Ensuring your TLS certificates are still valid and haven’t been revoked is critical for secure communications. Two methods exist for this: Certificate Revocation Lists (CRLs) are signed lists published by Certificate Authorities that clients download and check offline. They contain serial numbers of revoked certificates and must be regularly updated and cached by clients to […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
Protect TLS Secrets After the Handshake — Only with wolfSSL
Most TLS libraries leave your certificates and private keys sitting in RAM long after they’re used — a jackpot for attackers with memory access. wolfSSL is the only TLS library that gives you the power to erase them completely with the wolfSSL_UnloadCertsKeys API. This function doesn’t just free memory — it securely zeroes out every […]
Read MoreMore TagDeprecation Notice: TLS 1.3 Draft 18
The wolfSSL team is deprecating the following: WOLFSSL_TLS13_DRAFT preprocessor macro –enable-tls13-draft18 configure option These components were originally introduced during the TLS 1.3 standardization process to support interoperability with implementations based on Draft 18 of the TLS 1.3 specification. During the multi-year standardization process (2014-2018), multiple draft versions were published before the final RFC 8446 was […]
Read MoreMore TagDICE Boot Chain Via wolfCrypt’s Minimal Binary Footprint
Device Identifier Composition Engine (DICE) represents a fairly simple approach to hardware-based device identity and secure boot. DICE creates Cryptographic Device Identities (CDIs) through a blockchain-like verification process, where each boot stage measures the next component and derives unique Compound Device Identifiers using the following formula: CDI_n = HMAC(CDI_n-1, Hash(program)) CDI_0 = UDS The formulas […]
Read MoreMore TagOpenSSL Compatibility Layer Additions in wolfSSL 5.8.2
The wolfSSL’s repo pull request #8897 adds significant OpenSSL compatibility layer enhancements across four key areas: RSA operations, big number mathematics, X.509 certificate extensions, and private key serialization. RSA API Enhancements: The PR introduces comprehensive RSA-PSS (Probabilistic Signature Scheme) support with enhanced OpenSSL compatibility. Key additions include: wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen() for configuring salt lengths wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md() for setting […]
Read MoreMore TagwolfSSL’s Newest Offering for the Financial Vertical
Are you wondering what Microsoft’s roadmap for the IIS (Internet Information Services) webserver says about post-quantum cryptography? We’re not; read on to find out why. Not everyone in the financial industry is old enough to remember what it was like to be in the trenches during the Y2K (Year 2000) era, but those that were […]
Read MoreMore TagwolfSSL 5.8.2: Smarter and Cleaner Sniffing
The latest release of wolfSSL 5.8.2 comes with key improvements for users of the wolfSSL sniffer. Multi-Session Sniffer Support The wolfSSL sniffer now supports decoding multiple TLS sessions, including those using session tickets and session resumption. This enables more accurate decryption of real-world TLS traffic, where connections are commonly reused for performance. New ssl_RemoveSession() API […]
Read MoreMore TagBroken SSL/TLS Versions: Attacks, Weaknesses, and Mitigations
At wolfSSL, we prioritize strong, modern cryptographic practices—especially for embedded systems where performance, code size, and reliability are critical. While TLS continues to be the standard for securing communications, many early protocol versions have been broken or deprecated due to serious security flaws. Understanding the history of these attacks and their mitigations helps clarify why […]
Read MoreMore TagwolfCrypt Examples for Renesas RH850
The RH850 Family of 32-bit automotive microcontrollers (MCUs) is an automotive microcontroller equipped with an integrated Hardware Security Module (HSM). It ensures fast and secure key management, cryptographic processing, and authentication at the hardware level. Designed for next-generation ECUs, it combines functional safety with advanced security. wolfSSL has now provided a wolfCrypt use case on […]
Read MoreMore TagMD5 Disabled by Default in wolfSSL: What You Need to Know
As part of our ongoing effort to deliver secure-by-default cryptography, wolfSSL has disabled the MD5 hash algorithm by default in the latest release. Don’t worry, it isn’t going away completely, but just disabled at compile time, by default. Why Disable MD5? MD5 has been considered cryptographically broken for many years due to known collision attacks. […]
Read MoreMore Tag