A recent blog about “Breaking SSL on Embedded Devices” has been making the rounds recently.  Its not an attack on SSL, its an attack on weak private key security. Specifically, embedding a private key into firmware allows anyone to extract the key and turns an otherwise secure connection into something nothing more secure than TCP.We have a few ideas about creating private keys for SSL enabled devices.1. Each device acting as a server should have a unique private key, just like in the non-embedded world.2. If the key cant be placed onto the device before delivery, have it generated during setup.3. If the device lacks the power to generate its own key during setup have the client setting up the device generate the key and send it to the device.4. If the client lacks the ability to generate a private key have the client retrieve a unique private key over an SSL connection from the devices known website for example.wolfSSL can be used in all of these steps to help ensure an embedded device has a secure unique private key.  That will go a long ways towards securing the SSL connection itself.