Long, but great read from #HAProxy on the state of #TLS libraries. Includes some scathing remarks about the #OpenSSL project.

“The development team has degraded their project’s quality, failed to address ongoing issues, and consistently dismissed widespread community requests for even minor improvements.”

“This unfortunate situation considerably hurts QUIC protocol adoption. It even makes it difficult to develop or build test tools to monitor a QUIC server.”

“When some of the project members considered a 32% performance regression ‘pretty near’ the original performance, it signaled to our development team that any meaningful improvement was unlikely.”

“In blunt terms: running OpenSSL 3.0.2 as shipped with Ubuntu 22.04 results in 1/100 of #WolfSSL’s performance on identical hardware! To put this into perspective, you would have to deploy 100 times the number of machines to handle the same traffic, solely because of the underlying SSL library.”

https://infosec.exchange/@0xabad1dea/114466046966536049

“AWS-LC looks like a very active project with a strong community. […] Even the recently reported performance issue was quickly fixed and released with the next version. […] This is definitely a library that anyone interested in the topic should monitor.”

#OpenSSL #BoringSSL #WolfSSL #AWSLC #HAProxy #OpenSource #FreeSoftware #FOSS #OSS #TLS #QUIC
https://www.haproxy.com/blog/state-of-ssl-stacks

I'll be speaking at CYSAT Conference in Paris next month!

Let me know if you are going! Stop by and say hi. I'll be at the #wolfSSL booth, too.

Frontgrade Gaisler and wolfSSL Collaborate to Enhance Cybersecurity in Space Applications

https://fed.brid.gy/r/https://spacenews.com/frontgrade-gaisler-and-wolfssl-collaborate-to-enhance-cybersecurity-in-space-applications/

@icing that's why #curl uses #WolfSSL!

Speed-Testing #Privoxy 4.0.0 with #wolfSSL and a self-written patch using #ecc Elliptic Curve Cryptography - the whole thing packaged and running on #sailfishos.
Results (browser snappiness) are really impressive. Subjectively at least.

At this year's #FOSDEM my team at #wolfSSL got no booth space so my large volume #curl sticker distribution (LVCSD) has to be done using other means.

The LVCSD will most likely happen in the cafeteria area, but feel free to ping me if you can't get your fix as planned.

I will bring thousands of curl stickers and hundreds of coasters. There will be a few mugs and maybe some tshirts.

Buying myself friends, like a boss.

Andrew Hutchings prépare le portage de la bibliothèque de sécurité wolfSSL sur Amiga. Il vous montre ses premiers essais dans cet article (traduit en français et disponible sur Obligement) :

http://obligement.free.fr/articles/wolfssl_pointe_museau_amiga.php

(source : @obligement sur X)

#wolfssl #Amiga #obligement

That moment where I finally figure out workarounds for the crypto HAL bugs in a new microcontroller board to get AES GCM working 🕺
#wolfSSL

• Есть официальная документация что и как с бэкендами вообще.
• Рядом, примерно там же имеется сравнение разных криптографических бэкендов.

The OpenSSL forks #LibreSSL, #BoringSSL, #AWS-LC and #quictls support the QUIC API that #curl works with using #ngtcp2.

The encryption libraries worked in a project; however, this update lets components in the ESP-IDF such as the esp-tls and http libraries leverage the power and flexibility of #wolfSSL #wolfcrypt #TLS 1.3 #PQ and more.

#wolfSSL "Immediately Retired" From #Fedora #Linux For Failing To Follow Packaging Rules :fedora: 🐺

https://www.phoronix.com/news/wolfSSL-Fedora-Immediately-Ends

#wolfSSL 5.7.2 update now available on #platformio

Commercial Grade, NIST FIPS 140-3 Certified Cryptographic libraries. All open source ❤️

https://registry.platformio.org/libraries/wolfssl/wolfssl

Here's my "quick" and easy installation of tls_wolfssl for #Kamailio

https://www.fredposner.com/kamailio-tls-wolfssl/

#sip #wolfssl

@ryanc Maybe by using #wolfssl instead of #openssl, just like #openwrt for embedded devices does it: https://openwrt.org/releases/21.02/notes-21.02.0-rc1#tls_and_https_support_included_by_default

Official #wolfSSL on #PlatformIO!😍

@sindarina @deirdresm

@orc

linuxmafia.com is my site.

I really don't care about SSL (on my site), because there's no compelling use-case for https for anything the site does. (I could remove the current self-signed cert with no functional loss.)

The whole CA thing is notorious security theatre as implemented. (See Schneier's entire chapter on that in Secrets and Lies.)

Yes, I'll probably eventually upgrade to a serious SSL implementation using something less hopeless than OpenSSL (looking at wolfSSL and MatrixSSL in addition to the obvious LibreSSL [edit: add Rustls and possibly others; would have to check my records]), and I'll probably accomodate the unthinking masses with a Let's Encrypt cert the way MIchael Orlitzky eventually did, but think it's a well-meaning solution (from excellent and righteous people who are cherished friends) to the wrong problem, for the same reason MIchael Orlitzky does.

https://michael.orlitzky.com/articles/lets_not_encrypt.xhtml

#LetsEncrypt
#EFF
#LibreSSL
#wolfSSL
#MatrixSSL
#indyweb

#geezer

I've been working on Official #wolfSSL cryptography support for #Arduino. It's there! Check it out, let me know how it goes. Please open issues for any boards that might need extra attention. See my blog:

https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino