• Registered: 2019-04-22
  • Posts: 3

Topic: WolfSSL STARTTLS SMTP

Hi,

I want to use WolfSSL on a bare metal embedded system, LPC3250 ARM9, in Keilv4. My goal is to send a secure email from my device, I want to use WolfSSL after the STARTTLS command is issued. I currently have an unsecured SMTP protocol working, now I am at the STARTTLS command and I want WolfSSL to continue the communication using TLS.

I am using the MDK_ARM_wolfSSL-Lib project files in my original Keil bare metal embedded project.
Can I use TLS on bare metal? Everything regarding TLS is commented out when bare metal configuration is selected.
What files and settings do I need to configure to use the TLS encryption? Are there any example of secure SMTP on a bare metal system using wolfSSL?

Thanks.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: WolfSSL STARTTLS SMTP

Hi @kamaln16,

Can I use TLS on bare metal?

Yes absolutely. The developer that worked on the project chose to use the setting NO_TLS in wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h but you can comment that setting out. It's likely the choice to use that setting was due to resource constraints on the target environment or the effort only involved making sure the crypto worked but TLS was not tested. That being said we have run TLS on many bare-metal targets to-date and there are no limitations beyond I/O and resources.

When I say I/O I mean you will need either a TCP/IP stack or some other transport medium (wolfSSL doesn't care about how it is transported, you can register custom I/O callbacks to send and receive data in any fashion, we have done TLS handshakes using Bluetooth, UART/Serial, in memory, etc.

Are there any example of secure SMTP on a bare metal system using wolfSSL?

I don't have a bare-metal example of SMTP but we do have a portable example in wolfssl-4.0.0/examples/client/client.c, just look for the function StartTLS_Init and where it is called. Basically that function just does the starttls setup commands to the endpoint and then you do a wolfSSL_connect once the init stage is done.

Warm Regards,

K

Kaleb J. Himes's Website

Share