wolfSSL Unaffected by Recent OpenSSL Security Fixes

OpenSSL released a security advisory on June 11th 2015: https://www.openssl.org/news/secadv_20150611.txt.  Some wolfSSL embedded TLS users are probably wondering if similar security fixes are needed in wolfSSL.  The answer to that is no.  Specifically, CVE-2015-1788 – 1792 and CVE-2014-8176 are OpenSSL implementation bugs.  Since wolfSSL and CyaSSL embedded SSL libraries have a completely different code base from OpenSSL we do not share these defects.  The other advisory is about Logjam and export grade crypto, wolfSSL is not vulnerable to that either.  Please see this blog post for more details: http://wolfssl.com/wolfSSL/Blog/Entries/2015/5/20_wolfSSL_and_CyaSSL_are_Not_Vulnerable_to_the_Recent_Logjam_Attack.html

Please contact wolfSSL by email at info@wolfssl.com, or call us at 425 245 8247 if you have any security related questions.