CyaSSL version 3.3.0 offers:
• Secure countermeasures for Handshake message duplicates, CHANGE CIPHER without FINISHED, and fast forward attempts added to our source code. Thanks to Karthikeyan Bhargavan from the Prosecco team at INRIA Paris-Rocquencourt for the report. This is an important fix and all users should update!
• Complete testing for FIPS 140-2 version submitted to NIST. FIPS 140-2 source code now available.
• Removes SSLv2 Client Hello processing for enhanced security, can be enabled with OLD_HELLO_ALLOWED
• Protocol level control: User can now control TLS protocol down-cycling to a minimum downgrade version with CyaSSL_SetMinVersion(). For example, you could reject handshakes at a protocol level less than TLS 1.1.
• Small stack improvements at TLS/SSL layer, to benefit environments with limited available stack.
• TLS Master Secret generation and Key Expansion are now exposed at the API level
• Adds client side Secure Renegotiation, * not recommended, ever! *
• Client side session ticket support. This feature is not fully tested with Secure Renegotiation, so don’t use Secure Renegotiation.
• Allows up to 4096-bit DHE at TLS Key Exchange layer
• Handles non standard SessionID sizes in Hello Messages
• PicoTCP Support added
• TLS Sniffer now supports SNI Virtual Hosts
• TLS Sniffer now handles non HTTPS protocols using STARTTLS
• TLS Sniffer can now parse records with multiple messages
• TI-RTOS updates or enhances support
• Fix for ColdFire optimized fp_digit read only in explicit 32bit case
• Added ADH Cipher Suite ADH-AES128-SHA for EAP-FAST
Stay up to date with what is happening with wolfSSL, you can follow our blog at http://www.wolfssl.com/yaSSL/Blog/Blog.html
If you have any questions please feel free to contact us anytime at info@wolfSSL.com or (425)245-8247.
We look forward to hearing from you!