RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL WICED Port

wolfSSL recently released version 4.0.0 of the wolfSSL embedded SSL/TLS library with a litany of port additions. One of these new ports is added functionality for Cypress’s WICED Studio SDK! WICED Studio is an SDK targeting IoT devices, offering both Bluetooth and WI-Fi (IEEE 802.11) development platforms. WICED SDK offers code examples and tools for embedded development boards including Adafruit Feather boards which, is a great alternative to Arduino for student boards. The code examples demonstrate the use of wolfCrypt and integrate wolfSSL functionality into the WICED platform. A TLS client and server was added using the wolfSSL library, as well as, an HTTPS client example. wolfSSL supplies a client and server for testing purposes, the HTTPS client example also runs against the wolfSSL example server as well as www.example.com for demonstration purposes.

wolfSSL is a highly configurable option to accompany WICED software allowing manual configuration options affecting functionality and build size. The examples provided serve as a starting point for any embedded project and works with TLS versions 1.0, 1.1, 1.2, and 1.3; they are built on the ThreadX RTOS using NetX Duo for the TCP/IP stack.

wolfSSL v4.0.0.0 can be downloaded from the wolfSSL download page, or from the GitHub repository here: https://github.com/wolfssl/wolfssl.git.

Supported functionality and features:

  • wolfCrypt test suite and benchmark test
  • wolfSSL TLS client and server
  • wolfSSL HTTPS client
  • NetX Duo TCP/IP stack for embedded systems
  • ThreadX RTOS for embedded platforms
  • Server Name Indication (SNI) extension
  • Maximum fragment length extension
  • Truncated HMAC
  • TLS versions 1.0, 1.1, 1.2, and 1.3
  • Certificate verification
  • Certificate chain loading
  • RSA and ECC certificates
  • Multithread capability
  • Session resumption

Cipher suites supported out of the box:

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-RSA-CHACHA20-POLY1305
AES128-GCM-SHA256
AES256-SHA256
AES256-GCM-SHA384
AES128-SHA

Cipher suites supported for TLS 1.3 out of the box:

TLS13-AES128-GCM-SHA256
TLS13-AES256-GCM-SHA384
TLS13-CHACHA20-POLY1305-SHA256
TLS13-AES128-CCM-SHA256

wolfSSL Java JSSE Provider

We’re happy to announce that wolfSSL is currently working on a Java Secure Socket Extensions (JSSE) provider for the native wolfSSL embedded SSL/TLS library!  JSSE is a way for Java applications to utilize the SSL and TLS protocols through a standardized Java API using pluggable “providers” underneath. It was integrated into Java versions following Java 1.4. With this upcoming provider, Java applications will have the ability to use the most recent and secure version of the TLS protocol, TLS 1.3!  And for FIPS 140-2 users, this will allow Java applications to use wolfCrypt FIPS underneath if needed.  Additionally, this will also allow users to take advantage of other features offered by the wolfSSL library such as high-speed and high-strength encryption, high portability, low footprint size, and more!

Are you interested in a JSSE provider for wolfSSL?  For more information about the wolfSSL library, its features, or if you would like to share your interest on this feature addition, please contact facts@wolfssl.com.

Reference
wolfSSL GitHub repository: https://github.com/wolfssl/wolfssl.git
Oracle JSSE reference guide: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction

wolfSSL at Japan IT Week Spring 2019

wolfSSL is at Japan IT Week - Spring this year! Japan IT Week Spring occurrs twice this year, once in April and once in May. wolfSSL will be attending the event in April, which will include two exhibitions: IoT/M2M Expo Spring and Embedded Systems Expo. For 2019, Japan IT Week Spring (part 1) will be held in Tokyo, Japan.

Where wolfSSL will be located for Japan IT Week:
Venue: Tokyo Big Sight
Booth #: 6-9, West Hall
When: April 10-12
Directions: https://www.japan-it-spring.jp/en-gb/visit/access.html

Stop by to hear more about the wolfSSL embedded SSL/TLS library, the wolfCrypt encryption engine, to meet the wolfSSL Japan team, or to get some free stickers and swag!

For more information about wolfSSL, its products, or future events, please contact facts@wolfssl.com.

More information about Japan IT Week Spring can be found here: https://www.japan-it-spring.jp/ja-jp.html

wolfSSH Nonblocking Support

wolfSSL's wolfSSH library is a small footprint, fast, embedded SSH implementation. With recent additional support and adjustments, support for non-blocking connections has been added to the library! This allows for use of non-blocking connections with other features besides SSH, such as use with SFTP and SCP. This non-blocking support is supported by default and is easy to use. The default API can be called and the wolfSSH library internally handles all saving and restoring of states, returning WS_WANT_READ or WS_WANT_WRITE when calling wolfSSH_get_error() to signal if the API should be called again. The library is designed to be easy to use and quick to integrate into an application.

For more information about wolfSSH or using it in your project, please contact facts@wolfssl.com.

wolfSSL at SIDO 2019

wolfSSL is at SIDO this year! SIDO is Europe’s leading IoT, AI and Robotics event and returns this year with a novel approach to the new technological and organizational challenges that industrial and service companies must meet. For 2019, SIDO will be held in Lyon, France.

Where wolfSSL will be located for SIDO:
Venue: Cité Internationale convention center
Stand #: W320
When: April 10-11
Directions: https://www.sido-event.com/en/come-sido-event-iot-ai-robotic-exhibition-conferences-showroom-April-France.html

Stop by to hear more about the wolfSSL embedded SSL/TLS library, the wolfCrypt encryption engine, to meet the wolfSSL team, or to get some free stickers and swag!

For more information about wolfSSL, its products, or future events, please contact facts@wolfssl.com.

More information on SIDO 2019 can be found here: https://www.sido-event.com

wolfSSL at Black Hat Asia 2019

wolfSSL is at Black Hat Asia this year! The information security community will come together for hands-on Trainings taught by industry experts, cutting-edge research presentations at Briefings, open-source tool demos in Arsenal, and the Business Hall featuring top-tier solutions and service providers. 

Where wolfSSL will be located for Black Hat Asia:

Venue: Marina Sands Bay, Singapore, Asia
When: March 26-29, 2019
Directionshttps://www.blackhat.com/asia-19/travel.html

Stop by to hear more about the wolfSSL embedded SSL/TLS library, the wolfCrypt encryption engine, to meet the wolfSSL team, or to get some free stickers and swag!

For more information about wolfSSL, its products, or future events, please contact facts@wolfssl.com.

More information about black hat Asia 2019 can be found here: https://www.blackhat.com/asia-19/

wolfSSL now has lwIP support

The wolfSSL (formerly CyaSSL) embedded SSL library supports lwIP, the light weight internet protocol implementation, out of the box.  The user merely needs to define WOLFSSL_LWIP or uncomment the line /* #define WOLFSSL_LWIP */ in os_settings.h to use wolfSSL with lwIP.

The focus of lwIP is to reduce RAM usage while still providing a full TCP stack.  That focus makes lwIP great for use in embedded systems, the same area where wolfSSL is an ideal match for SSL/TLS needs.  An active community exists with contributor ports for many systems.  Give it a try and let us know if you have any suggestions or questions.

For the latest news and releases of lwIP, you can visit the project homepage, here: http://savannah.nongnu.org/projects/lwip/

For more information, please contact facts@wolfssl.com.

wolfSSL with MPLAB Harmony v3

Since earlier versions, wolfSSL's embedded SSL/TLS library has been included with MPLAB Harmony. MPLAB Harmony is a flexible, fully integrated embedded software development framework for 32-bit MCUs and MPUs. Recently, MPLAB Harmony version 3 was released, with wolfSSL packaged within! The new release of MPLAB Harmony features aspects from the latest version of wolfSSL, version 3.15.7. wolfSSL is included in such a way that the example applications, demos, and source code of the wolfSSL library can be easily integrated and executed with other MPLAB projects. Additionally, other software libraries and examples are also being included in this new release of MPLAB Harmony, such as CMSIS-FreeRTOS.

For more information on the new release of MPLAB Harmony v3, please visit Microchip's page here: https://www.microchip.com/mplab/mplab-harmony/mplab-harmony-v3.

For more information about wolfSSL, wolfSSL with MPLAB Harmony, or other general inquiries, please contact facts@wolfssl.com.

 

MQTT v5.0 Approved by OASIS

wolfSSL provides many different products for many different implementations of internet protocols, one of which is wolfMQTT. The wolfMQTT library is a client implementation of the MQTT written in C for embedded use, with support for SSL/TLS via the wolfSSL library, and also provides support for MQTT-Sensor Network (MQTT-SN). While wolfMQTT is based on the MQTT 3.1.1 specification, wolfMQTT also provides support for the MQTT v5.0 specification - which was recently approved and standardized by OASIS. This new standard comes with some changes, which are outlined below (from the MQTT v5.0 standard):

  • Enhancements for scalability and large scale systems
  • Improved error reporting
  • Formalize common patterns including capability discovery and request response
  • Extensibility mechanisms including user properties
  • Performance improvements and support for small clients

For more information about wolfMQTT or its MQTT v5.0 support, please contact facts@wolfssl.com.

Reference
wolfMQTT GitHub Repository: https://github.com/wolfssl/wolfmqtt.git
wolfMQTT User Manual: https://www.wolfssl.com/docs/wolfmqtt-manual/
MQTT v5.0 specification: https://docs.oasis-open.org/mqtt/mqtt/v5.0/cos02/mqtt-v5.0-cos02.html#_Toc1477318

Differences between TLS 1.2 and TLS 1.3 (#TLS13)

wolfSSL's embedded SSL/TLS library has included support for TLS 1.3 since early releases of the TLS 1.3 draft. Since then, wolfSSL has remained up-to-date with the TLS 1.3 specification. In this post, the major upgrades of TLS 1.3 from TLS 1.2 are outlined below:

TLS 1.3

This protocol is defined in RFC 8446. TLS 1.3 contains improved security and speed. The major differences include:

  • The list of supported symmetric algorithms has been pruned of all legacy algorithms. The remaining algorithms all use Authenticated Encryption with Associated Data (AEAD) algorithms.
  • A zero-RTT (0-RTT) mode was added, saving a round-trip at connection setup for some application data at the cost of certain security properties.
  • Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
  • All handshake messages after the ServerHello are now encrypted.
  • Key derivation functions have been re-designed, with the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) being used as a primitive.
  • The handshake state machine has been restructured to be more consistent and remove superfluous messages.
  • ECC is now in the base spec  and includes new signature algorithms. Point format negotiation has been removed in favor of single point format for each curve.
  • Compression, custom DHE groups, and DSA have been removed, RSA padding now uses PSS.
  • TLS 1.2 version negotiation verification mechanism was deprecated in favor of a version list in an extension.
  • Session resumption with and without server-side state and the PSK-based ciphersuites of earlier versions of TLS have been replaced by a single new PSK exchange.

More information about the TLS 1.3 protocol can be found here: https://www.wolfssl.com/docs/tls13/. Additionally, please contact facts@wolfssl.com for any questions.

Posts navigation

1 2 3 4 5 6 89 90 91

Weekly updates

Archives

Latest Tweets