Latest Posts

• uncategorized

  wolfSSL and CyaSSL Users SAFE from Heartbleed Bug

  A recently-discovered bug in OpenSSL’s implementation of the TLS Heartbeat Extension makes it possible for malicious attackers to potentially recover the private keys and sensitive data that should normally be secured by SSL/TLS. The vulnerability has been recorded as CVE-2014-0160.The purpose of this note is not to gloat over a...

  Read more
• uncategorized

  wolfSSL 2.9.4 Released

  Release 2.9.4 includes important Security Fixes for issues found by Ivan Fratric of the Google Security Team and Suman Jana with security researchers at UT Austin and UC Davis.  CVE details to be posted today for issues with memory corruption, null pointer deference, out of bound read, and unknown certificate...

  Read more
• uncategorized

  wolfSSL Year In Review 2013

  If you missed our recent presentation at FOSDEM, we just put our slide deck up online at the following URL:https://speakerdeck.com/wolfssl/wolfssl-year-in-reviewwolfSSL made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in an ever-growing range of platforms and environments. These slides (and...

  Read more
• uncategorized

  wolfSSL Release v2.9.0 Now Available

  The new release of wolfSSL, v2.9.0, is now ready to download from our website. New features include:Platforms: - Freescale Kinetis * RNGB support (K53 Sub-Family Reference Manual, Chapter 33) * mmCAU support (ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User Guide) - Microchip * MPLAB Harmony support TLS Extensions: -...

  Read more
• uncategorized

  Using Supported Elliptic Curves Extension with wolfSSL

  We are back to talk about TLS extensions again. Today we present the addition of Supported Elliptic Curves on wolfSSL!RFC 4492 introduces five new ECC-based key exchange algorithms for TLS: ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA and ECDH_anon. However, it may be desirable in constrained environments to only support a limited number...

  Read more
• uncategorized

  OCSP in wolfSSL Embedded SSL

  Hi!  Do you need OCSP (Online Certificate Status Protocol) in wolfSSL?  We added OCSP as a wolfSSL feature back in 2011.  At this point it is well tested by our users and well into the deployment phase.  More information on the protocol is available here:  http://www.ietf.org/rfc/rfc2560.txt.  The gist of the...

  Read more
• uncategorized

  Interesting SmartGrid use case for wolfSSL: ISO 15118

  Hi!  If youre interested in smart grid security, and specifically the security required when connecting an electric car to the smart grid, this post is for you!wolfSSL has recently been supporting the development efforts of eNterop (as of 26 March 2018 at 9:30m MDT, this link no longer works and has...

  Read more
• uncategorized

  wolfSSL 2013 Annual Report

  2013 was an interesting year in the world of cryptography and computer security.  We have seen and mitigated against attacks such as Lucky13 and watched with interest as existing technologies such as Dual_EC_DRBG have become widely regarded as insecure.  wolfSSL has been happy to provide our users with timely fixes,...

  Read more
• uncategorized

  Software Defined Networking and CyaSSL

  Hi!  Someone told us the other day that Software Defined Networking (SDN) is stupid.  No way will SDN ever replace the high end networking gear, we were told. We were reminded of a scientific study that proved unequivocally that babies are stupid, courtesy of The Onion.  But of course babies grow,...

  Read more
• uncategorized

  Technologies and Techniques for Securing Connected Devices

  wolfSSL will be presenting a session titled “Technologies and Techniques for Securing Connected Devices” at the upcoming 2014 Embedded World Conference in Nürnberg, Germany. If you are going to be attending the conference, we welcome you to come and listen to our presentation.Technologies and Techniques for Securing Connected DevicesSession: 17Day:...

  Read more