RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

Kick-off 2025 with the New and Updated Getting Started Webinar Series

Kick off 2025 with wolfSSL’s New and Updated Getting Started Webinar Series! From January 6th to January 10th, join us for a week of in-depth, hands-on learning in our “Foundational Learning to Get You Started in 2025: New and Updated Getting Started Webinar Series.” Led by wolfSSL senior engineers, this series will cover the foundational concepts and advanced techniques you need to tackle secure communication challenges with confidence. By the end of the week, you’ll walk away with the skills and knowledge to integrate these technologies into your projects and enhance your embedded security solutions.

Mark your calendars and secure your spot for one or all of our sessions!

Foundational Learning to Get You Started in 2025 Schedule:

  • January 6th | 9 AM PT
    New and Updated: Getting Started with wolfTPM

    Join us on January 6th at 9 AM PT for an in-depth exploration of wolfTPM. Learn the fundamentals of TPM 2.0 and how wolfTPM can enhance the security of your embedded systems. Explore build options, navigate the wolfTPM API, and dive into real-world use cases. By the end of the webinar, you’ll have the skills to integrate wolfTPM into your platform and protect against emerging security threats.
    Register Now

  • January 7th | 9 AM PT
    New and Updated: Getting Started with wolfBoot

    Join us on January 7th at 9 AM PT for an exclusive webinar, Getting Started with wolfBoot. This session will cover the fundamentals of wolfBoot, including how to configure, deploy, and optimize this secure boot solution for embedded systems. You’ll gain valuable insights into managing keys, customizing memory layouts, and implementing secure firmware updates to address modern security challenges.

    Register Now

  • January 8th | 10 AM PT
    New and Updated: Getting Started with wolfMQTT

    Join us on January 8th at 10 AM PT to master secure and reliable communication with wolfMQTT! Discover the basics of the MQTT protocols, key features of wolfMQTT, and how it integrates with wolfSSL TLS for secure communication. You’ll also explore configuration processes, wolfMQTT’s architecture, and real-world examples to confidently enhance your embedded communication projects.
    Register Now

  • January 9th | 10 AM PT
    New and Updated: Getting Started with curl

    Start 2025 by enhancing your URL transfer skills with libcurl! Join an exclusive webinar with curl creator Daniel Stenberg to explore the fundamentals of libcurl, its versatile protocol support, and best practices for implementation. Gain insights into API principles, non-blocking transfers, troubleshooting, and more to elevate your expertise in secure and efficient data transfers.
    Register Now

  • January 10th | 9 AM PT
    New and Updated: Getting Started with wolfSSL

    Join us on January 10th at 10 AM PT to master wolfSSL, the leading Embedded SSL/TLS library! In this webinar, learn how to utilize wolfSSL for secure communications and embedded system security. Explore SSL/TLS protocols, navigate the library structure, build and integrate wolfSSL into projects, and use wolfCrypt for testing and benchmarking. Plus, see these concepts in action through a live demo to boost your expertise.
    Register Now

Don’t miss this opportunity to start the year strong! Register today and take the first step toward mastering secure communication and enhancing your embedded projects with wolfSSL’s powerful tools and technologies!

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Special Rules for LMS and XMSS

A while back, NIST (National Institute for Standards and Technology) came out with Special Publication 800-208 titled “Recommendation for Stateful Hash-Based Signature Schemes”. The full document can be found here.

It was very specific and strongly stated that you need to be very careful about how you do key generation and signing using these algorithms. Here is a direct quote:

Implementations of the key generation and signature algorithms in this document shall only be validated for use within hardware cryptographic modules. The cryptographic modules shall be validated to provide FIPS 140-2 or FIPS 140-3 [19] Level 3 or higher physical security, and the operational environment shall be non-modifiable or limited. … The cryptographic module shall not allow for the export of private keying material. The entropy source for any approved random bit generator used in the implementation shall be located inside the cryptographic module’s physical boundary.

In a nutshell, once an LMS or XMSS private key is generated, there must only ever be one instance of it. No copies. Not even backups. The reason is that with multiple instances there is a chance for misuse of the state of the private key which would be catastrophic because it would require the revocation of the key pair. The standards that define the formats of the cryptographic artifacts even went so far as to leave the format of the private key undefined so that interoperability would be further hindered.

We understood this from the start. By using the –enable-lms or –enable-xmss flags you will get the full suite of operations: key generation, sign and verify. This will allow our customers to quickly start experimenting, prototyping and benchmarking with these algorithms without first having to go through the long process of finding an HSM vendor. Of course, once it comes time to use these algorithms in production, to reduce code size and guarantee compliance, the key generation and sign operations can be eliminated from the binary with the following flags: –enable-lms=verify-only or –enable-xmss=verify-only.

Here at wolfSSL, we’ve got you covered from start to finish.

If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.

Download wolfSSL Now

Post-Quantum CAVP Validations

Here at wolfSSL we love it when our partners achieve great things. We’d like to give a big shout out to our friends at Crypto4A for achieving a huge milestone by getting their CAVP (Cryptographic Algorithm Validation Program) validation. The details can be found here.

In summary, they got a Hardware validation for the QASM Cryptographic Module which stores, protects and manages cryptographic keys. Of very special note, their validation includes post-quantum algorithms LMS, ML-DSA, ML-KEM and SLH-DSA.

This is the same product that wolfSSL and Crypto4A use in an interoperability demonstration at the ICMC Conference in 2023. In that demonstration, the QASM signed a firmware image with LMS and wolfBoot was used to verify the firmware image against an LMS public key and signature and then booted the firmware. Preparations are underway for another demonstration where the QASM will be used to generate an ML-DSA certificate chain which will be used in a TLS 1.3 post-quantum connection using the wolfSSL library. The cryptographic operations will be done on an NXP iMX-93.

You can soon expect to see CAVP validation for wolfSSL’s post-quantum algorithm implementations in wolfCrypt as well. Want to see that effort accelerated and given a higher priority? Let us know and register your interest by sending a message to facts@wolfssl.com!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Chameleons Scurrying into Your Protocols?

Hot on the heels of our work with dual algorithm certificates in TLS 1.3, it is now time to announce that we are going to be working on chameleon certificates! No, we are not talking about certified colour shifting lizards!

Chameleon certificates are specified in the IETF draft.

While it might seem like a long document, most of it is a listing of test vectors and the text is quite accessible; even for non-technical readers. That said, if you are looking for a summary of what these certificates do, read on.

The draft RFC defines an X.509 certificate extension for specifying how to overwrite certain fields of the certificate that contains it to transform that certificate into another certificate. Essentially this means you have 2 certificates in one!

So how does this relate to dual algorithm certificates? Well, it can serve the same function as a dual algorithm certificate. It can allow 2 algorithms to sign the same certificate! It is a new way to do hybrid certificates.

Want to learn more or have questions about any of the above? Sending us a message to facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Is post-quantum cryptography still on the roadmap?

In case you were wondering, the answer is a resounding YES!! We’ve been hard at work making post-quantum algorithms first class citizens in our products. Have a look at the list of post-quantum related changes made in our latest release of wolfSSL 5.7.4:

  • Replaced the use of pqm4 with wolfCrypt’s implementations of Kyber (ML-KEM) and Dilithium (ML-DSA) on STM32 platforms (PR 7924)
  • Configurable support for reduced dynamic memory allocation in wolfCrypt’s Dilithium (ML-DSA) implementation (PR 7727)
  • Configurable support for Dilithium (ML-DSA) precalculated vectors (PR 7744)
  • Allow Kyber (ML-KEM) to be built with FIPS 140-3 outside the boundary (PR 7788)
  • Allow Kyber (ML-KEM) assembly optimizations to be used in the Linux kernel module (PR 7872)
  • Update Dilithium and Kyber to ML-DSA and ML-KEM (PR 7877)

As you can see, not only is post-quantum cryptography still on the roadmap, it is a priority!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Improved OCSP Support in wolfSSL

wolfSSL has recently made important improvements to its Online Certificate Status Protocol (OCSP) support. A recent fix in pull request #7779 addresses an issue where the OCSP request was incorrectly freed when saved in ssl->ctx->certOcspRequest. This update ensures that the OCSP request is properly retained, enhancing the stability and reliability of certificate status checking.

In addition to OCSP, we also fully support Certificate Revocation Lists (CRL). However, OCSP is the preferred method for real-time certificate status validation. OCSP provides a more efficient and timely approach to checking certificate revocation status and remains a key feature of our SSL/TLS library.

These updates reflect wolfSSL’s ongoing commitment to providing secure, efficient SSL/TLS solutions with robust certificate validation features. To learn more about wolfSSL’s OCSP support, visit our OCSP page.

If you have questions or need assistance, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Accelerated Kyber (ML-KEM)

Lightning-fast Kyber (ML-KEM) implementations as specified in FIPS-203 are now here as of wolfSSL release 5.7.4:

  • ARM32 v4 to v8 base assembly instructions for Kyber (ML-KEM); PR 8040
    • Even faster NEON instructions are under development!
  • Aarch64 implementations of Kyber (ML-KEM) functions; PR 7998
  • SHA-3 assembly implementations used by Kyber (ML-KEM); PR 7998
  • ARMv7E-M/ARMv7-M assembly instructions for Kyber (ML-KEM); PR 7706

If you’re worried about the performance and speed of post-quantum Kyber (ML-KEM); you shouldn’t be! Even without these lightning fast optimizations, ML-DSA beats ECDH. You can see our benchmarks comparing ECDH against ML-DSA on ARM Cortex M4 here. Now, we give it that extra bit of oomph that leaves our competition in the dust!

Come on out and try it for yourself!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfHSM + FreeRTOS on AURIX

Infineon Technologies has just announced official FreeRTOS support for its AURIX™ TC3x microcontrollers.

While wolfSSL has included built-in support for FreeRTOS for over a decade, we are proud to announce that wolfHSM, our hardware security module software framework, is also fully compatible with FreeRTOS, including on the AURIX™ TC3x platform.

wolfHSM provides a portable, open-source abstraction for secure hardware cryptography, secure storage, and isolated processing. It can leverage any cryptographic algorithm supported by wolfCrypt, including post-quantum options like ML-DSA, ML-KEM, LMS, and XMSS, as well as the Chinese government-mandated SM cipher suites.

This compatibility enables developers to leverage the safety, performance, and security of wolfHSM in a robust FreeRTOS environment, accelerating the development of secure, high-performance automotive and industrial applications. With wolfHSM and FreeRTOS, developers have the tools to deliver advanced features with maximum security and minimal effort, dramatically reducing application complexity and time-to-market.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Live Webinar: wolfHSM Design for Automotive Hardware Security Modules

The future of automotive security is here! Join us for our final webinar of 2024, diving into the essential role of hardware security modules (HSMs) in safeguarding modern vehicles. Scheduled for December 18th at 10 AM PT, this session will be led by wolfSSL Software Engineer Bill Phipps. He will guide you through the fundamentals and advanced applications of automotive HSMs. Stay ahead of the curve in automotive security innovation.

Register today: wolfHSM Design for Automotive Hardware Security Modules
Date: December 18th | 10 AM PT

This comprehensive webinar will explore key aspects of HSM functionality and their integration with wolfSSL’s solutions. We’ll delve into topics like automotive HSM features, wolfHSM’s functional design, and hardware porting techniques. Attendees will also experience live demonstrations on the Infineon AURIX TriCore TC367DP and TC375TP platforms, showcasing real-world implementations to enhance your understanding of secure automotive applications.

This webinar will cover:

  • Overview of automotive HSM features
  • wolfSSL related solutions for enhanced automotive security
  • wolfHSM functional design principles
  • Hardware porting for automotive HSMs
  • wolfHSM demo on Infineon AURIX TriCore TC 367DP and TC375TP

Don’t miss your final opportunity in 2024 to gain practical insights and learn how wolfHSM can elevate your automotive security framework. Secure your spot today and close out the year by expanding your expertise in automotive cybersecurity!

Register Today!

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfSSL Supports Nucleus Legacy Customers

wolfSSL has partnered with Siemens to provide cyber-security solutions in the Nucleus RTOS stack for over a decade. Now that Nucleus ReadyStart has been discontinued, wolfSSL will continue to provide support and software updates for the wolfSSL, wolfCrypt, wolfMQTT, and wolfSSH components. This will help ensure that Nucleus customers’ applications are safe and secure.

wolfSSL supports the latest versions of TLS and DTLS for newer and older versions of Nucleus. wolfCrypt also supports the latest cryptography standards, including post quantum cryptography.

We recently updated the Nucleus porting layer in wolfSSL v5.7.4 to add support for Nucleus Plus v2.3. Check out PR #7732. This work included updating the port for SRTP-KDF in the FIPS 140-3 certificate.

Direct support plans are available for our security tools, so please contact us with any questions about keeping your Nucleus project secure!

Lastly, if you are considering migrating to another RTOS solution, wolfSSL can continue to provide the optimized security you have been accustomed to when using Nucleus. The wolfSSL projects are highly portable, and we would be happy to assist you with the migration process.

If you have any questions about keeping your Nucleus ReadyStart up to date with the latest wolfSSL code, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 5 6 191 192 193

Weekly updates

Archives