Latest Posts

uncategorized

wolfSSL supports National Cyber Security Awareness Month

October 19, 2015 • wolfssladmin

wolfSSL has become a Champion of National Cyber Security Awareness Month (NCSAM), joining a growing global effort among colleges and universities, businesses, government agencies, associations, nonprofit organizations and individuals to promote online safety awareness. Celebrated every October, National Cyber Security Awareness Month was created as a collaborative effort between government...
Read more
uncategorized

SHA-3 Algorithm Validation Testing

October 07, 2015 • wolfssladmin

The SHA-3 Standard (FIPS PUB 202) is now included in Annex A: Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules. SHA-3 Hash Algorithms (SHA3-224, SHA3-256, SHA3-384, SHA3-512) and SHA-3 Extendable-Output Functions (XOF) (SHAKE128, SHAKE256) are FIPS Approved and may be implemented in a FIPS 140-2 cryptographic...
Read more
uncategorized

wolfSSL in stunnel TLS Proxy

October 01, 2015 • wolfssladmin

Since version 3.6.6, wolfSSL has had continually improving support for stunnel, a lightweight TLS proxy, designed to add SSL/TLS encryption to unsecured applications without changes to the programs source code. Licensed under GNU GPLv2 and with an alternative commercial option, stunnel can be utilized to secure a host of different...
Read more
uncategorized

OpenSSH with wolfCrypt FIPS

September 25, 2015 • wolfssladmin

Many technology vendors implement OpenSSH with OpenSSL in their embedded system or appliance prior to starting a FIPS 140-2 validation. During the FIPS testing process, the vendor discovers that the FIPS Laboratory must verify the OpenSSH implementation: 1. Uses FIPS Approved cryptographic algorithms (with CAVP certificates) 2. Includes self-tests for...
Read more
uncategorized

wolfSSL 3.6.8 is Now Available

September 18, 2015 • wolfssladmin

Version 3.6.8 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also includes bug fixes and new features including: - Two High level security fixes, all users SHOULD update. a) If using wolfSSL for...
Read more
uncategorized

Two Vulnerabilities Recently Found, An Attack on RSA using CRT and DoS Vulnerability With DTLS

September 17, 2015 • wolfssladmin

Attack on RSA CRT:A recent paper written by Florian Weimer of the Red Hat Product Security group shows a fault attack on RSA. Many cryptographic libraries that perform RSA operations use an optimization called CRT (Chinese Remainder Theorem). The attack is based off of creating a fault during the CRT...
Read more
uncategorized

wolfSSL Inc. completed FIPS 140-2 revalidation testing to add the Windows 7 operating environment to the wolfCrypt FIPS cryptographic module

September 11, 2015 • wolfssladmin

FIPS 140-2 revalidation testing requires the implemented algorithms to successfully complete the cryptographic algorithm validation process on the target operating environment (algorithm certificates for tested operating environments are here: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program). The cryptographic module must also successfully complete operational testing on the operating environment with a FIPS testing laboratory.The wolfCrypt FIPS 140-2 certificate #2425...
Read more
uncategorized

wolfSSL in Lighttpd

September 03, 2015 • wolfssladmin

Lighttpd (pronounced lighty) is a web server that has a small footprint size in comparison to other web servers. Setting up Lighttpd allows for handling HTTP requests and with the addition of TLS/SSL also handling HTTPS requests. The benefit of having a small footprint size is that it takes up...
Read more
uncategorized

NSA Begins Transition to Recommending Quantum Resistant Algorithms

August 25, 2015 • wolfssladmin

Strong cryptographic algorithms and secure protocol implementations are a vital foundation to securing the Internet of today and tomorrow. Securing over a billion active connections on the Internet today, wolfSSL knows this very well. A recent announcement by the National Security Agency conveyed their plans to transition from recommending the...
Read more
uncategorized

wolfSSL 3.6.6 is Now Available

August 24, 2015 • wolfssladmin

Version 3.6.6 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. Release 3.6.6 of wolfSSL has bug fixes and new features including:- OpenSSH, stunnel, and lighttpd Compatibility OpenSSH compatibility with “–enable-openssh” stunnel compatibility with “–enable-stunnel” lighttpd web server compatibility with “–enable-lighttpd”** - SSL 3.0...
Read more