RECENT BLOG NEWS
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.
wolfSSL now has added support for:
- Intel QuickAssist driver v1.7 (qat1.7.l.4.3.0-00033)
- Intel QuickAssist 8970 hardware
- QuickAssist accelerated RSA Key Gen
- QuickAssist accelerated SHA 3
The new 8970 hardware has 12 additional cryptographic hardware instances. The previous 8950 cards had 6 instances and the new ones have 18. The 8970 card also adds a PCIe (Gen 3) 16x option for increased performance.
For example, using the Intel QuickAssist 8970 (PCIe 16x) hardware on an i7-2600 CPU @ 3.40GHz with 8 threads running, we achieved the following asymmetric benchmarks:
- RSA 2048 public 289,559 ops/sec
- RSA 2048 private 41,929 ops/sec
- DH 2048 key gen 65,534 ops/sec
- DH 2048 agree 89,587 ops/sec
- ECDHE 256 agree 55,745 ops/sec
- ECDSA 256 sign 59,674 ops/sec
- ECDSA 256 verify 32,804 ops/sec
More wolfSSL benchmark data can be found on the wolfSSL benchmarks page, here: https://www.wolfssl.com/docs/benchmarks/
Intel QuickAssist: https://www.intel.com/content/www/us/en/architecture-and-technology/intel-quick-assist-technology-overview.html
If you are interested in evaluating the wolfSSL Asynchronous support for Intel QuickAssist or Cavium Nitrox, please email us at firstname.lastname@example.org.
Are you a user of Micrium? If so, you will be happy to know that wolfSSL recently updated support and added TLS client and server examples to the wolfSSL embedded SSL/TLS library for Micrium!
We have also run a benchmark of our wolfCrypt/wolfSSL libraries on an NXP Kinetis K70 (Freescale TWR-K70F120M MCU) tower system board with a project built using the IAR Embedded Workbench IDE - ARM 8.32.1 (IAR ELF Linker V188.8.131.52/W32 for ARM). The details can be viewed on the wolfSSL benchmarks page.
For instructions on how to build and integrate the examples on your projects or to see the benchmark results, please see the README located in “IDE/ECLIPSE/MICRIUM”. This support is currently located in our GitHub master branch, and will roll into the next stable release of wolfSSL as well. For any questions or help getting wolfSSL up and running on your environment, please contact us at email@example.com. wolfSSL also now supports the most current version of TLS, TLS 1.3! Learn more here: https://www.wolfssl.com/docs/tls13/ !
wolfSSL v3.15.5 was released last week which features many new additions to the library. One of those new additions is the reduction of the stack usage while using the “smallstack” build option.
The goal of wolfSSL’s “smallstack” build is to use at most 1kB of stack. All other memory used is placed on the heap.
Currently, wolfSSL passes the option "--enable-smallstack" to the configure script. The small stack option can also be enabled by defining the following option: WOLFSSL_SMALL_STACK
Please contact firstname.lastname@example.org with any questions about building the wolfSSL embedded SSL/TLS library for your platform, or customizing the memory usage of wolfSSL.
The wolfSSL FAQ page can be useful for information or general questions that need need answers immediately. It covers some of the most common questions that the support team receives, along with the support team's responses. It's a great resource for questions about wolfSSL, embedded TLS, and for solutions to problems getting started with wolfSSL.
To view this page for yourself, please follow this link here.
Here is a sample list of 5 questions that the FAQ page covers:
- How do I build wolfSSL on ... (*NIX, Windows, Embedded device) ?
- How do I manage the build configuration of wolfSSL?
- How much Flash/RAM does wolfSSL use?
- How do I extract a public key from a X.509 certificate?
- Is it possible to use no dynamic memory with wolfSSL and/or wolfCrypt?
Have a question that isn't on the FAQ? Feel free to email us at email@example.com.
NXP® Semiconductors N.V. is one of the wolfSSL partner network members. wolfSSL ships with support for offloading cryptographic operations onto several NXP devices (such as the Coldfire and Kinetis) that include hardware cryptography modules. Examples of these operations include utilizing the Crypto Acceleration Unit (CAU), Memory-Mapped Crypto Acceleration Unit (mmCAU), LP Trusted Crypto (LTC), and more.
Using these hardware cryptography modules leads to increased performance when compared to performing hardware cryptography within software only. These speedups increase algorithm performance greatly, and can range from 1.2 times as fast to 14.5 times as fast! In an embedded and connected world, these speedups can make all the difference for an online device or network application. Additionally, these performance increases are available when wolfSSL is being used to manage TLS 1.3 connections, giving your embedded SSL/TLS application the ability to greatly increase performance and use the most up-to-date versions of the TLS protocol.
Benchmark numbers showing the comparison of hardware crypto vs. software crypto can be viewed on the wolfSSL benchmark page, here: https://www.wolfssl.com/docs/benchmarks/. This page also includes sample benchmark data for the NXP i.MX6, and the TWR-K70F120M devices. More benchmarks, and details about wolfSSL and NXP can be viewed on the wolfSSL website: https://www.wolfssl.com/docs/nxp/
For more information, feel free to contact firstname.lastname@example.org.
wolfSSL v3.15.5 was recently released and features many new additions to the library. One of those options is support for Lighttpd. Lighttpd is an open-source web server that is optimized for speed-critical environments while remaining standards-compliant, portable, and flexible.
The addition of support for Lighttpd is the perfect match for web servers looking to remain lightweight, fast, and portable while providing top-rate security. The wolfSSL embedded SSL/TLS library provides support for TLS 1.3, is available in a FIPS-validated version, and its size ranges from 20-100kB.
To build wolfSSL for use with Lighttpd, simply run the configure script with the option "--enable-lighty".
The most recent version of the wolfSSL library can be downloaded from our download page here: https://www.wolfssl.com/download/
More information about the new release of wolfSSL and its added features can be found here: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
Please contact us at email@example.com for assistance or questions in compiling wolfSSL for use with Lighttpd!
wolfSSL v3.15.5 was released last week, which features many new additions to the library. One of those options is support for PCKS#11. The PKCS#11 standard defines an API to cryptographic tokens. The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
Using wolfSSL on your application or your device will now allow you to utilize PKCS#11 for access to hardware security modules, smart cards, and other cryptographic tokens.
To build wolfSSL with PKCS#11 support, the library needs to be downloaded and then built with a specific option. The library can be downloaded from the wolfSSL download page, here: https://www.wolfssl.com/download/. The steps to build wolfSSL with PKCS#11 are detailed below:
# From within wolfSSL's root directory ./autogen.sh ./configure --enable-pkcs11 make sudo make install
wolfSSL also has its PKCS#11 documentation located within its doxygen pages, here: https://www.wolfssl.com/doxygen/group__PKCS11.html. This PKCS#11 documentation provides information on the recently added PKCS#11 API.
More information about the new release of wolfSSL v3.15.5 can be found here: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
wolfSSL v3.15.5 download: https://www.wolfssl.com/download/
Wikipedia article on PKCS#11: https://en.wikipedia.org/wiki/PKCS_11
wolfSSL v3.15.5 was released last week which features many new additions to the library. One of those options is the availability of a TLS 1.3 only build, which enables the wolfSSL embedded SSL/TLS library to built such that use of TLS 1.2 and prior protocols is effectively disabled.
The TLS 1.3 only build is useful when forward secrecy and extra security are desired in embedded systems or applications. This option will cause attempted connections with other clients or servers to fail during the handshake unless they support the use of TLS 1.3, which prevents insecure connections from even being formed in the first place. Additionally, this TLS 1.3 option also streamlines the library. By enabling just TLS 1.3, the portions of the library that provide functionality for prior TLS protocol versions are not included when building the library, reducing the build size.
The newest version of wolfSSL can be downloaded from the download page. To build the wolfSSL library in TLS 1.3 only mode once downloaded, it requires the following options be used when running the configure script:
--enable-tls13 --disable-tlsv12 --disable-oldtls
wolfSSL v3.15.5 release notes: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
Differences between SSL/TLS protocol versions: https://www.wolfssl.com/differences-between-ssl-and-tls-protocol-versions-3/
Please contact us at firstname.lastname@example.org with questions about using TLS 1.3 with wolfSSL, or compiling the library for your platform.
The wolfMQTT client now supports connecting to v5.0 enabled brokers. Handling properties received from the server is accomplished via a customizable callback. The following v5.0 specification features are supported by the wolfMQTT client:
- AUTH packet
- User properties
- Server connect ACK properties
- Format and content type for publish
- Server disconnect
- Reason codes and strings
- Maximum packet size
- Server assigned client identifier
- Subscription ID
- Topic Alias
As a side note, wolfMQTT uses the wolfSSL embedded SSL/TLS library for SSL/TLS support. Since wolfSSL supports TLS 1.3, your wolfMQTT-based projects can now use MQTT with TLS 1.3 with a supported broker!
wolfSSL is a lightweight TLS/SSL library that is targeted for embedded devices and systems. It has support for the TLS 1.3 protocol, which is a secure protocol for transporting data between devices and across the Internet. In addition, wolfSSL uses the wolfCrypt encryption library to handle its data encryption.
Because there is a FIPS 140-2 validated version of wolfCrypt, this means that wolfSSL not only has support for the most current version of TLS, but it also has the encryption backbone to support your FIPS 140-2 needs if required.
Some key benefits of combining TLS 1.3 with FIPS validated software include:
- Software becomes marketable to federal agencies - without FIPS, a federal agency is not able to use cryptographic-based software
- Single round trip
- 0-RTT (a mode that enable zero round trip time)
- After Server Hello, all handshake messages are encrypted.
FIPS 140-2 is a government validation that certifies that an encryption module has successfully passed rigorous testing and meets high encryption standards as specified by NIST. For more information or details on FIPS 140-2, it may be helpful to view this Wikipedia article: https://en.wikipedia.org/wiki/FIPS_140-2
For more details about wolfSSL, TLS 1.3, or if you have any other general inquiries please contact email@example.com
- December 2018 (14)
- November 2018 (11)
- October 2018 (18)
- September 2018 (18)
- August 2018 (8)
- July 2018 (15)
- June 2018 (29)
- May 2018 (15)
- April 2018 (11)
- March 2018 (19)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (7)
- September 2017 (8)
- August 2017 (6)
- July 2017 (11)
- June 2017 (8)
- May 2017 (10)
- April 2017 (5)
- March 2017 (7)
- February 2017 (1)
- January 2017 (8)
- December 2016 (3)
- November 2016 (2)
- October 2016 (18)
- September 2016 (8)
- August 2016 (5)
- July 2016 (4)
- June 2016 (11)
- May 2016 (4)
- April 2016 (5)
- March 2016 (4)
- February 2016 (12)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (6)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (13)
- January 2015 (6)
- December 2014 (7)
- November 2014 (3)
- October 2014 (2)
- September 2014 (11)
- August 2014 (6)
- July 2014 (9)
- June 2014 (11)
- May 2014 (11)
- April 2014 (9)
- March 2014 (3)
- February 2014 (3)
- January 2014 (6)
- December 2013 (9)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (8)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (9)
- December 2012 (13)
- November 2012 (5)
- October 2012 (7)
- September 2012 (4)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (6)
- April 2012 (7)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (6)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (12)
- February 2011 (9)
- January 2011 (13)
- December 2010 (17)
- November 2010 (12)
- October 2010 (14)
- September 2010 (11)
- August 2010 (20)
- July 2010 (14)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)