We often get questions from users of the wolfSSL embedded SSL/TLS library about which certs to load and why. So today we wanted to discuss the following topics: What is a cert chain as seen in a common browser? What is a public key, what is a private key? What is the chain of trust […]
Read MoreMore TagCategory: Uncategorized
wolfSSL Support for DO-178 DAL A
wolfSSL now provides support for complete RTCA DO-178C level A certification! wolfSSL will offer DO-178 wolfCrypt as a commercial off -the-shelf (COTS) solution for connected avionics applications. Adherence to DO-178C level A will be supported through the first wolfCrypt COTS DO-178C certification kit release that includes traceable artifacts for the following encryption algorithms: SHA-256 for […]
Read MoreMore TagwolfSSL FIPS Ready and curl (#wolfSSL #wolfCrypt #curl)
wolfSSL FIPS Ready Along with the recent release of wolfSSL v4.1.0, wolfSSL has updated its support for the wolfCrypt FIPS Ready version of the wolfSSL library. wolfCrypt FIPS Ready is our FIPS enabled cryptography layer included in the wolfSSL source tree that can be enabled and built. To elaborate on what FIPS Ready really means: you do […]
Read MoreMore TagwolfSSL + Nginx
The wolfSSL embedded SSL/TLS library provides support for various open source projects, including Nginx. For those who are unfamiliar, Nginx is a high-performance, high-concurrency web server. Like wolfSSL, it is also compact, fast, and highly scalable. Additionally, wolfSSL also provides support for TLS 1.3 and features such as OCSP, so Nginx servers can be configured with the latest […]
Read MoreMore TagWhat is Online Certificate Status Protocol (OCSP)
Online Certificate Status Protocol or OCSP is an Internet protocol that is used to obtain the revocation status of an X.509 digital certificate. An OCSP client will send a status request to an OCSP responder and receive information if the certificate is valid or revoked. A good response shows that the certificate is valid and […]
Read MoreMore TagwolfSSL + Apache httpd
In the latest wolfSSL releases, we have added 200+ new API to our OpenSSL compatibility layer. Many of these new API were added for providing support for Apache HTTP Server. We are excited to announce that as of version 4.3.0, wolfSSL provides support for the Apache web server with the enable option –enable-apachehttpd. This means […]
Read MoreMore TagHow to use TLS with JAVA
When developing an application that needs to communicate securely with another device TLS is a great option. The framework in place for TLS connections with JAVA is JSSE (Java Secure Socket Extension). JSSE is a set of interfaces that can be called to abstract the TLS process and make it easy for plugging in different […]
Read MoreMore TagImproved NXP MMCAU Crypto Hardware Performance
The NXP Memory-Mapped Cryptographic Acceleration Unit (mmCAU) is on many Kinetis microcontrollers. It improves symmetric AES and SHA performance as compared to our software based implementation. wolfSSL version 4.2.0 enhanced mmCAU support to use multiple blocks against hardware and optimize to avoid memory copies (memcpy) when possible. This resulted in a 20-78% improvement in performance! […]
Read MoreMore TagCMS/PKCS #7 RSA Sign Callback for Raw Digest Signature Generation
We have added many new features in our new release of wolfSSL 4.3.0. One new feature we have added is a CMS/PKCS #7 callback for signing SignedData raw digests – enabled with the macro HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK and call to function wc_PKCS7_SetRsaSignRawDigestCb(). For those who are unaware PKCS #7 is used to sign and/or encrypt messages under […]
Read MoreMore TagUpdates to RSA-PSS salt lengths
In our new release of wolfSSL 4.3.0 we have added updates to RSA-PSS salt lengths. The macro WOLFSSL_PSS_SALT_LEN_DISCOVER value into wc_RsaPSS_Verify_ex() attempts to discover salt length and can use larger salt lengths. RSA-PSS is a probabilistic signature scheme (PSS) with appendix. A signature scheme with appendix requires the message itself to verify the signature (i.e. […]
Read MoreMore Tag