wolfSSL Announces FIPS 140-2 Certificate #3389

Share Article

wolfCrypt FIPS now supports hardware encryption and includes the most current TLS 1.3 algorithms with the most current FIPS 140-2 Certificate #3389 available, making wolfSSL the only TLS FIPS cert that can add new hardware encryption schemes on demand, support TLS 1.3 and include a validated entropy source for key generation.

News Image

wolfSSL, a leading provider of TLS, cryptography and the world’s first commercial TLS 1.3 release, announces FIPS 140-2 Certificate #3389 is posted. With this fresh new certification, wolfCrypt now supports hardware encryption in combination with FIPS and includes the most current TLS 1.3 algorithms. wolfSSL is the only TLS FIPS cert that can add new hardware encryption schemes as needed.

“The wolfSSL team solved extremely difficult problems for their FIPS 140-2 validated cryptography consumers,” stated Mark Minnoch, KeyPair Consulting Co-Founder. “wolfCrypt is the only FIPS validated software library that works with TLS 1.3 and includes a validated entropy source for generating keys. This is a big deal. And, the wolfSSL support staff have the FIPS expertise to quickly include new hardware encryption solutions to meet future customer requirements.”

Hardware encryption keeps the encryption/decryption process isolated, improving security and performance. A key is still required to start the encoding process but is generated randomly by the hardware processor itself. DRBG key generation can be done now within the FIPS boundary if you have a FIPS-approved entropy source like Intel RDSEED. If the hardware crypto source has been approved, other sources can be used as well such as alternative hardware. wolfSSL adds hardware encryption to the certificate.

Cipher suites are documented sets of algorithms used for a TLS connection. The set of algorithms that cipher suites usually contain include key exchange, signature, encryption and message authentication. wolfSSL has added new algorithms to certificates so that the common cipher suites can now be done with FIPS in TLS 1.3. AES-GCM is significant as it is the workhorse of the process. During a connection, most data goes through AES-GCM “bulk encryption”. Another common cipher suite that is now part of the wolfSSL FIPS boundary is ECDHE-RSA-AES256-GCM-SHA384, and ECDSA is now within the wolfSSL FIPS boundary instead of RSA.

wolfSSL CTO and co-founder Todd Ouska stated, “Providing the most current FIPS 140-2 validated version of wolfCrypt with hardware encryption means that wolfSSL not only has support for TLS 1.3, but it also has the hardware encryption backbone to support your FIPS 140-2 performance needs.”

wolfSSL is a TLS/SSL library that is targeted for embedded devices and systems. It has support for the TLS 1.3 protocol, which is a secure protocol for transporting data between devices and across the Internet. In addition, wolfSSL uses the wolfCrypt encryption library to handle its data encryption.
For more information on FIPS-Ready visit: https://www.wolfssl.com/license/fips/
The FIPS enabled GPLv3 version will be available for download from our website.

Download wolfSSL under the GPLv2 license at:
https://github.com/wolfssl - or -
http://www.wolfssl.com/wolfSSL/download/downloadForm.php
For licensing questions, contact licensing(at)wolfssl.com

About wolfSSL
wolfSSL focuses on providing security solutions with an emphasis on speed, size, portability, features, and standards compliance. Dual-licensed to cater to a diversity of users, we are happy to help our customers and community in any way we can. Our products are open source, giving customers the freedom to look under the hood. Our wolfSSL embedded TLS library is the first commercial release of TLS 1.3 in the world.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Christin Casperson
wolfSSL Inc.
+1 206 459 7061
Email >
@wolfSSL
Follow >
wolfSSL
Like >
wolfSSL

Follow us on
Visit website