RECENT BLOG NEWS
Your Feedback Requested on Camellia Cipher in wolfSSL
Team yaSSL has recently been considering the addition of the Camellia block cipher to the wolfSSL embedded SSL library, and we would like to request your feedback on this addition. Do you think it would be a beneficial addition? If it was added to wolfSSL, would you be interested in using it? Because we strive to shape our SSL library around what our users want and need, we greatly value your feedback.
If you are unfamiliar with the Camellia block cipher, you can find a Wikipedia article on the cipher here: http://en.wikipedia.org/wiki/Camellia_(cipher), or the Camellia cipher’s English homepage, here: http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html.
Please send any feedback to info@yassl.com!
Thanks!
Team yaSSL
wolfSSL 2.0.8 is Now Available
Version 2.0.8 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. This release contains bug fixes, some feature enhancements, and is a recommended update for all users:
– A fix for malicious certificates pointed out by Remi Gacogne (thanks!) resulting in NULL pointer use.
– Respond to renegotiation attempt with no_renegoatation alert
– Add basic path support for load_verify_locations()
– Add set Temp EC-DHE key size
– Extra checks on RSA test when porting into
To download the open source, GPLv2-licensed version of wolfSSL 2.0.8, please visit our Download Page. If you have any questions or comments or would like more information on commercial versions of wolfSSL, please contact us at info@yassl.com.
For build instructions, a full feature list, API reference, and more, please see the wolfSSL Manual.
CyaSSL working with Nginx
Hi! We have been asked a number of times about CyaSSL integration with the Nginx web server. If you are not familiar with Nginx, it is a high performance, high concurrency web server that is becoming extremely popular these days. You can learn more about Nginx at nginx.com.
Nginx and CyaSSL make a likely pairing because they are both lean, compact, fast, and scale well under high volumes of connections. The big news today is that CyaSSL is now working with Nginx in the lab, and we expect it to become generally available in the near future. At this time, we are seeking feedback from those who are particularly interested in using CyaSSL with Nginx and would like to work with us as beta testers. Let us know what you think at info@yassl.com.
OpenSSL in Devices gets cracked when trying to “enhance” randomness
Hi! The security world has been buzzing this week about two new sets of research into what we will call statistical key cracking. The hack is one that we would not expect out of your average script kiddie, because it combines sophisticated scanning with mathematical prowess. The overview story is the first link below. The second and third links take you to the researchers previews.
http://eprint.iacr.org/2012/064.pdf
We are particularly interested in the work from Nadia Heninger and her team, given that our user base is skewed towards embedded systems.
Our takeaways from this new research are high entropy seeds are vital to proper key generation. If a high entropy device is available use it, if not, don`t try to write your own. Connect securely to a remote server where a high entropy seed can be relayed over the SSL/TLS connection. And don`t stir the RNG between (p) and (q) generation. This crack is based on a low entropy seed and the stirring between (p) and (q) generation. wolfSSL avoids this problem in two ways, by using a high entropy seed from /dev/random and by not stirring between (p) and (q) but before each (p) instead.
wolfSSL and LibSCS
wolfSSL is now available as a crypto provider for KoanLogic’s SCS library, LibSCS. SCS, a small cryptographic protocol layered on top of the HTTP cookie facility [RFC6265], allows its users to produce and consume authenticated and encrypted cookies, as opposed to usual cookies, which are un-authenticated and sent in clear text.
From the LibSCS README, “By having a non-tamperable proof of authorship attached, each SCS cookie can always be validated by the originator, making it possible for a server to handle clients` session state without the need to store it locally. In fact, an SCS enabled server could completely delegate the application state storage to the client (e.g. a web browser) and use it, in all respects, as a remote storage device. The result of the cryptographic transformations applied to state data can be used to ensure that its information authenticity and confidentiality attributes are the same as if they were stored privately on server-side.”
You can build LibSCS with wolfSSL by running the following commands. You must have KoanLogic’s makl installed on your development machine (http://koanlogic.com/makl/) to build the package. See the libscs README and INSTALL files for more detailed instructions.
makl-conf –crypto=cyassl
makl
libscs GitHub repository: https://github.com/koanlogic/LibSCS
If you have any questions about wolfSSL with LibSCS, please contact KoanLogic (info@koanlogic) or yaSSL (info@yassl.com).
The Gravity
yaSSL currently secures over 50 million points on the internet. We don’t talk about who is using CyaSSL, for obvious reasons, but the numbers are big and growing.
We take our work seriously, and hope you feel comfortable with our efforts. We endeavor to build a business, a community, and do the right thing. We welcome your feedback. If you believe that we have failed at some point, then let us know. We’ll correct it. We’re open source and open minded about what you have to say. Contact us at info@yassl.com and let us know how we’re doing!
wolfSSL FreeRTOS / OpenRTOS Support
Did you know that the wolfSSL embedded SSL library supports FreeRTOS and OpenRTOS? FreeRTOS is a real-time operating system for embedded devices which is designed to be both small and simple. With an incredibly large user base, FreeRTOS/OpenRTOS supports 27 architectures and is downloaded from over 77 thousand times every year!
Just like wolfSSL, FreeRTOS is open source, royalty free, and very portable. To build wolfSSL for FreeRTOS, uncomment the #define for FREERTOS in ./cyassl/ctaocrypt/settings.h.
You can find a full list of FreeRTOS features on the FreeRTOS/OpenRTOS website. To learn more about wolfSSL, please visit the wolfSSL product page. If you have any questions about using wolfSSL with FreeRTOS, please contact us at info@yassl.com.
FreeRTOS / OpenRTOS: http://www.freertos.org
yaSSL 2011 Annual Report on MarketWatch.com
Our 2011 annual report is now up on MarketWatch.com (see link below). yaSSL saw some great progress in 2011 which was very exciting! We’re looking forward to 2012 and seeing what the new year brings. If you have any questions about our annual report, please let us know at info@yassl.com.
yaSSL 2011 Annual Report (MarketWatch):
http://www.marketwatch.com/story/yassl-marks-growth-of-embedded-ssl-in-findings-from-2011-annual-report-2012-01-23 (as of 26 March 2018 at 9:26am MDT, this link no longer works and has no alternative).
Thanks!
Team yaSSL
Interesting Article on Device Level Security
As the security of individual field devices (sensors, transmitters, acuators, etc.) is often overlooked, these devices can provide a target for cyber attacks. This article by Matt Luallen of Control Engineering explains this fact in more detail – once again reminding us that security of such devices should not be taken lightly. Luallen states that “If your technicians can configure a field device through the control system, dedicated handheld tools, or by plugging in a laptop to the network, an attacker can do the same thing if he follows the right path.”
Secure communication is an important building block of device security. The wolfSSL embedded SSL library has been designed for resource-constrained embedded systems and can easily be added to your device. To learn more about wolfSSL and how it can help with your device security, feel free to contact us at facts@wolfssl.com.
Security At The Device Level: http://www.controleng.com/single-article/security-at-the-device-level/
yaSSL 2011 Annual Report
yaSSL has made great progress 2011! Company growth, active partnerships, technical improvements, and our community have all made great strides forward. We are very happy with the results of 2011 and look forward to an exciting year in 2012! Looking to 2012, we are planning ongoing improvements to our technology and have doubled our technical resources in order to better serve our users in 2012.
Listed below is an overview of our progress in 2011.
Business and Company Progress
1. We participated and/or exhibited in the following events: FOSDEM, ESC Silicon Valley, O`Reilly MySQL Conference & Expo, RSA Conference, Game Developers Conference, Infosecurity Europe, OSCON, ESC Boston, and the ARM Technology Conference
2. We gave presentations at both FOSDEM 2011 (Lightning Talk) and the 2011 O`Reilly MySQL Conference (Securing MySQL with a Focus on SSL) and published an article in the Linux Journal (Installing an Alternate SSL Provider on Android). Our presentations can be found on our Media page.
3. We made significant improvements to our documentation (including the wolfSSL Manual, wolfSSL API Reference, and SSL Tutorial) and to our website.
4. Our customer base doubled in 2011 and we increased our revenues by 5X.
Meaningful progress with our partner community:
1. ARM: wolfSSL is now included in the ARM / Avnet Embedded Software Store (www.embeddedsoftwarestore.com).
2. Intel: Continued a successful partnership with Intel, along with becoming a general member of the Intel Embedded Alliance
3. We added Security Innovation and SkypeKit as a new partners.
4. We added KoanLogic as a new partner.
wolfSSL Technical Progress
Feature highlights from our five releases of the wolfSSL embedded SSL library in 2011 include:
1. Added Elliptic Curve (ECC) cipher suites to wolfSSL
2. Added support for ECC, EC-DSA, and EC-DH to our CTaoCrypt crypto library
3. Better TLS 1.2 support through more comprehensive interoperability testing with other SSL implementations
4. Added SHA256 cipher suites and certificate signatures
5. Added PKCS8 private key encryption support
6. Added Password based key derivation function 2 (PBKDF2)
7. Added PKCS #12 PBKDF support as part of our plan to get to full PKCS12 support
8. Included UID parsing for x509 certificates
9. Included runtime memory hooks for users wanting to change memory functions at runtime
10. Added runtime hooks for customizable logging ability
11. Added compiler function visibility and better naming for less namespace pollution
12. Created simpler header structure for users
13. Added make test support
14. CTaoCrypt runtime library detection ability
15. Added AES counter (CTR) mode
16. EDH on both client and server sides
17. Made NTRU Cipher Suites available
yaSSL Embedded Web Server Progress
1. Released version 0.2 with bug fixes and feature enhancements
1. Improved documentation and examples
Porting Progress
1. CURL port. wolfSSL can now be built with CURL (as a build option).
2. Mbed Release. wolfSSL was ported to Mbed in late 2010 and is now available for the Mbed cloud compiler.
3. KLone Web Application Framework. wolfSSL is now ported to the KLone Web Application Framework by KoanLogic.
4. memcached patch. wolfSSL now provides SSL security for memcache.
5. FreeRTOS support. wolfSSL now supports FreeRTOS/OpenRTOS.
6. Haiku OS. wolfSSL now works with the Haiku Operating System.
7. lwIP support. wolfSSL now supports running on top of lwIP.
8. Microchip pic32 support. wolfSSL now supports running on the pic32.
9. reSIPprocate port
10. We now support wpa_supplicant as a compile time option.
11. Added hostapd support
12. Apple TV port: wolfSSL and yasslEWS now can be run on the Apple TV.
13. Added wolfSSL crypto provider to MIT Kerberos library.
14. wolfSSL Android NDK package. wolfSSL can now be used in Android NDK applications.
15. Ported MIT Kerberos to Android using Google’s Android NDK.
Code & Community
1. Migrated wolfSSL code to GitHub
2. Introduced the yaSSL Support Forums
3. Added BMX6 to the wolfSSL Community
We are looking forward to the upcoming year and sharing new features and technology improvements with our embedded SSL users and community.
Weekly updates
Archives
- October 2024 (4)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)