At wolfSSL we create solutions to provide secure access to a variety of systems and devices. Our latest example adds the ability to use the SSH protocol to securely connect plain text serial UART using an Espressif ESP32 or ESP8266 over wireless or wired ethernet.
In celebration of this new capability, we’re having a contest where you can win fame, glory, and cool wolfSSL swag! All you need to do is demonstrate on social media that you were able to get this working on your own hardware, either the ESP32 or ESP8266 platforms and successfully connect to your UART device!
The project is part of our ongoing initiative to ensure all Espressif device users have access to commercial-grade reliable encryption.
To participate in the contest:
- Please follow us on Twitter and retweet the contest tweet.
- Install the wolfSSH embedded server found in the wolfssh-examples.
- Connect your ESP32 or ESP8266 to any serial device (or a USB-TTY if needed)
- Login via SSH from command-line, putty, etc.
- Reply to the tweet with pictures or video showing your successful login.
- The first person to demonstrate success will win some great wolfSSL swag!
- We may choose other winners based on creativity or PR’s for feature additions.
- Thank you for participating!
If you prefer to remain anonymous, we will also consider entries sent to firstname.lastname@example.org
For more information, see https://www.wolfssl.com/espressif/
This example code is found on our new wolfssh-examples repo at: https://github.com/wolfSSL/wolfssh-examples
wolfSSL has supported FreeRTOS for over a decade but you can now run wolfSSL’s command-line tool, wolfCLU, on FreeRTOS as well! The wolfSSL embedded TLS library is a lightweight, portable, C-based SSL/TLS library known for its low footprint, speed, and feature set and wolfCLU makes use of this portable library to offer a portable, low overhead cert/crypto command-line tool alternative.
As of right now, all wolfCLU commands that do not require a filesystem can be run on FreeRTOS including commands for generating certificates, certificate requests, DSA/DH/ECC parameters, and random data.
Are you interested to have more wolfCLU functionality supported on FreeRTOS?
Contact us at email@example.com with any questions, comments, or suggestions.
Join us Wednesday, June 29th at 9AM Pacific Time.
Story time with wolfSSL! Join us for a comprehensive presentation on how to leverage wolfSSL for all of your Automotive Security needs as we go through a variety of different use cases and example with the specific engineering details for each story.
As always bring your questions for the Q&A following the presentation.
We’ve had some recent interest in adding resistance for detection of encrypt issues due to glitching. A recent report for ESP32 AES HW showed it was possible to skip the encrypt operation with some timed glitching. The attack requires physical access to the hardware. The attack results in the HW encrypt operation being skipped and the data being sent unencrypted over the TLS transport.
As a result we’ve added a new build option WOLFSSL_CIPHER_TEXT_CHECK to enable checking of the encrypt to ensure the data changed (i.e. is not the same). It defaults to checking 64-bits of the buffer, but this can be enlarged by overriding the WOLFSSL_CIPHER_CHECK_SZ macro.
We enable this feature by default with our “max strength” build option `–enable-maxstrength`.
For details see PR https://github.com/wolfSSL/wolfssl/pull/5231 “Added sanity check on TLS encrypt to trap against glitching”.
If you have any questions please email firstname.lastname@example.org
wolfSSL has easy options for using FreeRTOS with LwIP on Xilinx boards! The Xilinx SDK has support for FreeRTOS and LwIP with embedded projects, which wolfSSL has been ported to use both for some time! The directory containing some Xilinx IDE projects and information for a quick start when working with the Xilinx SDK is located here (https://github.com/wolfSSL/wolfssl/tree/master/IDE/XilinxSDK).
With Xilinx FreeRTOS there are also calls to hardware acceleration using the Xilinx hardened crypto which greatly speeds up AES-GCM, SHA3, and RSA operations (https://docs.xilinx.com/v/u/en-US/wp512-accel-crypto). Stay tuned for updated benchmark numbers and status on the hardware acceleration with the new Versal board.
For questions about using wolfSSL with Xilinx contact email@example.com
While GO has its own tls/crypto library, wolfSSL is a proven and optimized solution that could soon be a viable option for GO projects. For some insight on how it would work, follow the instructions in this README to view/build a simple server/client example secured by wolfSSL TLS.
Are you interested in a more complete Golang wrapper?
Contact us at firstname.lastname@example.org with any questions, comments, or suggestions!
wolfSSL’s DTLS 1.3 implementation is not ready for commercial use, but it’s fully functional and ready for being beta-tested! As usual, you can find the code at our GitHub repo or you can download the beta version here.
Since its first version, DTLS aims to bring the same security guarantees as TLS, but without requiring a reliable and order-preserving underlying protocol. This means that it’s much more suitable for latency-sensitive applications that can suffer from the overhead of TCP or similar protocols. The specifications of DTLSv1.3 were published just last April (RFC 9147) and DTLSv1.3 brings all the improvements of TLS v1.3 to DTLS: faster and more secure handshake, 0-RTT resumption, modern crypto algorithms, better downgrade protection and so on. We are the first to release a working implementation. If you are working on DTLS, or if you just have questions, don’t hesitate to contact us at email@example.com. We’re more than happy to hear from you!
Want to talk to us face to face about DTLS 1.3 at Embedded World? Come by Hall 4, Booth 4-135!
We are in the process of developing an SSHD server with wolfSSH. This will be a fully featured application that can take in a typical OpenSSH style sshd_config file and handle incoming SSH connections. It’s backed by the progressive and well tested wolfCrypt library for all crypto operations. It is also developed with embedded devices in mind, having a reduced footprint size!
For early access to the SSHD server or questions contact us at firstname.lastname@example.org.
Here at wolfSSL, we pride ourselves on keeping up to date with the various post-quantum developments related to the protocols we support. wolfMQTT is a client side library that supports the MQTT publish and subscribe protocol that is a very good fit for IoT applications.
Recently, the OpenQuantumSafe project got a pull request for a new demo which featured the mosquito MQTT broker operating on top of TLS 1.3 with post-quantum cryptographic algorithms. Naturally, we were very excited to try and run some interoperability tests against it!
This blog post is to announce that wolfMQTT now supports KYBER_LEVEL1 KEM group and P256_KYBER_LEVEL1 hybrid group for key exchange along with FALCON_LEVEL1 for signature authentication over TLS 1.3. Our implementation has been successfully tested for inter-operability with the OpenQuantumSafe project’s mosquito MQTT broker demo. If you would like to try it out, please follow the instructions athttps://github.com/wolfSSL/wolfmqtt#post-quantum-mqtt-support
Want different post-quantum groups for KEM key exchange? Want other post-quantum signature schemes? Want to see the wolfSSL team make a post-quantum MQTT broker? Want to see this setup working on STM32 devices? Contact your wolfSSL regional business director or e-mail us at email@example.com to discuss these possibilities!