– SSL 3.0 is now disabled by default
We have previously announced our plans to deprecate and remove support for SSL 3.0 in the wolfSSL library, encouraged to do so by the POODLE attack. With this release, we have disabled SSL 3.0 support by default. Users who still want to use SSL 3.0 can enable it by using the “–enable-sslv3” ./configure option.
– Ephemeral key cipher suites only are now supported by default
To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
To enable static PSK cipher suites define WOLFSSL_STATIC_PSK
– Added QSH (Quantum-Safe Handshake) Extension
wolfSSL, in partnership with Security Innovation, has added support for the proposed “Quantum-safe hybrid” ciphersuite. Having this cipher suite supported in the wolfSSL embedded TLS library allows two parties to use any existing ciphersuite and “quantum-safe” any traffic protected by that ciphersuite. This means that an attacker who records the traffic and later develops a quantum computer cannot go back and crack the session.
Support for QSH extension can be enabled by using the “–enable-ntru” ./configure option.
– SRP is now part of wolfCrypt
SRP is a password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network designed by Thomas Wu at the Computer Science Department of Stanford University.
Support for SRP in wolfCrypt can be enabled with the “–enable-srp” ./configure option.
– Certificate handshake message fragmentation support
Certificate handshake messages can now be sent fragmented if the record size is smaller than the total message size, no user action required.
– DTLS duplicate message fixes
– Visual Studio project files now support DLL and static builds for 32/64bit
For information on compiling wolfSSL with Visual Studio, reference Chapter 2 of the wolfSSL Manual, or the “Using wolfSSL with Visual Studio” webpage.
– Support for new Freesacle I/O
Freescale KSDK and Kinetis Design Studio users can now compile wolfSSL for the new KSDK version of MQX by defining FREESCALE_KSDK_MQX in settings.h or by adding it to the list of preprocessor defines.
– FreeRTOS FIPS support
This release includes FIPS support for FreeRTOS platforms.
This release contains no high level security fixes that requires an update though we always recommend updating to the latest version of wolfSSL.
For more information about using and compiling wolfSSL, please visit the wolfSSL Documentation page or wolfSSL Manual. If you have questions about the wolfSSL embedded SSL/TLS library, or about using it in your project, please Contact Us.
Download wolfSSL 3.6.6: https://www.wolfssl.com/