The wolfSSL lightweight SSL/TLS library and underlying wolfCrypt cryptography library have included support for the NXP SE050 module since November 2021. Since that time we have been increasing compatibility with SE050 along with usage of SCP03 (Secure Channel Protocol 03) authentication. To help users get started with TLS usage, we also have two example client […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
Skipping the Cookie Exchange in DTLS 1.3
wolfSSL 5.6.6 introduces the option for DTLS 1.3 servers to skip the cookie exchange on a session resumption. The cookie exchange is a security mechanism employed during the resumption of a DTLS 1.3 session. When a client wants to resume a previous DTLS 1.3 session, it sends a session ticket to the server, which may […]
Read MoreMore TagwolfSSL Adds Support for 0.5-RTT Data in (D)TLS 1.3
(D)TLS 1.3 support for 0.5-RTT (round trip time) data has been introduced to wolfSSL in the latest release (5.6.6). 0.5-RTT data is an optimization in (D)TLS 1.3 that significantly reduces latency and improves overall performance of application data. The full handshake requires two full round trips to start sending data while this functionality allows the […]
Read MoreMore TagHandshake Message Coalescing Vulnerability
wolfSSL prior to version 5.6.6 had a vulnerability where the (D)TLS key boundaries were not properly checked. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the […]
Read MoreMore TagSniffing TLS Traffic
Do you have a need to capture and/or analyze TLS traffic? The wolfSSL library includes a useful tool that you can leverage. The wolfSSL sniffer can be used to capture TLS packets and even decrypt them when at least one of the keys is known. This can be done with both live and recorded PCAP […]
Read MoreMore TagwolfSSL Rust Wrapper coming soon
Rust support is coming to wolfSSL this year! The wolfSSL embedded TLS library is a lightweight, portable, C-language-based SSL/TLS library known for its low footprint, speed, and feature set. Users have been able to take advantage of our library not only in C but also in their Java, C#, Python, and JavaScript projects using the […]
Read MoreMore TagwolfSSL Support for the Espressif ESP-IDF v5.2 Beta
Recently Espressif announced their ESP-IDF v5.2 Beta 1 on GitHub. The same day we found out about this exciting new version, we confirmed that all the wolfSSL Espressif ESP32 Examples are working in that environment. So far the “beta” looks to be well polished from our perspective. Last week, we learned about the ESP-IDF v5.2 […]
Read MoreMore TagProtecting wolfSSL against the Marvin attack
About the Marvin Attack Recently a new variation of a timing Bleichenbacher RSA-decryption attack, termed the Marvin Attack, was reported by Hubert Kario of the RHEL Crypto team. Its name – a nod to a certain android – is a reference to the unending nature of the ROBOT attack. The vulnerability allows an attacker to […]
Read MoreMore TagwolfSSL 5.6.6 Now Available!
Merry Christmas! The Christmas release of wolfSSL is here, version 5.6.6! Version 5.6.6 brings with it fixes for 4 vulnerabilities, bug fixes, new features, and some enhancements as well! For a description of vulnerabilities fixed, please see our vulnerability page. New features in this release include support for additional hardware devices (STM32WL55), new hardware encryption […]
Read MoreMore TagwolfSSL on Pi5 Benchmarks
We at wolfSSL have worked hard to provide exceptional performance for our libraries across all platforms, but we’ve taken extra measures for Intel, ARM, RISC-V and PPC. For common key sizes and curves we’ve implemented inline assembly speedups for most algorithms. For example on the new Raspberry Pi5 with a Cortex A57 at 2.4GHz (default) […]
Read MoreMore Tag