Road to embedded world '23: Bozeman, Montana, wolfSSL

February 06, 2023

News

wolfSSL will be arriving at embedded world 2023 showcasing its embedded TLS library, a portable, C-language-based SSL/TLS library for applications in the areas of IoT, embedded, and RTOS environments. While attending ew '23, stop by booth 4-610 and say hello to wolfSSL.

The Industry standards TLS 1.3 and DTLS 1.3 are supported by wolfSSL, along with, OpenSSL compatibility layer, wolfCrypt cryptography library, OCSP/CRL support, and a simple API. The solution cohabitates with desktop, enterprise, and cloud environments.

Highlights of the Embedded SSL/TLS Library:

• Up to TLS 1.3 and DTLS 1.3
• Full client and server support
• Progressive list of supported ciphers
• Key and Certificate generation
• OCSP, CRL support
• Commercially supported
• Small size: 20-100kB
• Runtime memory: 1-36kB
• 20x smaller than OpenSSL
• Abstraction Layers (OS, Custom I/O, Standard C library, and more)
• Simple API
• OpenSSL Compatibility Layer

Features:

• SSL version 3.0 and TLS versions 1.0, 1.1, 1.2, and 1.3 (client and server)
• DTLS versions 1.0, 1.2, and 1.3 (client and server)
• Minimum footprint size of 20-100 kB, depending on build options and operating environment
• Runtime memory usage between 1-36 kB (depending on I/O buffer sizes, public key algorithm, and key size)
• OpenSSL compatibility layer
• Simple API
• QUIC support
• OCSP, OCSP Stapling, and CRL support
• Hybrid Public Key Encryption (HPKE) and Encrypted Client Hello (ECH)
• Hash Functions:
• MD2, MD4, MD5, SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA-3, RIPEMD-160, Poly1305
• Block, Stream, and Authenticated Ciphers:
• AES (CBC, CTR, OFB, XTS, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, ARC4, ChaCha20, XChaCha20
• Public Key Algorithms:
• RSA, DSA, DH, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA
• Password-based Key Derivation: HMAC, PBKDF2
• Curve25519 and Ed25519
• ECC and RSA Key Generation
• ECC curve types:
• SECP, SECPR2, SECPR3, BRAINPOOL, KOBLITZ
• ECC key lengths:
• 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521
• Post Quantum Cryptography support, including:
• Dilithium and FALCON Signature Schemes, SPHINCS+, Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
• X.509v3 RSA and ECC Signed Certificate Generation
• PEM and DER certificate support
• Hash-based PRNG (Hash_DRBG)
• Mutual authentication support (client/server)
• PSK (Pre-Shared Keys)
• Persistent session and certificate cache
• zlib compression support
• Interchangeable crypto and certificate libraries
• Modular cryptography library (wolfCrypt)
• Supported TLS Extensions:
• SNI (Server Name Indication), Maximum Fragment Length, Truncated HMAC, Supported Elliptic Curves, ALPN (Application Layer Protocol Negotiation), Extended Master Secret
• Standalone Certificate Manager
• SRP (Secure Remote Password)
• Asynchronous crypto support: Intel QuickAssist, Cavium Nitrox
• Hardware Cryptography Support:
• Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, Freescale/NXP (CAU, mmCAU, SEC, LTC), Microchip PIC32MZ, ARMv8, Renesas TSIP, ARM CryptoCell, PSA Crypto API, and more!
• SSL Sniffer (SSL Inspection) Support
• IPv4 and IPv6 support
• Abstraction Layers / User Callbacks:
• C Standard Library, Custom I/O, Memory hooks, Logging callbacks, User Atomic Record Layer Processing, Public Key
• Open Source Project Integrations:
• MySQL, OpenSSH, Apache httpd, nginx, wpa_supplicant, Open vSwitch, stunnel, Lighttpd, GoAhead, Mongoose, and more!
• PKCS#1 (RSA Cryptography Standard) support
• PKCS#3 (Diffie-Hellman Key Agreement Standard) support
• PKCS#5 (Password-Based Encryption Standard) support
• PKCS#7 (Cryptographic Message Syntax - CMS) support
• PKCS#8 (Private-Key Information Syntax Standard) support
• PKCS#9 (Selected Attribute Types) support
• PKCS#10 (Certificate Signing Request - CSR) support
• PKCS#11 (Cryptographic Token Interface) support
• PKCS#12 (Certificate/Personal Information Exchange Syntax Standard) support

For more information, visit wolfssl.com.