RECENT BLOG NEWS

Hi yaSSL users!  See the following link for an explanation on SPDY:  https://readwrite.com/2012/04/19/what-web-users-need-to-know-ab/

SPDY is a new protocol for web use proposed by Google and supported by many of the large web companies.  It is based on HTTP, but it is faster and more suited to modern web usage.  

You will note that SPDY mandates SSL, which will provide everyone more security in their day to day web use.  We should also note that our friends at NGINX are supporting SPDY.

If you have comments or questions on running wolfSSL with SPDY, then please contact us at info@yassl.com.

Network-related applications and devices often use secure communication. Although keeping network communications safe should be a top priority to all developers and engineers, it often gets left behind due to lack of understanding, insufficient funding, or looming deadlines.

Securing a project with SSL shouldn’t have to include a steep learning curve, deep pockets, or an unlimited time frame. By learning a few basics of how things work, where the technology is best used, and what features to look for when trying to choose the right SSL implementation, a developer or engineer can easily, simply, and quickly secure their project – putting both themselves and their employer’s minds at ease.

yaSSL will be giving a presentation at the upcoming Infosecurity Europe conference next week which will address these issues. yaSSL’s presentation will introduce SSL – including why secure communication is important, introductory details about SSL, x509, and the underlying cryptography. It will give an overview of where SSL is used today – including Home Energy, Gaming, Databases, Sensors, VoIP, and more. A description and “shopping list” of important items to look for when trying to choose an SSL implementation will give developers and engineers a solid foundation to begin securing their projects with SSL and will enable them to have more informed discussions with potential vendors on the expo floor at Infosecurity Europe 2012.

Date: April 24, 2012
Time: 12:40pm – 1:05pm
Location: Technical Theater (at Infosecurity Europe, Earl’s Court, London, England)
Speaker: Chris Conlon

Infosecurity Europe: http://www.infosec.co.uk

Network-related applications and devices often use secure communication. Although keeping network communications safe should be a top priority to all developers and engineers, it often gets left behind due to lack of understanding, insufficient funding, or looming deadlines.

Securing a project with SSL shouldn’t have to include a steep learning curve, deep pockets, or an unlimited time frame. By learning a few basics of how things work, where the technology is best used, and what features to look for when trying to choose the right SSL implementation, a developer or engineer can easily, simply, and quickly secure their project – putting both themselves and their employer’s minds at ease.

yaSSL will be giving a presentation at the upcoming Infosecurity Europe conference next week which will address these issues. yaSSL’s presentation will introduce SSL – including why secure communication is important, introductory details about SSL, x509, and the underlying cryptography. It will give an overview of where SSL is used today – including Home Energy, Gaming, Databases, Sensors, VoIP, and more. A description and “shopping list” of important items to look for when trying to choose an SSL implementation will give developers and engineers a solid foundation to begin securing their projects with SSL and will enable them to have more informed discussions with potential vendors on the expo floor at Infosecurity Europe 2012.

Date: April 24, 2012
Time: 12:40pm – 1:05pm
Location: Technical Theater (at Infosecurity Europe, Earl’s Court, London, England)
Speaker: Chris Conlon

Infosecurity Europe: http://www.infosec.co.uk

We recently found a great article on SSL/TLS interception proxies and transitive trust from Jeff Jarmoc at Dell SecureWorks. In his article, Jeff provides a brief introduction, background, and history of the SSL and TLS protocols, then dives into talking about SSL interception proxies.

Reading through the article gives insights into how and why these proxies are used in the real world and explains some of the major risks associated with their use. Although risks can range anywhere from legal exposure to an increased threat surface to a potential for decreased cipher strength, these proxies are a necessary part of many networks.

Jeff introduces a helpful test framework (linked below) for determining which (if any) vulnerabilities an SSL proxy is susceptible to. The framework is designed to be run from behind the proxy, and is as simple as visiting a web page. Following an explanation of some of these vulnerabilities, Jeff lists some of the current vulnerabilities found in existing proxy solutions today.

The wolfSSL embedded SSL library has had the ability to do SSL inspection for quite some time now, as we originally posted about it in September of 2010. If you have any questions about wolfSSL’s SSL inspection, please feel free to contact us at info@yassl.com.

Transitive Trust: SSL/TLS Interception Proxies
Proxy Test Framework: https://ssltest.offenseindepth.com

As of March 22, 2018 at 8:57am CMT, the “Proxy Test Framework” URL does not exist – the data from the table is shown below.

We recently read a good article from EE Times about security fundamentals for embedded software. This article points out that embedded software and device developers should take security precautions into consideration, as many developers assume that their applications or devices are not vulnerable to attack.

Topics covered in the article include doing a “threat analysis” to determine how attackers could attack an embedded device, things to keep in mind when developing embedded software systems, and common mistakes made by embedded developers which can easily lead to vulnerability.

Article: Security fundamentals for embedded software

A while back, we posted that the wolfSSL embedded SSL library would be getting support for Galois/Counter Mode (GCM) encryption in the near future. This is still true! If everything goes as planned, GCM support should be generally available for wolfSSL in June of this year. Specifically, GCM will be used in wolfSSL with AES and as a cipher suite for SSL.  

One of the benefits of GCM is its efficiency and performance in both hardware and software. Galois/Counter Mode (GCM) for block ciphers incorporates both CTR (counter mode) as well as a message authentication code (MAC), providing both integrity and confidentiality. It is designed for block ciphers with a block size of 128 bits and is able to take full advantage of parallel processing and pipelining. Referencing the Wikipedia article on GCM, “the key feature is that the Galois field multiplication used for authentication can be easily computed in parallel thus permitting higher throughput than the authentication algorithms that use chaining modes, like CBC.”

To learn more about the performance and security details of GCM, you can visit the Wikipedia page listed below. We expect to see GCM more widely adopted in the near future.  If you`re interested in testing AES with GCM or have any question or comments please let us know.

GCM (Wikipedia): http://en.wikipedia.org/wiki/Galois/Counter_Mode
RFC 5288 (AES Galois Counter Mode (GCM) Cipher Suites for TLS): https://tools.ietf.org/html/rfc5288

Would you like to see the wolfSSL embedded SSL library integrated into the popular Qt framework? We’ve been throwing around the idea of adding wolfSSL support to Qt and want to hear your feedback. If wolfSSL was integrated into Qt, it would be available as a build option and alternative to using Qt with OpenSSL.

wolfSSL could provide the Qt framework with a much smaller footprint when compared to using Qt with OpenSSL. Looking at typical build sizes of both wolfSSL and OpenSSL, it is typical to see a 20X decrease in footprint size.

What do you think? Please let us know your thoughts, comments, and feedback at info@yassl.com, or by posting in our related thread in our forums.

Qt: https://www1.qt.io/product/
Qt (Wikipedia): http://en.wikipedia.org/wiki/Qt_(software)

We would like to recommend an article from EE Times that we recently read which talks about the design and challenges of wireless sensor networks. This article explains some of the challenges faced when implementing a wireless sensor network and the different architectures which can be used, including both clustered sensor architectures and layered architectures.

Sensor networks offer many advantages – they actively provide a robust, reliable, accurate, and fault tolerant network to a wide range of application areas. Applications of wireless sensor networks currently include seismic, thermal, visual, infrared, and other areas within commercial, consumer, government, and academic fields.

One of the challenges that wireless sensor networks face include a necessity for secure, low-power, resource-constrained nodes. The wolfSSL embedded SSL library is ideal for helping secure communication between such nodes because of it’s low resource (ROM/RAM) usage and easy portability to such small devices. To learn more about wolfSSL’s resource usage, you can visit the product page, here.

In the upcoming weeks, yaSSL will be releasing a case study highlighting how one of our customers is using wolfSSL to secure machine-to-machine (M2M) communication, and how wolfSSL has helped overcome some of the challenges outlined in this article. Stay tuned to our blog for updates!

Article: Building wireless M2M & IoT sensor networks: issues and challenges

Team yaSSL has recently been considering the addition of the Camellia block cipher to the wolfSSL embedded SSL library, and we would like to request your feedback on this addition. Do you think it would be a beneficial addition? If it was added to wolfSSL, would you be interested in using it? Because we strive to shape our SSL library around what our users want and need, we greatly value your feedback.

If you are unfamiliar with the Camellia block cipher, you can find a Wikipedia article on the cipher here: http://en.wikipedia.org/wiki/Camellia_(cipher), or the Camellia cipher’s English homepage, here: http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html.

Please send any feedback to info@yassl.com!

Thanks!
Team yaSSL

Version 2.0.8 of the wolfSSL embedded SSL/TLS library has been released and is now available for download.  This release contains bug fixes, some feature enhancements, and is a recommended update for all users:

– A fix for malicious certificates pointed out by Remi Gacogne (thanks!) resulting in NULL pointer use.
– Respond to renegotiation attempt with no_renegoatation alert
– Add basic path support for load_verify_locations()
– Add set Temp EC-DHE key size
– Extra checks on RSA test when porting into 

To download the open source, GPLv2-licensed version of wolfSSL 2.0.8, please visit our Download Page.  If you have any questions or comments or would like more information on commercial versions of wolfSSL, please contact us at info@yassl.com.

For build instructions, a full feature list, API reference, and more, please see the wolfSSL Manual.