wolfSSL 1.6.0 is now available

Release 1.6.0 for the wolfSSL embedded ssl library adds bug fixes, support for RIPEMD-160 and SHA-512 algorithms and RSA key generation.  For general build instructions see doc/Building_wolfSSL.pdf.  For build options to enable RIPEMD-160 and SHA-512, please see the README included in the download.

Please contact support@yassl.com with any questions.

DTLS and wolfSSL embedded ssl

Did you know that the wolfSSL embedded ssl solution includes DTLS support?  wolfSSL has supported DTLS functionality for over a year now.  Frankly, we have not had much user feedback on the feature, which means that either people are not using it or that those using it are perfectly satisfied.  If you care to comment, we’d love your feedback at info@yassl.com
DTLS was initially designed to serve the needs of secure VoIP designers, SIP users, internet game builders, and others that have an unreliable connection.  Further background on the genesis and purposing of DTLS can be found here:  http://crypto.stanford.edu/~nagendra/papers/dtls.pdf.  The RFC can be found here:  http://tools.ietf.org/html/rfc4347, and the Wikipedia page is here:  http://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security.

wolfSSL Embedded SSL for iPhone

Did you know that wolfSSL is available for iPhone/iOS?  We’ve been building and testing wolfSSL on iOS now for the last couple of years.  As wolfSSL users know, the code is extremely portable.  When iPhone originally launched, we decided to build for the device as yet another test for portability.  Everything moved over smoothly and we’ve been building and testing each incremental release ever since.  Let us know if you’re building cross platform applications and need support for iPhone  by contacting us at info@yassl.com.

The Benefit of Stream Ciphers

Ever wondered what the difference between a block cipher and a stream cipher was?  A block cipher has to be encrypted in chunks that are the block size for the cipher.  For example, AES has block size of 16 bytes.  So if you`re encrypting a bunch of small, 2 or 3 byte, chucks back and forth, over 80% of the data is useless padding, decreasing the speed of the encryption/decryption process and needlessly wasting network bandwidth to boot.  So basically block ciphers are designed for large chucks of data, have block sizes requiring padding, and use a fixed, unvarying transformation.

Stream ciphers work well for large or small chucks of data.  They`re suitable for smaller data sizes because no block size is required.  And if speed is a concern, stream ciphers are your answer, because they use a simpler transformation that typically involves an xor`d keystream.  So if you need to stream media, encrypt various data sizes including small ones, or have a need for a fast cipher then stream ciphers are your best bet.

SSL uses RC4 as the default stream cipher.  It`s a pretty good one, though it`s getting a little older.  There are some interesting advancements being made in the field and nearly two years ago wolfSSL added two ciphers from the eStream project into the code base, RABBIT and HC-128.  RABBIT is nearly twice as fast as RC4 and HC-128 is about 5 times as fast!  So if you`ve ever decided not to use SSL because of speed concerns, using wolfSSL`s stream ciphers should lessen or eliminate that performance doubt.

Both RABBIT and HC-128 are built by default into wolfSSL.  Please see the examples or the docs for usage.

The Next wolfSSL Embedded SSL release

Hi!  The next wolfSSL release should be ready this week, barring unforeseen testing issues.  Our big feature addition for this release is key generation.  The addition of key generation to wolfSSL clears the way for us to add certificate generation, with planned availability in September.  We’ve had a number of our commercial customers as well as open source users asking us for these features for various reasons, and we’re happy to add them for the enjoyment of all. 
One use case that we are particularly excited about is enabling digital signing for embedded systems and devices.  Essentially, we’ll be providing the key components in our next release for our users to set up digital signing for their various embedded systems.  Watch this space for our white paper on the topic.  The white paper will go through the process of setting up your own private certificate authority, as you would do if you were setting up your own private app store or secure firmware download site.  Many users like to do this sort of thing if they have closed systems, and don’t need certificates from a standard certificate authority.  Who knows, perhaps one of our users will use wolfSSL certificate generation to break the monopolies currently enjoyed by the current batch of certificate authorities. 
If you are a device vendor, you might ask the broader question of why to use SSL secure firmware download to your devices?  First, you will know where the firmware updated and installed on your device is coming from.  It won’t be random, it will be coming from a server you control.  Second, you will know that the software updated to the device has not been tampered with during delivery. 
As we saw from the recent Security B-Sides presentation “Fun with VxWorks” (The presentation can be found here: https://speakerdeck.com/hdm/fun-with-vxworks), the attack vector of current interest is embedded systems and devices.  As such, vendors of connected devices such as printers, cameras, etc, will need to be setting up their own private secure delivery mechanisms for applying firmware updates, etc. 
As always, we’re here to help.  Contact us at info@yassl.com if you need help with this stuff, either on the server side or the device side.

wolfSSL embedded ssl and IPv6

If you are an adopter of IPv6 and want to use an embedded ssl implementation, then you may have been wondering if wolfSSL supports IPv6.  The answer is yes, we do support wolfSSL running on top of IPv6.  Note that our current test applications default to IPv4, so as to apply to a broader number of systems.  Please see https://www.wolfssl.com/docs/wolfssl-manual/ch2/ –enable-ipv6 to change the test applications to IPv6.  You can contact us at facts@wolfssl.com if you need assistance with IP version issues.
Further information on IPv6 can be found here:  http://en.wikipedia.org/wiki/IPv6.

Announcing the yaSSL Embedded Web Server

As stated in previous blog posts, we have ported wolfSSL into a number of embedded web servers on behalf of our customers and community users.  wolfSSL can be included in Mongoose , Lighttpd (aka Lighty), Nginx, GoAhead, and others.  As a part of the work of enabling these embedded web servers to use SSL, we have learned a lot about all of these excellent products, including how they are used in embedded environments, what their code is like, and their feature support. 
As a result of our evaluation, we put a lot of energy into determining which open source embedded web server should receive the bulk of our attention.  We want to focus on the one that maps most closely to the needs of our customer base.  The wolfSSL customer generally wants the following in their open source embedded web server, in order of priority:
1.       Support for real time and embedded operating systems.
2.       Commercially available support
3.       Size:  Small, tight code.
4.       Well enabled security features
5.       Speed
As a result of our evaluation, we determined that the Mongoose embedded web server should receive the bulk of our attention.  Mongoose is the winner because it fits our customer’s needs, via the following metrics:
1.       Default size, with wolfSSL enabled, of less than 200k.
2.       Excellent code base and community.
3.       Portability to real time and embedded operating systems.
Based on all of the above, and more, we have decided to sell and market a version of Mongoose we’re calling the yaSSL Embedded Web Server.  We have agreed with the leader of the Mongoose community, Sergey Lyubka, to collaborate on feature development and bug fixes.  Bug fixes, feature additions, and general improvements that we generate to the code base will be rolled back into the main source tree subject to Sergey’s approval.  We will endeavor to be a good citizen and quality partner to the Mongoose community!
Versions of the yaSSL Embedded Web Server for RTOS and embedded environments are available immediately, upon request, on a subscription basis.  Annual subscriptions are available at the price of $5,000 USD per year.  Subscriptions include the following, per product line within which you embed: 
1.       Commercial support for wolfSSL and the yaSSL Embedded Web server
2.       Updates and upgrades
3.       Porting of both the SSL and Web Server to your  embedded environment and chipset.
4.       Commercial licenses
5.       Size and speed optimization support
Supported environments include ThreadX, VxWorks, QNX, OpenWRT, Tron, iTron, Microitron, Android, OpenCL, and MontaVista.  Other supported environments are available on a per request basis.  We’ll also support *nix and the gaggle of *bsd’s, which we’ll port to as requested. 
As always, we’d like your feedback and questions!  Please contact us at info@yassl.com.

Posts navigation

1 2 3 183 184 185 186 187 188 189 190