RECENT BLOG NEWS
FIPS 140-3 and CNSA 2.0 with a Single TLS Connection
Can you believe it? With wolfSSL you can now have a TLS 1.3 connection that is compliant with both FIPS 140-3 and the CNSA 2.0! Want to know how?
For key establishment, we can use the new ML-KEM-1024 (also known as Kyber-1024 which is at security level 5 as defined by NIST) hybridized with ECDH on curve P-521.
In terms of authentication, we can use our dual algorithm certificates where the conventional algorithm is ECDSA on curve P-521 and the alternative algorithm is ML-DSA-87 (also known as Dilithium 5 which is at security level 5 as defined by NIST). The server would then also have conventional and alternative private keys so they would both be used to sign the transcript.
For the cipher suite, We can use AES-256-GCM-SHA384; this is approved by both FIPS 140-3 and CNSA 2.0.
And just like that, we have dual compliance! Want more details and a demo with steps to do it yourself? Not to worry, we’ll have a webinar soon to explain how you can achieve this yourself as well! Please stay tuned.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Do you have code that can be upgraded to Post Quantum?
By now most people interested in security have heard about the NIST Post Quantum Announcement and the specific algorithms derived from CRYSTALS-Dilithium, CRYSTALS-KYBER and SPHINCS. Our team was there at the White House!
We’ve had experimental Post Quantum support for years. See our blog from 2021: Hybrid Post Quantum Groups in TLS 1.3. Post Quantum has also been in cURL since 2021 as well. We’ve developed PQ libraries that work on everything from the largest computer systems to the smallest devices such as the Espressif ESP32!
But do you know if and how your code can be upgraded to take advantage of these new standards? We can help! We have a variety of public and internal tools that can be used to quickly and efficiently search your codebase for API calls that are targets for Post Quantum upgrades.
When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #4718.
For more details, see our blog What is FIPS (In-Depth Overview).
Have specific requests or technical questions? We’d love to hear from you! Please reach out to us at support@wolfSSL.com or open an issue on GitHub. For general inquiries, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Rapid prototyping with Arduino and wolfSSL
Do you have an idea for a project but want a quick prototype without the hassle of a custom board? We’re happy to announce that our latest wolfSSL v5.7.2 library is now available in the Arduino Registry for rapid prototypes.
Just type “wolfSSL” in the Library Manager of the Arduino IDE. If nothing happens right away, check to see if the IDE is downloading updates as indicated in the lower-right corner of the app and wait for the process to complete.
There are TLS Client and Server apps, as well as a bare-bones Hello World that just prints the wolfSSL version. See the bottom of the list in Files – Examples – “Examples from Custom Libraries” in the IDE.
Just edit the SSID and Password:
All of the source code is available at: https://github.com/wolfSSL/Arduino-wolfSSL. We also have a more detailed Getting Started with wolfSSL on Arduino guide.
Want to check performance? Check out our recent blog: How do you benchmark cryptography?
When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #471.
See our prior blogs on:
- What is the difference between FIPS 140-2 and FIPS 140-3?
- FIPS vs FedRAMP Compliance and Requirements
The What is FIPS (Quick Overview) blog also applies to RISC-V with regards to how your RISC-V Operating Environment (“OE”) can be certified:
- You send us your hardware and toolchain.
- We run the initial tests which ensure the cryptography module behaves according to specification given your specific hardware and operating system.
- The CMVP certified lab runs and verifies the tests and their documentation.
- The test results are submitted to CMVP for review.
- Your specific operating environment is added to our certificate.
- You are FIPS 140 compliant in 60-90 days.
For more details, see our blog What is FIPS (In-Depth Overview).
Have specific requests or technical questions? We’d love to hear from you! Please reach out to us at support@wolfSSL.com or open an issue on GitHub. For general inquiries, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 Cryptography on FreeRTOS/OpenRTOS
Hi! This note is to announce that the wolfSSL team will be adding an operational environment for FreeRTOS/OpenRTOS to the wolfCrypt FIPS 140-3 validated certificate #4718. If you need FIPS 140-3 validated crypto on FreeRTOS or OpenRTOS, let us know at facts@wolfSSL.com.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 24 8247.
Download wolfSSL Now
Live Webinar: Mastering curl Command Line Training
Master one of the most powerful tools in a developer’s toolkit. Join us for an exclusive live webinar where Daniel Stenberg, the creator of curl, will guide you through the ins and outs of this essential command-line tool.
Register today: Mastering curl Command Line Training
Date: September 5th | 10 am PT
curl is the Swiss Army knife of Internet transfers, widely used for its robust command-line options. Over the years, new features have been continuously added, making it even more versatile.
This talk will highlight some of the most powerful and intriguing recent additions to curl, including lesser-known tricks that can enhance your command lines, expand your “tool belt,” and boost your productivity. We’ll also cover trurl, a newly created companion tool for URL manipulations that you might not yet realize you need.
Register now! This presentation could take your curl skills to the next level.
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfSSH VxWorks FIPS 140-3
Do you need SSH support for an embedded device running VxWorks and do you have a FIPS 140-3 requirement? wolfSSL has what you need: wolfSSH, an embedded SSH library running on top of our wolfCrypt FIPS library, and the wolfCrypt module holds the world’s first SP800-140Br1 FIPS 140-3 Validated, Certificate #4718.
While full FIPS 140-3 support on VxWorks isn’t here yet, stay tuned! Exciting developments are on the horizon. We’re working hard to bring this capability to you in the very near future!
Interested in learning more or preparing for what’s ahead? Email us at fips@wolfSSL.com, and let’s discuss how we can help you integrate wolfSSH into your VxWorks application and guide you through the FIPS process when the time comes.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Learn more about wolfSSL at Espressif DevCon 24
It’s Expressif DevCon season again, and everyone is excited to attend the free online Espressif Developer Conference September 3-5 2024, 13:00-18:30 CEST (3 AM to 9:30 AM Pacific). For those of you on the West Coast of the USA, the wolfSSL presentation is on Day 2 at 8:30 AM Pacific Time.
Many people have already attended live or viewed another Getting Started webinar already available on YouTube:
The wolfSSL presentation at Espressif DevCon24 will cover even more material and dive into a specific coding example of establishing your own TLS connection. We’ll also discuss how to use wolfSSL Managed Components, using various platforms such as Arduino, PlatformIO, VS Code, Visual Studio with VisualGDB, and more.
Tune in and learn more about why wolfSSL is the world’s leader in cryptographic solutions for the ESP32 and many other devices.
Check out our Espressif Examples on Github.
Ready to take your project to the next level? Not only do we have Post Quantum solutions for he ESP32, but we also recently announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #4718.
See our prior blogs on:
- What is the difference between FIPS 140-2 and FIPS 140-3
- FIPS vs FedRAMP Compliance and Requirements
Have a specific request or questions? We’d love to hear from you. Please contact us at support@wolfSSL.com or open an issue on GitHub.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Part 5: 5 Real-World Use Cases and Troubleshooting
Are you interested in FIPS 140-3 RISC-V Certification? Check out our RISC-V Announcement:
wolfSSL Embraces RISC-V; FIPS 140-3 Certifications Now Available
Here are some places where wolfSSL can be found:
- Hex Five And wolfSSL Announce The First Secure IoT Stack For RISC-VHex Five Security, Inc., in collaboration with wolfSSL, has developed the first secure IoT stack for RISC-V, which is a significant advancement for secure embedded systems. This stack integrates Hex Five’s MultiZone™ Security, a trusted execution environment (TEE) that allows for hardware-enforced separation of software components into multiple isolated zones, with wolfSSL’s TLS 1.3 cryptographic library. This combination ensures that any security vulnerabilities in one part of the system are contained, preventing them from compromising the entire IoT device.
“wolfSSL, a leading provider of TLS cryptography and Hex Five Security, provider of MultiZone™ Security, the first Trusted Execution Environment for RISC-V announce general availability of the industry-first secure IoT stack for RISC-V – a TLS 1.3 reference implementation of freeRTOS with hardware-enforced separation between OS, TCP/IP stack and root of trust”
This secure IoT stack is particularly valuable for RISC-V developers as it addresses the security challenges inherent in monolithic system designs by enabling fine-grained separation and protection of system functions. The stack is open source and available for developers on GitHub, promoting wider adoption and innovation within the RISC-V community?.
- wolfSSL and Synopsys are working together to bring the wolfSSL portfolio of products to the Synopsys ARC® architecture.The Synopsys ARC Access Program is a collaborative initiative that supports a diverse ecosystem of hardware and software vendors in developing optimized solutions for Synopsys DesignWare® ARC® processors. The program provides members with access to essential development tools, such as ARC MetaWare, as well as opportunities for joint marketing and technical collaboration. This ecosystem is designed to accelerate the development and deployment of ARC-based embedded systems across various industries.
As part of this program, wolfSSL offers its lightweight and embedded security solutions, which are highly optimized for speed, size, and portability, to enhance the security of ARC-based systems. This collaboration helps developers integrate advanced cryptographic features into their designs, ensuring secure communication and data protection in embedded applications.
- Microchip Microsemi PolarFire SoCThe Microchip Microsemi Accelerate Ecosystem Partner Program is a collaborative initiative that connects Microsemi with industry leaders in silicon, IP, systems, software, and design services to deliver integrated and pre-validated solutions. This program helps partners accelerate time to market and revenue generation through technology collaboration, joint marketing efforts, and sales acceleration. Notably, wolfSSL, a leading provider of SSL/TLS libraries, is part of this ecosystem, offering secure communication solutions that integrate with Microsemi’s products, enhancing security and performance for end customers?.
- Lightway, ExpressVPN’s new protocol for a superior VPN experienceWe at wolfSSL are proud to be partners with the awesome team over at ExpressVPN.
Also read what you need to know about the OpenSSL bug:
“Our Lightway VPN protocol uses wolfSSL for all of its cryptographic needs and does not use OpenSSL at all. That means that all Lightway clients and servers are totally unaffected by the OpenSSL bug. If you connect to ExpressVPN using Lightway (which is the default in our apps), you’ll be protected by wolfSSL”
- Espressif Managed ComponentsAnother company leveraging wolfSSL for RISC-V is Espressif, specifically in their ESP32-C3 and ESP32-C6 devices. wolfSSL has integrated RISC-V hardware acceleration into these devices, enhancing cryptographic performance. This integration allows Espressif’s RISC-V-based chips to benefit from the high-performance, lightweight SSL/TLS libraries that wolfSSL is known for, providing secure communication capabilities optimized for embedded systems.
There are more details on Getting Started with Managed Components in our prior blog.
See also:
- Espressif RISC-V Hardware Accelerated Cryptographic Functions Up to 1000% Faster
- Post Quantum Key Share on the Espressif ESP32
- wolfSSH – Now Available as an Espressif Managed Component
- wolfMQTT – Now Available as an Espressif Managed Component
- Secure Your Apple HomeKit Espressif ESP32 Devices with wolfSSL
Having any questions or problems with wolfSSL? We want to help!
- Check out the documentation
- Reach out to us on our product forums
- Open a GitHub issue
- View the wiki
- Send us an email at support@wolfSSL.com
Are you interested in RISC-V or FIPS Certification? We want to hear about your project!
If you have questions about any of the above, please contact us at facts@wolfSSL.com, +1 425 245 8247, or open an issue on GitHub.
Download wolfSSL Now
Part 4: Customization and Advanced wolfSSL Features on RISC-V
Are you interested in FIPS 140-3 RISC-V Certification? Check out our RISC-V Announcement:
wolfSSL Embraces RISC-V; FIPS 140-3 Certifications Now Available
The RISC-V architecture, known for its open-source and customizable nature, has seen a growing adoption in various embedded systems and IoT applications. As developers continue to push the boundaries of what RISC-V can achieve, the need for robust, secure, and highly optimized cryptographic solutions has become increasingly important. Enter wolfSSL, a lightweight SSL/TLS library that has been tailored for the unique demands of RISC-V environments.
Customization and advanced features of wolfSSL on RISC-V include hardware acceleration optimizations, particularly on platforms like Espressif’s ESP32-C3 and ESP32-C6 (see examples), where wolfSSL enhances performance with RISC-V assembly-level optimizations. These optimizations not only improve the speed of cryptographic operations but also ensure a smaller footprint, making them ideal for resource-constrained environments. Additionally, wolfSSL supports the integration of secure bootloaders, secure communication protocols, and FIPS 140-3 certifications, offering developers the tools needed to build secure, reliable, and high-performance systems on RISC-V.
This customization capability allows developers to tailor security features to their specific needs, leveraging the flexibility of RISC-V to create advanced, secure applications that meet the rigorous demands of modern embedded systems.
How can you make your application [Better | Faster | Smaller | More Secure] ?
The first place to look for customization is our Tuning Guide to get an overview. There are also some sample user setting files as described in a prior blog: Using user_settings.h with wolfSSL.
Wondering where to get started? We have examples that should work on nearly every Windows/Mac/*nix platform (let us know if you find one that doesn’t!). There are also numerous examples for different environments and IDE platforms.
Check out our recent blog: Top 5 Build Options To Improve wolfCrypt/wolfSSL Performance.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar: World’s first SP800-140Br1 FIPS 140-3 validated certificate #4718
We’re thrilled to share a major milestone with you: wolfSSL has achieved the world’s first SP800-140Br1 FIPS 140-3 validated certificate (#4718)! This groundbreaking achievement underscores our dedication to delivering unparalleled security solutions. To celebrate, join us for an exclusive webinar hosted by wolfSSL Senior Software Engineer, Kaleb Himes, on August 28th at 10 AM PT!
Register Today: World’s First SP800-140Br1 FIPS 140-3 Validated Certificate #4718
Date: August 28th | 10 AM PT
What You’ll Learn:
- Breaking New Ground: Discover the significance of our world-first SP800-140Br1 FIPS 140-3 validated certificate.
- Seamless Integration: Find out how our solutions work with OpenSSL, including Provider and Engine support.
- Java Security: Explore our FIPS-validated solutions for Java JSSE/JCE frameworks.
- Commercial Excellence: Learn about the only general-purpose commercial FIPS solution available in the market.
- Expert Insights: Engage with the wolfSSL team and get expert advice on navigating FIPS certification and implementation.
This is your chance to be part of a historic moment in cybersecurity! Kaleb will share invaluable insights, practical knowledge, and answer your questions in a live Q&A session.
Don’t miss out—register now and be part of this exciting event!
As always, our webinars include Q&A sessions. If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- October 2024 (5)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)