RECENT BLOG NEWS

Since version 3.6.6, wolfSSL has had continually improving support for stunnel, a lightweight TLS proxy, designed to add SSL/TLS encryption to unsecured applications without changes to the program`s source code. Licensed under GNU GPLv2 and with an alternative commercial option, stunnel can be utilized to secure a host of different applications, including: mail exchange (SMTP, […]

Many technology vendors implement OpenSSH with OpenSSL in their embedded system or appliance prior to starting a FIPS 140-2 validation. During the FIPS testing process, the vendor discovers that the FIPS Laboratory must verify the OpenSSH implementation: 1. Uses FIPS Approved cryptographic algorithms (with CAVP certificates) 2. Includes self-tests for the FIPS Approved algorithms 3. […]

Version 3.6.8 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also includes bug fixes and new features including: – Two High level security fixes, all users SHOULD update. a) If using wolfSSL for DTLS on the server side […]

Attack on RSA CRT:A recent paper written by Florian Weimer of the Red Hat Product Security group shows a fault attack on RSA. Many cryptographic libraries that perform RSA operations use an optimization called CRT (Chinese Remainder Theorem). The attack is based off of creating a fault during the CRT process, for example; by causing […]

FIPS 140-2 revalidation testing requires the implemented algorithms to successfully complete the cryptographic algorithm validation process on the target operating environment (algorithm certificates for tested operating environments are here: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program). The cryptographic module must also successfully complete operational testing on the operating environment with a FIPS testing laboratory. The wolfCrypt FIPS 140-2 certificate #2425 will soon include all […]

Lighttpd (pronounced lighty) is a web server that has a small footprint size in comparison to other web servers. Setting up Lighttpd allows for handling HTTP requests and with the addition of TLS/SSL also handling HTTPS requests. The benefit of having a small footprint size is that it takes up less memory for total installation […]

Strong cryptographic algorithms and secure protocol implementations are a vital foundation to securing the Internet of today and tomorrow. Securing over a billion active connections on the Internet today, wolfSSL knows this very well. A recent announcement by the National Security Agency conveyed their plans to transition from recommending the Suite B set of algorithms […]

Version 3.6.6 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. Release 3.6.6 of wolfSSL has bug fixes and new features including: – OpenSSH, stunnel, and lighttpd Compatibility OpenSSH compatibility with “–enable-openssh” stunnel compatibility with “–enable-stunnel” lighttpd web server compatibility with “–enable-lighttpd” – SSL 3.0 is now disabled by […]

The Cryptographic Module Validation Program (CMVP) has issued FIPS 140-2 Certificate #2425 (most up-to-date certificate: #3389) for the wolfCrypt Module developed by wolfSSL Inc. The CMVP was established by the National Institute of Standards and Technology (NIST) to validate FIPS 140-2 cryptographic modules and oversee the independent laboratories performing the cryptographic module testing. FIPS 140-2 […]

If you are working on integrating wolfSSL into an application that already has existing logging functionality, but still want access wolfSSL`s built-in debug messaging, you can register a custom logging callback with wolfSSL to output wolfSSL`s detailed debug messaging. To enable this functionality, add the configure option “–enable-debug” to wolfSSL. Then, in your application simply: […]