When we created Lightway, our groundbreaking VPN protocol, security and privacy were our top priorities. We chose to incorporate wolfSSL, a well-established, open-source cryptography library that has been extensively vetted by third parties, including against the FIPS 140-2 standard.
We speak with the team at wolfSSL about its security standards, the next big thing in cryptography, and tips for anyone trying to develop secure network processes.
[Don’t miss our interviews. Subscribe to the ExpressVPN Blog Newsletter.]
(This interview was conducted by email, and some answers have been shortened or modified for style.)
For the uninitiated: What is wolfSSL?
The wolfSSL-embedded TLS library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set.
It works seamlessly in desktop, enterprise, and cloud environments as well. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, OCSP and CRL support, is backed by the robust wolfCrypt cryptography library, and much more.
We were super excited to learn that wolfSSL would be used to build Lightway, as we love to support any and all things open source.
Did you ever imagine wolfSSL would be used to build things like Lightway?
We’re not sure what we imagined wolfSSL would be used to build. However, we were super excited to learn about how wolfSSL was being used to build Lightway as we love to support any and all things open source, as well as the fact that as a protocol for the “modern VPN,” Lightway inherits speed, performance, and best-tested security, and is able to maintain its lightweight mobility.
How was wolfSSL conceived?
wolfSSL was conceived when Larry Stefonic and Todd Ouska realized there was no other open source, dual-licensed, embedded SSL library available. OpenSSL was available at the time, but many OpenSSL users wanted an alternative that was easily portable, smaller, faster, available under a clear commercial license, was equipped with a clean and modern API, and offered commercial-style developer support. Out of this market need, wolfSSL, complete with an OpenSSL compatibility layer, was born.
Who uses wolfSSL?
The first major user of wolfSSL’s SSL library was MySQL, the world’s most popular open-source database. Through bundling with successful and popular open source projects like MySQL, OpenWRT, Mongoose, cURL, and Ubuntu, wolfSSL has achieved extremely high distribution volumes and user adoption. Over 2 billion connections are currently secured by wolfSSL.
We are also used by Microsoft Azure, Intel, Volkswagen, and General Motors.
What are the benefits of wolfSSL over other SSL libraries?
We believe that wolfSSL will provide you with more flexibility, an easier integration of SSL/TLS into your existing platform, current standards support, and much more—all provided under an easy-to-use license model. wolfSSL is easily portable, smaller, faster, is equipped with a clean and modern API, and offers commercial-style developer support.
What license does it use?
wolfSSL’s software is available under two distinct licensing models: open source and standard commercial licensing. wolfSSL is free software and may be modified to the needs of the user, as long as the user adheres to Version 2 of the GPL License.
Businesses and enterprises that wish to incorporate wolfSSL products into proprietary appliances or other commercial software products for re-distribution must license commercial versions.
What certifications does wolfSSL hold?
FIPS. wolfSSL is currently the leader in embedded FIPS certificates. We currently maintain two FIPS 140-2 certificates for the wolfCrypt Cryptographic Module: #2425 and #3389. Certificate #3389 includes algorithm support required for TLS 1.3 and can be used in conjunction with the wolfSSL embedded SSL/TLS library for full TLS 1.3 client and server support.
FIPS 140-3 is an incremental advancement of FIPS 140-2, and wolfSSL is working hard with our lab to make wolfCrypt be the first cryptography library to have FIPS 140-3 validation.
DO 178. wolfSSL also has support for complete RTCA DO-178C level A certification. We offer DO-178 wolfCrypt as a commercial off-the-shelf (COTS) solution for connected avionics applications. The primary goal of this was to provide the proper cryptographic underpinnings for secure boot and secure firmware update in commercial and military avionics.
What do you see as the next big thing and when do you think it will be available?
Post-Quantum Computing (PQC) cryptographic algorithms are the biggest thing on our radar. We now support the round 3 finalist KEM algorithms of the NIST PQC competition which are appropriate for TLS 1.3. This means that everyone can experiment with the new up and coming algorithms that will be standardized. Signature schemes require more planning. But that’s O.K., because the immediate threat is from the practice “harvest and decrypt.”
One of the next steps we are trying to proceed with is hybridizing the quantum-safe KEMs with standard NIST-defined ECDSA curves, as FIPS is really important to wolfSSL. NIST has stated that hybrid key establishment is compatible with “FiPS Mode.” NIST has also stated that the post-quantum algorithms that will be standardized will be announced by early 2022 on the NIST PQC competition mailing list. As such, the time to start thinking about and planning approaches to migration is now.
What advice would you give to people who are looking to build security apps or develop secure networking processes?
- Use TLS 1.3—47.8% of the most popular web sites support TLS 1.3 and all major browsers.
- Use well-known algorithms like AES-GCM, SHA-2, (EC)DH, RSA, and ECDSA.
- Use secure, well-supported protocols like TLS 1.2, TLS 1.3, and DTLS 1.2.
- Be prepared to change to new PQC secure algorithms. Quantum computers aren’t possible yet, but when they are, attackers can go back and decrypt old messages.
- Be prepared to sign with two signatures, first with an existing algorithm like RSA or ECDSA, and secondly with a new PQC secure algorithm. The first signature can be verified quickly now and the second later if and when quantum computers come online.
- Keep your private keys safe—in hardware where possible.