such as UDP (User Datagram Protocol). DTLS 1.3 brings several improvements over its predecessors, including enhanced security features, improved performance, and reduced latency. The latest version incorporates modern cryptographic algorithms and techniques, offering stronger protection against various security threats, while optimizing the protocol for better efficiency in real-world applications.
  7. wolfBoot: A secure bootloader solution designed to protect embedded systems from unauthorized access and tampering. wolfBoot ensures the integrity of the boot process against malicious attackers.
  8. wolfCrypt DO-178: A DO-178C certified cryptographic library, compliant with the rigorous safety standards required for avionics and other safety-critical systems.

“We are excited to showcase our latest innovations and technology offerings at Embedded World 2024,” said Larry Stefonic, CEO of wolfSSL Inc. “As a leading provider of cryptography and network security solutions, we are committed to empowering developers with the tools they need to build secure and resilient embedded systems. We look forward to engaging with attendees and demonstrating how our solutions can address the evolving cybersecurity challenges faced by industries worldwide.”

Visit wolfSSL at Booth #4-612 during Embedded World 2024 to learn more about their cutting-edge products and solutions, or visit wolfssl.com for additional information.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Where to find the Wolves: wolfSSL is heading to Embedded World

Secure your Embedded Projects with wolfSSL, the Best Tested Cryptography.

The wolfSSL team is heading to Embedded World Exposition and Conference April 9th through the 11th in Nuremberg Germany.

Come stop by and meet our team at Hall 4 Booth 612.

Discover how wolfSSL’s advanced security solutions can safeguard your embedded development. If you prefer to set a specific time with our engineers, email us at facts@wolfSSL.com

Protect your security assets by staying one step ahead of cyberattacks with wolfSSL’s cutting-edge cryptography. With over 2 billion connections secured, our partners trust in the best tested cryptography designed to safeguard embedded projects. Head over to wolfssl.com/download to download our open source products.

Unmatched Efficiency for Resource-Constrained Devices

  • Lightweight and Portable: Written in C, wolfSSL boasts a compact footprint, 20x smaller than OpenSSL, minimizing memory usage and maximizing performance on even the most resource-constrained microcontrollers and processors. Integrate robust security into your embedded systems without sacrificing functionality or performance.
  • Reduced Power Consumption: Minimizes power consumption, making it ideal for battery-powered devices and applications where extending battery life is critical. View our benchmarks.

Streamlined Development & Integration

  • Simplified Development: wolfSSL provides documented and user-friendly API, allowing developers of all experiences to quickly and easily integrate secure communication into their projects.
  • OpenSSL Compatibility Layer: For those familiar with OpenSSL, wolfSSL offers a compatibility layer that simplifies the transition, reducing development time and effort.
  • Industry Leading Support: All of our products are backed with up to 24/7 support from our engineering team.
  • Winbond Hardware Security for Secure Firmware Updates: wolfSSL supports Level Metering Scheme (LMS) compatibility. This allows wolfSSL to work with Winbond hardware-based LMS to ensure the authenticity of a firmware image during over-the-air (OTA) updates for an IoT target device. An IoT device typically uses Winbond flash memory for storage and runs wolfSSL for security. With this compatibility, the device can verify the firmware update it receives is genuine and hasn’t been tampered with before installing it. This helps to protect the device from unauthorized modifications and potential security risks. Additionally, wolfSSL can provide the secure TLS or DTLS connection to the cloud and use wolfMQTT to manage the FW update. In combination with Winbond’s ongoing hardware crypto validation, wolfSSL can deliver FIPS 140-3 compliant solutions for customers demanding the highest security and compliance.

Futureproof Security for Advanced Threats

FIPS Compliance and Dual Licensing

  • FIPS 140-2 Certified wolfCrypt Module: For applications demanding the highest level security and regulatory compliance, wolfSSL offers the FIPS 140-2 certified wolfCrypt module. https://www.wolfssl.com/license/fips/

Want to learn more information on our products?

wolfSSL

Lightweight embedded SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.

  • wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2 levels, and is up to 20 times smaller than OpenSSL.
  • Offers a simple API, OpenSSL compatibility layer, OCSP and CRL support, and offers several progressive ciphers.

wolfCrypt

Embedded Cryptography Engine

  • Lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
  • Commonly used in standard operating environments as well due to royalty-free pricing and great cross platform support.
  • Supports algorithms and ciphers including ChaCha20, Curve25519, NTRU, and SHA-3.

wolfSSL Support for DO-178C DAL A

Enabling Secure Boot & Secure Firmware Update for Avionics

  • RTCA DO-178C level A certification.
  • wolfSSL offers DO-178 wolfCrypt as a commercial off-the-shelf (COTS) solution for connected avionics applications.
  • Adherence to DO-178C level A is supported through the first wolfCrypt COTS DO-178C certification kit release that includes traceable artifacts for the following encryption algorithms:
    • SHA-256 and SHA-384 for message digest.
    • AES for encryption and decryption.
    • RSA to sign and verify a message.
    • ChaCha20-Poly1305 for authenticated encryption and decryption.
    • ECC to sign, verify and share secrets.
    • HMAC for keyed-hashing for message authentication.
  • Provides the proper cryptographic underpinnings for secure boot and secure firmware update in commercial and military avionics.

wolfTPM

TPM 2.0 designed for embedded use. wolfTPM is highly portable – written in native C, having a single IO callback for SPI hardware interface, no external dependencies, and its compacted code with low resource usage.

  • Open-source TPM 2.0 stack with backward API compatibility.
  • Native support for Linux & Windows.
  • RTOS and bare metal environments can use a single IO callback for SPI hardware interface, no external dependencies, and compact code size with low resource usage.
  • Offers API wrappers to help with complex TPM operations like attestation and examples to help with complex cryptographic processes like the generation of Certificate Signing Request (CSR) using a TPM.
  • Easy to compile on new platforms.

wolfMQTT

Client implementation of the MQTT written in C for embedded use.

  • Message Queuing Telemetry Transport is a lightweight open messaging protocol that was developed for constrained environments such as M2M (Machine to Machine) and IoT (Internet of Things), where a small code footprint is required.
  • Based on the Pub/Sub messaging principle of publishing messages and subscribing to topics.
  • The MQTT specification recommends TLS as a transport option to secure the protocol using port 8883 (secure-mqtt), as the MQTT protocol does not provide security on its own. Constrained devices benefit from using TLS session resumption to reduce the reconnection cost.
  • The wolfMQTT library is a client implementation of the MQTT written in C for embedded use. It supports SSL/TLS via the wolfSSL library. From this, it can provide the security that the MQTT protocol lacks.
  • Built from the ground up to be multi-platform, space conscious and extensible. Supports all Packet Types, all Quality of Service (QoS) levels 0-2 and supports SSL/TLS using the wolfSSL library. This implementation provides support for MQTT v5.0 and MQTT v3.1.1. Including client support for MQTT-SN (Sensor Network).

wolfSSH

Lightweight SSHv2 server library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.

  • Commonly used in standard operating environments due to royalty-free pricing and excellent cross platform support.
  • wolfSSH is powered by the wolfCrypt library. A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfSSL.com

wolfBoot

Secures the boot process of your device against malicious attacks that seek to replace your firmware and take control of your device, and/or steal its data.

  • Portable secure bootloader that offers firmware authentication and firmware update mechanisms. Due to its minimalistic design and tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application.
  • Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
  • Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
  • Please email us at facts@wolfSSL.com with any questions about Secure Boot.

wolfSentry

A universal, dynamic, embedded IDPS (intrusion detection and prevention system)

  • Dynamic Firewall Engine: Analyzes network traffic for suspicious activity using static and dynamic rules.
  • User-defined Actions: Allows customization of responses to detected threats.
  • Integration with wolfSSL Products: Works seamlessly with wolfSSL libraries for a holistic security solution.
  • Zero-Configuration Option: Easy setup for developers.
  • Dynamic Configuration: Flexible control through API or text inputs.
  • Advanced Features (under development): Remote logging, configuration, and status queries.
  • Low Resource Footprint designed for Embedded Systems: Well-suited for RTOS, ARM processors, and other embedded devices.
  • Lightweight: Adds as little as 64k to code size and leverages existing application logic.

curl/tiny-curl Support

Computer software project providing a library for transferring data using various protocols.

wolfSSL JSSE Provider and JNI Wrapper

For Java applications that wish to leverage the industry-leading wolfSSL SSL/TLS implementation for secure communication.

wolfCrypt JNI and JCE Provider

For Java developers who want to leverage the industry-leading wolfCrypt cryptography library implementation, wolfCrypt JNI provides a Java interface to the native C library.

wolfCLU

wolfSSL’s portable command line utility.

  • Handles common cryptographic operations, such as certificate parsing and key generation, for easier usage than writing an application from scratch.
  • Ideal for customers who want to do simple crypto operations without writing an application.

Let’s connect, get in contact with us today.

If you have questions about any of the above or would like to schedule a meeting with us, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Partner Webinar: Increased Cybersecurity Resiliency through System Architecture – Best Practices

We’re excited to announce our partner webinar with Lynx and RunSafe Security on “Increased Cybersecurity Resiliency through System Architecture – Best Practices” scheduled for April 10th at 9am PT. wolfSSL Software Engineer, Tesfa Mael, along with Dr. Justin Pearson, Director of System Architecture at Lynx, and Doug Britton, Chief Strategy Officer and Director at RunSafe Security will be leading the discussion.

Save the date: April 10th | 9am PT

In today’s landscape, where cyber threats against unmanned systems are escalating, the need to strengthen defenses has never been more pressing. With over 12,000 cyber incidents targeting unmanned systems recorded between 2015 and 2021, it’s clear that proactive measures are essential.

During this webinar, you’ll explore crucial topics such as:

  • Utilizing Open Source Safely: Learn how to leverage open-source technologies like Linux and containers securely to bolster your system’s resilience against cyber threats.
  • Validating System Components: Explore the importance of verifying hardware and software components to identify vulnerabilities and fortify your defense mechanisms.
  • Implementing Containment Strategies: Discover effective strategies to mitigate the impact of cyberattacks and unintentional breaches, minimizing potential damages and disruptions to your operations.

Don’t miss this invaluable opportunity to gain insights from industry experts and strengthen the cyber defenses of your organization. Secure your spot today while seats are available.

Our webinars always include Q&A sessions. If you have any questions about any of the above, please reach out to us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Post Quantum Key Share on the Espressif ESP32

Recently we announced that wolfSSL’s Kyber ML-KEM Implementation now Included free of charge for commercial customers. Our PQ Kyber implementation works on nearly any size of device, including the Espressif ESP32. Here are the instructions on configuring the test server and client:

ESP32 Server Application Settings

To enable Kyber, just add these lines to the user_settings.h file:

#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3

Next, in the code after the creation of an ssl object:

ssl = wolfSSL_new(ctx));

Simply add this line:

wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);

If successful, the function will return a code of SSL_SUCCESS.

The listening server needs a minimum stack size of approximately 10K bytes.

Linux Client Application Settings

To test with the wolfSSL client, configure wolfSSL to enable the experimental Kyber features:

 ./configure --enable-kyber=all --enable-experimental

Connect to the listening ESP32 server like this:

./examples/client/client -h 192.168.1.38 -v 4 \
                         -l TLS_AES_128_GCM_SHA256 \
                         --pqc KYBER_LEVEL5

The resulting output should look like this:

Using Post-Quantum KEM: KYBER_LEVEL5
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
I hear you fa shizzle!

Linux Server Application Settings

To test with the wolfSSL client, configure wolfSSL as shown above for the client, and use this example:

./examples/server/server -v 4 \
                         -l TLS_AES_128_GCM_SHA256 
                         --pqc KYBER_LEVEL5

The TLS 1.3 server will quietly listen on port 11111. Upon a successful connection from a client, the resulting output should look something like this:

Using Post-Quantum KEM: KYBER_LEVEL5
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
Client message: hello wolfssl!

Keep in mind various local firewall rules may need to be adjusted to allow a port 11111 connection. How to determine if there’s a firewall issue? Check WireShark for TCP Retransmission packets that might look something like this:

Are you interested in trying our Post Quantum in your project? Let us know!

Find out more

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.

Download wolfSSL Now

Posts navigation

1 2 3 4 186 187 188

Weekly updates

Archives