RECENT BLOG NEWS

We are excited to announce our upcoming webinar on benchmarking with wolfSSL! Get your questions on benchmarking answered by wolfSSL engineer, Jacob Barthelmeh, during our webinar on July 29th, 2020 at 12PM PT!

Many users are curious about how the wolfSSL embedded SSL/TLS library will perform on a specific hardware device or in a specific environment. Because of the wide variety of different platforms and compilers used today in embedded, enterprise, and cloud-based environments, it is hard to give generic performance calculations.

In IoT devices doing real time interactions and many enterprise applications the underlying cryptography is a very performance-critical aspect. To help wolfSSL users and customers in determining performance for TLS connections with wolfSSL and low level crypto operations with wolfCrypt, a benchmark application is bundled with wolfSSL.

To learn more about benchmarking with wolfSSL join us for this webinar!

When: July 29th, 2020 12:00 PM Pacific Time (US and Canada)
Topic: Benchmarking with wolfSSL

If you are interested, please register in advance for this webinar:
https://us02web.zoom.us/webinar/register/WN_15tIndjMRiyTGTjyYsHLWw

After registering, you will receive a confirmation email containing information about joining the webinar.

Please contact us at facts@wolfssl.com with any questions about the webinar and for technical support, please contact support@wolfssl.com

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on GitHub, and learn more about benchmarking with wolfSSL through our Documents on our website!

Ciao amici italiani!

wolfSSL is hosting a special webinar exclusively for our Italian audience! Join us for our upcoming webinar on July 23rd, 2020 with wolfSSL Engineer, Daniele Lacamera. For the presentation, we will be giving a company overview on the basics of wolfSSL. Additionally, we will review best practices for compile options, build process, examples and testing to ensure your wolfSSL implementation achieves the best possible results for your project. Don’t miss out on the chance to ask questions in your native tongue for the Q&A session to follow.

When: July 23rd, 2020 3:00 PM CET
Topic: wolfSSL: Tavola Rotonda in Italiano

If you are new to wolfSSL, here are some of our key differentiators:

• wolfSSL is up to 20x smaller than OpenSSL
• First commercial implementation of TLS 1.3
• Best tested, most secure, fastest crypto on the market with incomparable certifications and highly customizable modularity
• Access to 24×7 support from a real team of Engineers
• Support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2, + DTLS 1.3 forthcoming)
• Multi-platform, royalty free, with an OpenSSL compatibility API to ease porting into existing applications which have previously used the OpenSSL package
• The CMVP has issued FIPS 140-2 Certificates #3389 and #2425 for the wolfCrypt Module developed by wolfSSL Inc. For more information, see our FIPS FAQ

For additional support, please contact support@wolfssl.com or check out our user manual.

If you are interested, please register in advance for this webinar:
https://us02web.zoom.us/webinar/register/WN_wi6hDTUbQESg3kDbUA-6JQ

After registering, you will receive a confirmation email containing information about joining the webinar.

A presto!

Please contact us at facts@wolfssl.com with any questions about the webinar.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

Are you a user of Deos? If so, you will be happy to know that wolfSSL supports the Deos Safety Critical RTOS for FAA Certifiable Avionics Applications and has added TLS client/server examples to the wolfSSL embedded SSL/TLS library for Deos!

Deos is an embedded RTOS used for safety-critical avionics applications on commercial and military aircraft. Certified to DO-178C DAL A, the time and space partitioned RTOS features deterministic real-time response and employs patented “slack scheduling” to deliver higher CPU utilization. DO-178C DAL A refers to a specification that is required for software to be used in aerospace software systems.

The Deos port in wolfSSL is activated by using the “WOLFSSL_DEOS” macro. For instructions on how to build and run the examples on your projects, please see the “/IDE/ECLIPSE/DEOS/README” file.

wolfSSL provides support for the latest and greatest version of the TLS protocol, TLS 1.3! Using the wolfSSL port with your device running Deos will allow your device to connect to the Internet in one of the most secure ways possible.

For more information, please contact facts@wolfssl.com.

Resources:

• The most recent version of wolfSSL can be downloaded from our download page, here: https://www.wolfssl.com/download/
• wolfSSL GitHub repository: https://github.com/wolfssl/wolfssl.git
• wolfSSL support for TLS 1.3: https://www.wolfssl.com/docs/tls13/
• Deos RTOS homepage: https://www.ddci.com/category/deos/

Did you miss our previous webinars on TLS 1.3 or just want to learn more? Check out our upcoming webinar on July 16th, 2020 with wolfSSL engineer Sean Parkinson on what you need to know about TLS 1.3. There will be a Q&A session that follows so please tune in!

The wolfSSL lightweight SSL/TLS library supports TLS 1.3 (RFC 8446, previously Draft 28) on both the client and server side! A few of the advantages the newest version of TLS 1.3 include:

• Faster handshake times as there is only one RTT instead of two which enables clients to send data immediately after the first reply from the server
• Full session encryption achieved through the use of a variety of encryption algorithms to secure data
• Brand new cipher suites considered to be stronger than before

To learn more about the advantages of TLS 1.3 tune in to our webinar!

Registration

When: July 16th, 2020 2 PM Pacific Time (US and Canada)
Topic: TLS 1.3

If you are interested, please register in advance for this webinar:
https://us02web.zoom.us/webinar/register/WN_V535mNL2TB2klFWrttppAw
After registering, you will receive a confirmation email containing information about joining the webinar.

Looking forward to seeing you there! Not able to attend? No problem, all our webinars are recorded and uploaded to our Youtube Channel! Please contact us at facts@wolfssl.com with any questions about the webinar.

Learn More About TLS 1.3
Learn more about TLS 1.3 from the RFC. The most recent version can be found here:
https://tools.ietf.org/html/rfc8446

Or, browse some of our recent blog posts on TLS 1.3:

• Differences between TLS 1.2 and TLS 1.3
• TLS 1.3 Now Available in wolfSSL #TLS13
• wolfSSL TLS 1.3 BETA Release Now Available
• Updated TLS 1.3 Draft on GitHub

Support
Please direct any questions about using wolfSSL with TLS 1.3, or about our current TLS 1.3 support to support@wolfssl.com. We also appreciate any comments or feedback. Thanks!

Two weeks ago, Apple announced a transition from Intel-based Macs to their very own ‘world-class custom silicon’ chip. This marks a new era for Apple, as they further establish a common architecture throughout their product ecosystem, making it easy for developers to write, update and optimize applications.

Underlying this recent development is Apple’s Universal App Quick Start Program that includes the ‘limited use of a Developer Transition Kit (DTK), a Mac development system based on Apple’s A12Z Bionic System on a Chip (SoC)’ among other services like forums support, beta version of macOS Big Sur and Xcode 12.

So why is this important? 

wolfSSL is a direct partner with ARM, the architecture A12Z Bionic is based upon, and we fully support all the crypto extensions that are built into the new chip. We aim to have the first FIPS certificate for A12Z and will be pushing out benchmarks on the A12Z soon, so stay tuned!

For more information, please contact facts@wolfssl.com.

Additional Resources:
The most recent version of wolfSSL can be downloaded from our download page, here: https://www.wolfssl.com/download/
wolfSSL GitHub repository: https://github.com/wolfssl/wolfssl.git
Check out the latest addition of the wolfSSL ARM mbed-os Port of the wolfSSL embedded SSL/TLS library!

wolfSSL is looking to hire a C# programmer to work on our TLS interface and wolfCrypt interface for C#.

If interested in applying, please send your resume to facts@wolfssl.com. wolfSSL product and company details can be found online at www.wolfssl.com.

All of the wolfSSL team prides themselves on offering the Best Tested SSL/TLS library on the market. wolfSSL is able to do so by conducting regular, diligent, and well-planned testing to maintain a robust and secure library. wolfSSL knows that it is impossible to test every single possible path through the software, but opts to practice an approach that is focused on lowering risk of failure. wolfSSL implements an extensive internal testing plan that not only uses automated testing but makes sure to test well-known use cases. A key process in wolfSSLs’ internal testing plan is Fuzz Testing.

What is Fuzz Testing?

Fuzz testing, also known as fuzzing, is an automated software testing technique that is conducted to reveal coding errors and security loopholes in softwares, networks, or operating systems. A fuzz test is a technique that is widely used to discover defects which otherwise would not be identified by merely using traditional functional testing methods. Fuzzing is a Black Box testing technique that bombards a library with invalid, unexpected, or random data (known as fuzz to the system) in an attempt to expose inputs that cause the system to crash, fail in unexpected ways, or leak memory. This allows wolfSSL to catch bugs that could turn into potential vulnerabilities before they are able to make it into a release!

Fuzzing at wolfSSL

wolfSSL firmly believes that if a TLS and cryptography provider does not do fuzz testing, they are extremely exposed. wolfSSL runs 7 fuzz testers internally, every night to insure the most secure library on the market. wolfSSL tests using several different software fuzzers, including an in-memory fuzzer, a network fuzzer, OSS-fuzz, libfuzzer, tlsfuzzer, and AFL.

As a testament to wolfSSLs’ commitment to security, highly respected external testers are utilized when possible, for example: Guido Vranken in Holland and Robert Horr of T-Systems in Germany (check out this post by Guido Vranken on Fuzzing for wolfSSL).

As stated in the wolfSSL 2019 Annual Report, wolfSSL is the best – tested cryptography on market, due to consistent implementation of additional fuzz testing resources from both internal and external sources.

For further details regarding the internal wolfSSL process of testing to ensure code quality and security, please reference this blog page.

If there are any specific questions about how wolfSSL tests, please contact our team at facts@wolfssl.com. If there is a desire for wolfSSL to include other SSL/TLS or crypto implementations in wolfSSL interop testing, please let the wolfSSL team know! Likewise, if users would like to include wolfSSL in their own test framework, wolfSSL would be happy to discuss!

As a Cybersecurity company we have to make sure all of our products are state of the art. In accordance, wolfSSL is conducting Stages of Involvement (SOI) audit on our wolfCrypt product.

Last year wolfSSL added support for complete RTCA DO-178C level A certification. wolfSSL offers DO-178 wolfCrypt as a commercial off -the-shelf (COTS) solution for connected avionics applications. The primary goal of this was to provide the proper cryptographic underpinnings for secure boot and secure firmware update in commercial and military avionics. Avionics developers now have a flexible, compact, economical, high-performance COTS solution for quickly delivering FIPS 140-2 validated crypto algorithms can be used in DO-178 mode for combined FIPS 140-2/DO-178 consumption.

Any aviation system development requires Stages of Involvement (SOI) audits to review the overall software project and ensure that it complies with the objectives of DO-178. Originally, DO-178 based development did not require SOI’s, however a problem arose because of divergence between different development organizations and what the certification authorities wanted. As a result, SOI’s have become an informal de facto standard applied to most projects.

To assess compliance, there are four Stages of Involvement. The four stages are:

1. Planning Review
2. Design review
3. Validation and Verification review
4. Final Review

We have fully completed SOI #1 through #4.

For more information regarding wolfSSL, wolfCrypt, DO-178, or any additional questions, please contact facts@wolfssl.com.

wolfSSL is going back to basics! Join us for our upcoming webinar on July 8th, 2020 with wolfSSL Engineering Manager, Chris Conlon. We will review best practices for compile options, build process, examples and testing to ensure your wolfSSL implementation achieves the best possible results for your project. Bring your questions and findings for the Q&A session to follow!

When: July 8th, 2020 10:00 AM Pacific Time (US and Canada)
Duration: 1 hour
Topic: Getting Started with wolfSSL

If you are new to wolfSSL, here are some of our key differentiators:

• wolfSSL is up to 20x smaller than OpenSSL
• First commercial implementation of TLS 1.3
• Best tested, most secure, fastest crypto on the market with incomparable certifications and highly customizable modularity
• Access to 24×7 support from a real team of Engineers
• Support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2, + DTLS 1.3 forthcoming)
• Multi-platform, royalty free, with an OpenSSL compatibility API to ease porting into existing applications which have previously used the OpenSSL package

For additional support, please contact support@wolfssl.com or check out our user manual.

If you are interested, please register in advance for this webinar:
https://us02web.zoom.us/webinar/register/WN_gChcXlXdTfihIUFeSJUqqA

After registering, you will receive a confirmation email containing information about joining the webinar.

Hope to see you there!

Please contact us at facts@wolfssl.com with any questions about the webinar.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

wolfSSL is excited to announce that we will be hosting a webinar on June 30th, 2020 with wolfSSL engineer and cURL founder Daniel Stenberg on testing, fuzzing, and CI! There will be a Q&A session that follows so stay tuned.

cURL is used in virtually every connected device for secure data transfer and Stenberg believes it may be one of the world’s most widely used open source projects. On his own blog he states some of the biggest cURL installations from Internet servers at number ten, to Netflix devices, overall listing smartphones as number one. wolfSSL currently offers commercial support on cURL which can be built with wolfCrypt FIPS and is FIPS ready. For more information on using cURL with your project, please contact support@wolfssl.com.

When: June 30, 2020 10:00 AM Pacific Time (US and Canada)
Duration: 30-40 minutes
Topic: Testing cURL for Security

If you are interested, please register in advance for this webinar:
https://us02web.zoom.us/webinar/register/WN_9Gljp2XRRNadMnoA6w-2Wg

After registering, you will receive a confirmation email containing information about joining the webinar.

Looking forward to seeing you there!

Please contact us at facts@wolfssl.com with any questions about the webinar, the wolfSSL embedded SSL/TLS library, cURL, or tinycURL!