#WolfSSL

2025-05-09

Long, but great read from #HAProxy on the state of #TLS libraries. Includes some scathing remarks about the #OpenSSL project.

“The development team has degraded their project’s quality, failed to address ongoing issues, and consistently dismissed widespread community requests for even minor improvements.”

“This unfortunate situation considerably hurts QUIC protocol adoption. It even makes it difficult to develop or build test tools to monitor a QUIC server.”

“When some of the project members considered a 32% performance regression ‘pretty near’ the original performance, it signaled to our development team that any meaningful improvement was unlikely.”

“In blunt terms: running OpenSSL 3.0.2 as shipped with Ubuntu 22.04 results in 1/100 of #WolfSSL’s performance on identical hardware! To put this into perspective, you would have to deploy 100 times the number of machines to handle the same traffic, solely because of the underlying SSL library.”

infosec.exchange/@0xabad1dea/1

Matt "msw" Wilsonmsw@mstdn.social
2025-05-08

“AWS-LC looks like a very active project with a strong community. […] Even the recently reported performance issue was quickly fixed and released with the next version. […] This is definitely a library that anyone interested in the topic should monitor.”

#OpenSSL #BoringSSL #WolfSSL #AWSLC #HAProxy #OpenSource #FreeSoftware #FOSS #OSS #TLS #QUIC
haproxy.com/blog/state-of-ssl-

2025-04-10

I'll be speaking at CYSAT Conference in Paris next month!

Let me know if you are going! Stop by and say hi. I'll be at the #wolfSSL booth, too.

Screen snip from CYSAT dot EU web page:

THE WORLD'S BIGGEST COMMUNITY DEDICATED TO
Cybersecurity
for the space industry
EUROPE - ASIA - USA
2025-04-03

Frontgrade Gaisler and wolfSSL Collaborate to Enhance Cybersecurity in Space Applications

fed.brid.gy/r/https://spacenew

Kevin Karhan :verified:kkarhan@infosec.space
2025-02-28

@icing that's why #curl uses #WolfSSL!

2025-01-26

Speed-Testing #Privoxy 4.0.0 with #wolfSSL and a self-written patch using #ecc Elliptic Curve Cryptography - the whole thing packaged and running on #sailfishos.
Results (browser snappiness) are really impressive. Subjectively at least.

daniel:// stenberg://bagder
2025-01-20

At this year's my team at got no booth space so my large volume sticker distribution (LVCSD) has to be done using other means.

The LVCSD will most likely happen in the cafeteria area, but feel free to ping me if you can't get your fix as planned.

I will bring thousands of curl stickers and hundreds of coasters. There will be a few mugs and maybe some tshirts.

Buying myself friends, like a boss.

lots of curl stickers of different kinds and flavors
2025-01-05

Andrew Hutchings prépare le portage de la bibliothèque de sécurité wolfSSL sur Amiga. Il vous montre ses premiers essais dans cet article (traduit en français et disponible sur Obligement) :

obligement.free.fr/articles/wo

(source : @obligement sur X)

#wolfssl #Amiga #obligement

Andrew (LinuxJedi) HutchingsLinuxJedi@fosstodon.org
2024-11-22

That moment where I finally figure out workarounds for the crypto HAL bugs in a new microcontroller board to get AES GCM working 🕺
#wolfSSL

wolfCrypt benchmark showing AES GCM encryption / decryption going at around 9MB/sec on an STM32MP1 chip at 650MHz
🅴🆁🆄🅰 🇷🇺erua@hub.hubzilla.de
2024-10-26
Обновился #OpenSSL до 3.4.0 и опять без полноценной нормальной поддержки #QUIC, т.е. непригодный для #HTTP/3 на серверной стороне. И, соответственно, ещё не ясно на сколько хорошо сделана клиентская часть :)
Аж вспомнились времена, когда желая получить #curl поддерживающий нормально работу #HTTP/3 приходилось собирать его из исходников с аналогами/форками #OpenSSL.

#HTTP/3 работает не через tcp-соединения, а использует в качестве транспорта протокол QUIC (Quick UDP Internet Connections), т.е. передаёт данные поверх udp без использования абстракций и сущностей tcp. Вот картинка про современный #HTTP

Сам по себе #QUIC не умеет передавать данные в открытом виде, а может только через #TLS v1.3, т.е. в обязательном порядке только зашифрованные. Тем самым в QUIC используется встроенный вариант TLS 1.3 крайне близкий/схожий с #DTLS, поскольку работа протокола идёт на уровне обмена udp-пакетами, а не tcp-соединений.

#curl может использовать разные альтернативы OpenSSL, т.к. изначально спроектирован таким образом, что не завязан именно на OpenSSL:
Что предлагают по HTTP/3 авторы curl?
Вот зелёным выделена комбинация библиотек, которую полагают наиболее стабильным и полноценным вариантом
Вся загвоздка в том, что #OpenSSL пытается содержать в себе реализацию #QUIC, а не использует реализацию в виде какой-то библиотеки.

Что получается в целом?
Протокол #HTTP/3 реализуется через библиотеку #nghttp3.
Необходимая реализация #QUIC через #ngtcp2.
А для TLS используется #GnuTLS или же #wolfSSL или что-то ещё:
The OpenSSL forks #LibreSSL, #BoringSSL, #AWS-LC and #quictls support the QUIC API that #curl works with using #ngtcp2.

Вот из документация примеры и детали по сборке этих составляющих. Если выбрана #GnuTLS и в системе версия далёкая от свежих, то сама она довольно быстро собирается из исходников.

В целом, вообще, про варианты добавления поддержки #HTTP/3 очень достойно расписано здесь. И есть перевод этой публикации на русском языке.

#https #http #openssl #softwaredevelopment #lang_ru @Russia
2024-09-27

The encryption libraries worked in a project; however, this update lets components in the ESP-IDF such as the esp-tls and http libraries leverage the power and flexibility of #wolfSSL #wolfcrypt #TLS 1.3 #PQ and more.

2024-09-24
Makes me wonder why don't netatalk just plain import those legacy ciphers? Their security has been compromised already by time and age, so it does not really matter. Nobody's after your Apple 2 LAN setup 🤶

In common case you never should reimplement ciphers given FIPS 140 crap etc.

https://lwn.net/Articles/989687/

#netatalk #wolfssl #openssl #fedora
ricardo :mastodon:governa@fosstodon.org
2024-09-11

#wolfSSL "Immediately Retired" From #Fedora #Linux For Failing To Follow Packaging Rules :fedora: 🐺

phoronix.com/news/wolfSSL-Fedo

2024-07-25

#wolfSSL 5.7.2 update now available on #platformio

Commercial Grade, NIST FIPS 140-3 Certified Cryptographic libraries. All open source ❤️

registry.platformio.org/librar

2024-06-28

Here's my "quick" and easy installation of tls_wolfssl for #Kamailio

fredposner.com/kamailio-tls-wo

#sip #wolfssl

2024-05-29
2024-04-25

Official #wolfSSL on #PlatformIO!😍

Screen snip of the PlatformIO page with wolfSSL
Rick Moen 🇺🇸 🇳🇴 🇬🇧unixmercenary@infosec.exchange
2024-04-19

@sindarina @deirdresm

@orc

linuxmafia.com is my site.

I really don't care about SSL (on my site), because there's no compelling use-case for https for anything the site does. (I could remove the current self-signed cert with no functional loss.)

The whole CA thing is notorious security theatre as implemented. (See Schneier's entire chapter on that in Secrets and Lies.)

Yes, I'll probably eventually upgrade to a serious SSL implementation using something less hopeless than OpenSSL (looking at wolfSSL and MatrixSSL in addition to the obvious LibreSSL [edit: add Rustls and possibly others; would have to check my records]), and I'll probably accomodate the unthinking masses with a Let's Encrypt cert the way MIchael Orlitzky eventually did, but think it's a well-meaning solution (from excellent and righteous people who are cherished friends) to the wrong problem, for the same reason MIchael Orlitzky does.

michael.orlitzky.com/articles/

#LetsEncrypt
#EFF
#LibreSSL
#wolfSSL
#MatrixSSL
#indyweb

#geezer

2024-03-20

I've been working on Official #wolfSSL cryptography support for #Arduino. It's there! Check it out, let me know how it goes. Please open issues for any boards that might need extra attention. See my blog:

wolfssl.com/getting-started-wi

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst