Category: wolfSSL/ wolfCrypt

The wolfSSL team is deprecating the following: WOLFSSL_TLS13_DRAFT preprocessor macro –enable-tls13-draft18 configure option These components were originally introduced during the TLS 1.3 standardization process to support interoperability with implementations based on Draft 18 of the TLS 1.3 specification. During the multi-year standardization process (2014-2018), multiple draft versions were published before the final RFC 8446 was […]

Read MoreMore Tag

Device Identifier Composition Engine (DICE) represents a fairly simple approach to hardware-based device identity and secure boot. DICE creates Cryptographic Device Identities (CDIs) through a blockchain-like verification process, where each boot stage measures the next component and derives unique Compound Device Identifiers using the following formula: CDI_n = HMAC(CDI_n-1, Hash(program)) CDI_0 = UDS The formulas […]

Read MoreMore Tag

The wolfSSL’s repo pull request #8897 adds significant OpenSSL compatibility layer enhancements across four key areas: RSA operations, big number mathematics, X.509 certificate extensions, and private key serialization. RSA API Enhancements: The PR introduces comprehensive RSA-PSS (Probabilistic Signature Scheme) support with enhanced OpenSSL compatibility. Key additions include: wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen() for configuring salt lengths wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md() for setting […]

Read MoreMore Tag

Are you wondering what Microsoft’s roadmap for the IIS (Internet Information Services) webserver says about post-quantum cryptography? We’re not; read on to find out why. Not everyone in the financial industry is old enough to remember what it was like to be in the trenches during the Y2K (Year 2000) era, but those that were […]

Read MoreMore Tag

The latest release of wolfSSL 5.8.2 comes with key improvements for users of the wolfSSL sniffer. Multi-Session Sniffer Support The wolfSSL sniffer now supports decoding multiple TLS sessions, including those using session tickets and session resumption. This enables more accurate decryption of real-world TLS traffic, where connections are commonly reused for performance. New ssl_RemoveSession() API […]

Read MoreMore Tag

At wolfSSL, we prioritize strong, modern cryptographic practices—especially for embedded systems where performance, code size, and reliability are critical. While TLS continues to be the standard for securing communications, many early protocol versions have been broken or deprecated due to serious security flaws. Understanding the history of these attacks and their mitigations helps clarify why […]

Read MoreMore Tag

The RH850 Family of 32-bit automotive microcontrollers (MCUs) is an automotive microcontroller equipped with an integrated Hardware Security Module (HSM). It ensures fast and secure key management, cryptographic processing, and authentication at the hardware level. Designed for next-generation ECUs, it combines functional safety with advanced security. wolfSSL has now provided a wolfCrypt use case on […]

Read MoreMore Tag

As part of our ongoing effort to deliver secure-by-default cryptography, wolfSSL has disabled the MD5 hash algorithm by default in the latest release. Don’t worry, it isn’t going away completely, but just disabled at compile time, by default. Why Disable MD5? MD5 has been considered cryptographically broken for many years due to known collision attacks. […]

Read MoreMore Tag

Here at wolfSSL, we are seeing a lot of interest in AI. Some of the most fascinating developments that are happening are around letting different AI agents communicate with each other. Do those communications need to be secured, authenticated, and integrity checked? Of course! Enter the A2A (Agent2Agent) protocol, which uses HTTPS as its primary […]

Read MoreMore Tag