Latest Posts

• uncategorized

  wolfSSL JNI 1.2.0 Released

  Version 1.2.0 of wolfSSL JNI is now available for download. wolfSSL JNI provides Java applications with a convenient Java API to the widely-used wolfSSL embedded SSL/TLS library, including support for TLS 1.2 and DTLS 1.2.This release contains bug fixes and features including: - Updated support for wolfSSL 3.4.6 and CyaSSL...

  Read more
• uncategorized

  SP 800-90A Health Testing Mandatory for FIPS 140-2 Cryptographic Modules

  Effective immediately, FIPS Testing Laboratories must verify that cryptographic modules implement the health testing described in SP 800-90A (Section 11.3).The wolfCrypt FIPS 140-2 Cryptographic Module (currently in “Coordination” at the CMVP) implements the health testing for the SP 800-90A Hash_DRBG.  Cryptographic modules that do not include health testing will be...

  Read more
• uncategorized

  wolfSSL and CyaSSL are Not Vulnerable to the Recent Logjam Attack

  The Logjam Attack exploits legacy SSL cipher suites from the 1990s that use DH and DHE export keys.  By definition a server in export mode has to use a low bit strength DH key (512 bits or less), which can now be cracked swiftly.  Even if a client supports export...

  Read more
• uncategorized

  wolfSSL Increases Crypto Performance

  “wolfSSL uses Intels extended instructions to accelerate crypto algorithms for IoT.wolfSSL, an open source SSL/TLS security company has optimized the wolfSSL Transport Layer Security (TLS) library on 5th generation Intel® Core™ processors. With the inclusion of Intel’s extended instructions developers can use the wolfSSL libraries for applications on many devices,...

  Read more
• uncategorized

  Android Kerberos with FIPS 140-2 Crypto

  Hi! A few years ago we collaborated with the MIT Kerberos team to port Kerberos to Android with wolfCrypt as the crypto engine. We have recently worked to get our wolfCrypt product FIPS 140-2 certified, and as such, can make a FIPS 140-2 version of Kerberos available to the market...

  Read more
• uncategorized

  Intel’s Extended Instructions Accelerates Hash Algorithms

  Curious about how new machine instructions can accelerate crypto algorithms?  Most recently we added Intel’s Advanced Vector Extensions (AVX1 and 2) to wolfSSL’s secure hash algorithms.  Benchmarks show it improves the performance of SHA-256, 384 and 512 up to 75% (See: figure below). Intel`s AVX1/2 allows 128bit/256bit registers to perform multiple...

  Read more
• uncategorized

  What is a Stream Cipher?

  A stream cipher encrypts plaintext messages by applying an encryption algorithm with a pseudorandom cipher digit stream (keystream). Each bit of the message is encrypted one by one with the corresponding keystream digit. Stream ciphers are typically used in cases where speed and simplicity are both requirements. If a 128...

  Read more
• uncategorized

  wolfSSL 3.4.6 Embedded SSL Now Available

  Release 3.4.6 (March 30, 2015) of the wolfSSL lightweight embedded SSL library has bug fixes and new features including: • Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, rorx, mulx, adox, adcx . They can be enabled with “–enable-intelasm”. These speedup the use of RNG, SHA2, and public key...

  Read more
• uncategorized

  wolfSSL in MySQL

  Currently MySQL comes bundled with yaSSL to provide an option for SSL/TLS connections when using a database. An update for MySQL to use the most recent wolfSSL library (formerly CyaSSL) instead of yaSSL is under way. Along with an increased level of security comes the potential to use progressive features...

  Read more
• uncategorized

  What does the Bar Mitzvah Attack mean for wolfSSL users?

  This attack is based on the weak keys that the outdated stream cipher RC4 can sometimes generate.  Simply put, stop using RC4 in TLS connections.  In fact, wolfSSL (formerly CyaSSL) recently turned off the RC4 algorithm at build time.  This will be the default starting with the upcoming 3.4.6 release....

  Read more