So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

CES 2015: Connected Cars

As day two of CES progressed, we were able to visit many more interesting booths – including the Audi booth. Audi demonstrated a self driving car this year, a new Virtual Cockpit rear-seat navigation display, and a smart watch in coordination with LG that can control parts of the vehicle.

As connected cars evolve, securing the data transferring between the internal car systems, external servers, and mobile devices is critical. wolfSSL is used in several of today’s smart car systems, using SSL/TLS and cryptography to secure and authenticate data. If you are interested in using wolfSSL in a connected car system, feel free to reach out to us at with any questions.

CES 2015: (this event has concluded)

CES 2015: Smart Appliances

As we explore CES 2015, we’ve been seeing lots of new and exciting smart appliances on the floor. In total, the CES Exhibitor list for the “Smart Home” section totals 61 exhibitors. As we come across new devices, we’re planning on posting up our photos to the wolfSSL blog and Facebook page. The above photos show Whirlpool’s new smart washer and dryer, and wolfSSL’s Mark Minnoch in front of the Withhings booth.

See below for more photos from Bosch, Whirlpool, Withings, and more. And stay tuned for additional posts as CES continues.

The CyaSSL lightweight SSL/TLS library is used to secure several of today’s smart appliances. Backed by a team focused on keeping up to date on the most current security standards, TLS protocols, and algorithms, and focused on minimizing resource usage, CyaSSL is the perfect fit for securing connected smart appliances and smart home devices. To learn more about CyaSSL, visit the product page, or contact us at

CES 2015:

What is a Block Cipher?

A block cipher is an encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers. For example, a common block cipher, AES, encrypts 128 bit blocks with a key of predetermined length: 128, 192, or 256 bits. Block ciphers are pseudorandom permutation (PRP) families that operate on the fixed size block of bits. PRPs are functions that cannot be differentiated from completely random permutations and thus, are considered reliable, until proven unreliable.

Block cipher modes of operation have been developed to eliminate the chance of encrypting identical blocks of text the same way, the ciphertext formed from the previous encrypted block is applied to the next block. A block of bits called an initialization vector (IV) is also used by modes of operation to ensure ciphertexts remain distinct even when the same plaintext message is encrypted a number of times.

Some of the various modes of operation for block ciphers include CBC (cipher block chaining), CFB (cipher feedback), CTR (counter), and GCM (Galois/Counter Mode), among others. Above is an example of CBC mode.

Where an IV is crossed with the initial plaintext block and the encryption algorithm is completed with a given key and the ciphertext is then outputted. This resultant cipher text is then used in place of the IV in subsequent plaintext blocks.

For information on the block ciphers that are implemented in wolfSSL or to learn more about the wolfSSL lightweight, embedded SSL library, go to or contact us at


[1] Pseudorandom permutation. (2014, November 23). In Wikipedia, The Free Encyclopedia.
Retrieved 22:06, December 18, 2014, from

[2] Margaret Rouse. (2014). Block Cipher [Online]. Available URL:

[3] Block cipher mode of operation. (2014, December 12). In Wikipedia, The Free
Encyclopedia. Retrieved 22:17, December 18, 2014, from

[4] Wikimedia. (2014). Available URL:

wolfCrypt FIPS 140-2 Algorithm Certificates

wolfSSL is proud to announce that several wolfCrypt algorithms have received FIPS 140-2 algorithm certificates. The National Institute of Standards and Technology (NIST) website has been updated to reflect wolfSSL`s validation.

wolfSSL`s wolfCrypt has received the following certificate numbers and can be viewed at the respective links.

AES validation certification #3157

Triple DES validation certification #1800

RSA validation certification #1602

SHS validation certification #2614

DRBG validation certification #650

HMAC validation certification #1990

These validations reflect wolfSSL`s commitment to provide the highest quality security standards.
The open source community and federal entities alike can now enjoy wolfSSL`s small footprint designed for embedded systems while taking advantage of the latest in security protocols.


wolfSSL Assembly Optimizations for ARM Processors

If you are looking for an SSL/TLS library to provide security in connected ARM environments, wolfSSL is by far the best choice. wolfSSL is an ARM partner, and our code has been optimized for ARM environments. Public key operations in CyaSSL (wolfSSL) have optimized assembly code that gives wolfSSL faster RSA, Diffie-Hellman, and DSA times.

Optimized assembly code for public key operations can be found in asm.c and are easy to use, simply run ./configure –enable-fastmath and for stack usage reduction we also recommend using TFM_TIMIN_RESISTANT.

For any question regarding wolfSSL in ARM environments please contact us at

wolfSSL SSL/TLS Tutorial Video

Below is a link to wolfSSL’s SSL/TLS tutorial video on setting up a basic client and server with the CyaSSL lightweight, embedded SSL/TLS library. This video provides a detailed step-by-step set of instructions, including code, for incorporating CyaSSL into an application. The tutorial walks through Chapter 11 of the CyaSSL manual.

SSL/TLS Tutorial with CyaSSL Lightweight SSL:

For more information please contact us at or go to Instructions for building CyaSSL may be found in Chapter 2 of the CyaSSL Manual.

wolfSSL and CyaSSL Users SAFE from POODLE bites again attacks

Some TLS implementations are vulnerable to the October POODLE attack that at the time was thought to be limited to SSLv3 only: .  These implementations are incorrectly using a SSLV3 decoding function while in TLS mode.  wolfSSL is not susceptible, it correctly uses TLS decoding while in TLS mode.  We would like to reiterate Adam Langley’s advice to use TLS 1.2 with an AEAD cipher suite whenever possible.  wolfSSL supports TLS 1.2 and has 3 cipher suite types supporting AEAD; AES-GCM, AES-CCM, and CHACHA20-POLY1305.  29 different AEAD cipher suites are available with TLS 1.2 in wolfSSL.  Please contact us at if you have any questions or comments.

We are happy to announce the release of wolfSSL version 3.3.0

CyaSSL version 3.3.0 offers:

• Secure countermeasures for Handshake message duplicates, CHANGE CIPHER without FINISHED, and fast forward attempts added to our source code.  Thanks to Karthikeyan Bhargavan from the Prosecco team at INRIA Paris-Rocquencourt for the report.  This is an important fix and all users should update!
• Complete testing for FIPS 140-2 version submitted to NIST.  FIPS 140-2 source code now available.
• Removes SSLv2 Client Hello processing for enhanced security, can be enabled with OLD_HELLO_ALLOWED
• Protocol level control:  User can now control TLS protocol down-cycling to a minimum downgrade version with CyaSSL_SetMinVersion().  For example, you could reject handshakes at a protocol level less than TLS 1.1.
• Small stack improvements at TLS/SSL layer, to benefit environments with limited available stack.
• TLS Master Secret generation and Key Expansion are now exposed at the API level
• Adds client side Secure Renegotiation, * not recommended, ever! *
• Client side session ticket support.  This feature is not fully tested with Secure Renegotiation, so don’t use Secure Renegotiation.
• Allows up to 4096-bit DHE at TLS Key Exchange layer
• Handles non standard SessionID sizes in Hello Messages
• PicoTCP Support added
• TLS Sniffer now supports SNI Virtual Hosts
• TLS Sniffer now handles non HTTPS protocols using STARTTLS
• TLS Sniffer can now parse records with multiple messages
• TI-RTOS updates or enhances support
• Fix for ColdFire optimized fp_digit read only in explicit 32bit case
• Added ADH Cipher Suite ADH-AES128-SHA for EAP-FAST

Stay up to date with what is happening with wolfSSL, you can follow our blog at

If you have any questions please feel free to contact us anytime at or (425)245-8247.
We look forward to hearing from you!

Thank You!

Posts navigation

1 2 3 141 142 143 144 145 146 147 183 184 185

Weekly updates