RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL 2.2.0 is Now Available

Version 2.2.0 of the wolfSSL embedded SSL/TLS library has been released and is now available for download.  This release contains bug fixes, feature enhancements, and is a recommended update for all users. Changes include:

– Initial CRL (Certificate Revocation Lists) support with –enable-crl
– Initial OCSP (Online Certificate Status Protocol) support with –enable-ocsp
– Static ECDH suites including:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
– SHA-384 support
– ECC client certificate support

For more information on CRL checkout: http://en.wikipedia.org/wiki/Certificate_revocation_list .  More details on OCSP can be found here: http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol .  The example/client has basic usage and the full API will be available in the manual. The addition of SHA-384 support makes wolfSSL even more compatible with other SSL implementations such as OpenSSL.

To download the open source, GPLv2-licensed version of wolfSSL 2.2.0, please visit our Download Page.  If you have any questions or comments or would like more information on commercial versions of wolfSSL, please contact us at info@yassl.com.

For build instructions, a full feature list, API reference, and more, please see the wolfSSL Manual.

Need yet another developer

Hi!  yaSSL is looking for another hard core C developer who like systems level work and the challenge of developing open source security software! We`re well positioned in the market, growing fast, have a great work environment for the right individual. Let us know if you`re interested or know someone who`d be a good fit.  Contact us at larry@yassl.com.

Porting wolfSSL into OpenSSH

Hi!  This is a short note to let you know that we have ported wolfSSL into the sshd sources.  This effort was done for a customer of the wolfSSL embedded SSL product.  This particular customer of ours was looking for a version of OpenSSH with a smaller footprint, TLS 1.2 and some specialized ciphers.  Alpha versions of the code base can be made available to select members of our user base in June 2012, with wider availability in beta form on the 4th of July.    

If you are interested in trying OpenSSH with wolfSSL, then please contact us at info@yassl.com.

Seattle MySQL Meetup Group Monthly Meeting: Securing MySQL

The Seattle MySQL Meetup group holds a meeting each month to discuss items relevant to MySQL and open source projects in general.  yaSSL will be giving a presentation on MySQL security at the June meetup, being held on Monday, June 4, 2012 at 7:00pm.  To learn more about the meetup and RSVP, please visit the meetup page:

http://www.meetup.com/seattlemysql/events/63039352/ (June 4, 2012 7:00 PM. 19 attended.)

Presentation Description:

Because of the potential effects of either data loss or exposure, database security and administration is a necessity in today’s world. As a world leader in database solutions, MySQL has gained a large user base. These users are of varying skill level, some of which have focused heavily on database security and some who have never given it a second thought. This presentation will give users an overview of MySQL security practices with a main focus on configuring and building MySQL with SSL. It will provide an introductory walkthrough in MySQL security for the new MySQL admin and offer a refreshing review for the seasoned MySQL expert.

This presentation will touch on several aspects of MySQL database security, including:

– Good Security Practices for MySQL

+ Setting Appropriate Passwords

+ Securing Test Databases, mysqld

+ mysql_secure_installation script

+ Privileges

– SSL/TLS in MySQL

+ An Overview of SSL, x509

+ Configuring and Building MySQL with SSL

+ MySQL SSL Command Options

+ SSL Certificate Creation

+ Performance Comparison

If you have questions about yaSSL’s upcoming presentation, please let us know at info@yassl.com.

New features coming to wolfSSL in May

We`ve added some new features to wolfSSL that will go into the general release this month.  The features are:

1.  Support for SHA-384
2.  Client ECC certificates
3.  Static ECDH
4.  GCM

With the addition of SHA-384 and GCM, wolfSSL will become NSA Suite B compliant.

If you need access to these features right away, contact us at info@yassl.com and we can possibly arrange for an early private code drop.

wolfSSL Supports SPDY

Hi yaSSL users!  See the following link for an explanation on SPDY:  https://readwrite.com/2012/04/19/what-web-users-need-to-know-ab/

SPDY is a new protocol for web use proposed by Google and supported by many of the large web companies.  It is based on HTTP, but it is faster and more suited to modern web usage.  

You will note that SPDY mandates SSL, which will provide everyone more security in their day to day web use.  We should also note that our friends at NGINX are supporting SPDY.

If you have comments or questions on running wolfSSL with SPDY, then please contact us at info@yassl.com.

yaSSL Live from Infosecurity Europe 2012

Day two of the 2012 Infosecurity Europe conference (#infosec12) is underway at Earl’s Court in London as visitors and exhibitors discuss the new technology coming out regarding security products and services. yaSSL has been talking about embedded SSL and embedded web servers at booth J64, and has given a talk on the usability and necessity of SSL / TLS on day one of the conference.

We would like to thank those who attended the presentation, and encourage you to send any questions about either the presentation or yaSSL’s products to info@yassl.com. If you would like a copy of the slides, please email us a request, or watch our site. We’ll get the slides posted as soon as possible.

If you are currently attending (or plan to attend) the conference, we encourage you to stop by the yaSSL booth to say hello!

Thanks,
Team yaSSL

Secure Communication: Usability & Necessity of SSL/TLS

Network-related applications and devices often use secure communication. Although keeping network communications safe should be a top priority to all developers and engineers, it often gets left behind due to lack of understanding, insufficient funding, or looming deadlines.

Securing a project with SSL shouldn’t have to include a steep learning curve, deep pockets, or an unlimited time frame. By learning a few basics of how things work, where the technology is best used, and what features to look for when trying to choose the right SSL implementation, a developer or engineer can easily, simply, and quickly secure their project – putting both themselves and their employer’s minds at ease.

yaSSL will be giving a presentation at the upcoming Infosecurity Europe conference next week which will address these issues. yaSSL’s presentation will introduce SSL – including why secure communication is important, introductory details about SSL, x509, and the underlying cryptography. It will give an overview of where SSL is used today – including Home Energy, Gaming, Databases, Sensors, VoIP, and more. A description and “shopping list” of important items to look for when trying to choose an SSL implementation will give developers and engineers a solid foundation to begin securing their projects with SSL and will enable them to have more informed discussions with potential vendors on the expo floor at Infosecurity Europe 2012.

Date: April 24, 2012
Time: 12:40pm – 1:05pm
Location: Technical Theater (at Infosecurity Europe, Earl’s Court, London, England)
Speaker: Chris Conlon

Infosecurity Europe: http://www.infosec.co.uk

Secure Communication: Usability & Necessity of SSL/TLS

Network-related applications and devices often use secure communication. Although keeping network communications safe should be a top priority to all developers and engineers, it often gets left behind due to lack of understanding, insufficient funding, or looming deadlines.

Securing a project with SSL shouldn’t have to include a steep learning curve, deep pockets, or an unlimited time frame. By learning a few basics of how things work, where the technology is best used, and what features to look for when trying to choose the right SSL implementation, a developer or engineer can easily, simply, and quickly secure their project – putting both themselves and their employer’s minds at ease.

yaSSL will be giving a presentation at the upcoming Infosecurity Europe conference next week which will address these issues. yaSSL’s presentation will introduce SSL – including why secure communication is important, introductory details about SSL, x509, and the underlying cryptography. It will give an overview of where SSL is used today – including Home Energy, Gaming, Databases, Sensors, VoIP, and more. A description and “shopping list” of important items to look for when trying to choose an SSL implementation will give developers and engineers a solid foundation to begin securing their projects with SSL and will enable them to have more informed discussions with potential vendors on the expo floor at Infosecurity Europe 2012.

Date: April 24, 2012
Time: 12:40pm – 1:05pm
Location: Technical Theater (at Infosecurity Europe, Earl’s Court, London, England)
Speaker: Chris Conlon

Infosecurity Europe: http://www.infosec.co.uk

Great Article on SSL Interception Proxies and Transitive Trust

We recently found a great article on SSL/TLS interception proxies and transitive trust from Jeff Jarmoc at Dell SecureWorks. In his article, Jeff provides a brief introduction, background, and history of the SSL and TLS protocols, then dives into talking about SSL interception proxies.

Reading through the article gives insights into how and why these proxies are used in the real world and explains some of the major risks associated with their use. Although risks can range anywhere from legal exposure to an increased threat surface to a potential for decreased cipher strength, these proxies are a necessary part of many networks.

Jeff introduces a helpful test framework (linked below) for determining which (if any) vulnerabilities an SSL proxy is susceptible to. The framework is designed to be run from behind the proxy, and is as simple as visiting a web page. Following an explanation of some of these vulnerabilities, Jeff lists some of the current vulnerabilities found in existing proxy solutions today.

The wolfSSL embedded SSL library has had the ability to do SSL inspection for quite some time now, as we originally posted about it in September of 2010. If you have any questions about wolfSSL’s SSL inspection, please feel free to contact us at info@yassl.com.

Transitive Trust: SSL/TLS Interception Proxies
Proxy Test Framework: https://ssltest.offenseindepth.com

As of March 22, 2018 at 8:57am CMT, the “Proxy Test Framework” URL does not exist – the data from the table is shown below.

Test Result
Mismatched CN
NOT

VULNERABLE

Unknown CA
NOT

VULNERABLE

Self Signed
NOT

VULNERABLE

Expired
NOT

VULNERABLE

Basic Constraints
NOT

VULNERABLE

Revoked
NOT

VULNERABLE

Null Char (Must Trust CA)
NOT

VULNERABLE

Posts navigation

1 2 3 76 77 78 79 80 81 82 99 100 101

Weekly updates

Archives

Latest Tweets