mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-06-25 00:11:36 +02:00
Updated Home (markdown)
Chris Conlon
109
Home.md
109
Home.md
@ -1,78 +1,81 @@
|
||||
## [wolfSSL Embedded SSL/TLS Library](https://wolfssl.com/wolfSSL/Products-wolfssl.html)
|
||||
## [wolfSSL Embedded SSL/TLS Library](https://www.wolfssl.com/products/wolfssl/)
|
||||
|
||||
### What is it?
|
||||
The wolfSSL embedded TLS library is a lightweight [SSL/TLS library](https://www.wolfssl.com/wolfSSL/ssl-library.html) written in ANSI standard C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and cross-platform support. wolfSSL supports industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL. wolfSSL is a more tested and secure alternative to OpenSSL. For more on testing at wolfSSL please see our [testing blog post](https://wolfssl.com/wolfSSL/Blog/Entries/2016/2/12_Overview_of_Testing_in_wolfSSL.html).
|
||||
The wolfSSL embedded TLS library is a lightweight [SSL/TLS library](https://www.wolfssl.com/wolfSSL/ssl-library.html) written in ANSI standard C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3 protocol levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and SHA-3. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL. wolfSSL is a more tested and secure alternative to OpenSSL. For more on testing at wolfSSL please see our [testing blog post](https://www.wolfssl.com/overview-of-testing-in-wolfssl-2/).
|
||||
|
||||
### Ease of Use
|
||||
wolfSSL is built for maximum portability and is generally very easy to compile on new platforms. Several abstraction layers (including operating system, Custom I/O, and Standard C library), a simple API, and an OpenSSL compatibility layer make it easier than ever to get working in your environment or on your platform. For porting to non-standard environments wolfSSL has put together a [porting guide](https://wolfssl.com/wolfSSL/Docs-wolfssl-porting-guide.html) for our users!
|
||||
wolfSSL is built for maximum portability and is generally very easy to compile on new platforms. Several abstraction layers (including operating system, Custom I/O, and Standard C library), a simple API, and an OpenSSL compatibility layer make it easier than ever to get working in your environment or on your platform. For porting to non-standard environments wolfSSL has put together a [porting guide](https://www.wolfssl.com/documentation/manuals/wolfssl-porting-guide/) for our users!
|
||||
|
||||
### Language Support
|
||||
wolfSSL supports the C programming language as a primary interface. It also supports several other host languages, including Java, C#, PHP, Perl, and Python (through a swig interface). Supported languages documentation can be found on our [documents page](https://wolfssl.com/wolfSSL/Docs.html) under the "Technical Documentation" section. If you have an interest in using wolfSSL in another programming language that it does not currently support, please contact wolfSSL.
|
||||
wolfSSL supports the C programming language as a primary interface. It also supports several other host languages, including Java, C#, and Python. Supported languages documentation can be found on our [documentation page](https://www.wolfssl.com/docs/) under the "Technical Documentation" section. If you have an interest in using wolfSSL in another programming language that it does not currently support, please contact wolfSSL.
|
||||
|
||||
For Java users, the [wolfSSL JNI](https://www.wolfssl.com/wolfSSL/Products-wolfssljni.html) package has been designed to be used specifically with wolfSSL. This provides a JNI wrapper around wolfSSL to save Java developers time and effort.
|
||||
For Java users, the [wolfSSL JNI/JSSE](https://www.wolfssl.com/products/wolfssl-jni-jsse/) package has been designed to be used specifically with wolfSSL. This provides a JNI wrapper around wolfSSL to save Java developers time and effort, and a JSSE provider that can plug under the Java Security API.
|
||||
|
||||
### Features
|
||||
* SSL 3.0, TLS 1.0, 1.1 and 1.2 support (client and server)
|
||||
* DTLS 1.0 and 1.2 support (client and server)
|
||||
* Minimum size of 20-100 kB, depending on build options and operating environment
|
||||
* SSL version 3.0 and TLS versions 1.0, 1.1, 1.2, and 1.3 (client and server)
|
||||
* DTLS versions 1.0, 1.2, and 1.3 (client and server)
|
||||
* Minimum footprint size of 20-100 kB, depending on build options and operating environment
|
||||
* Runtime memory usage between 1-36 kB (depending on I/O buffer sizes, public key algorithm, and key size)
|
||||
* OpenSSL compatibility layer
|
||||
* OCSP and CRL support
|
||||
* Multiple Hashing Functions
|
||||
- MD2, MD4, MD5, SHA-1, SHA-2, SHA-256, SHA-384, SHA-512, BLAKE2b, RIPEMD-160, Poly1305
|
||||
* Block and Stream Ciphers
|
||||
- AES (CBC, CTR, GCM, CCM), Camellia, DES, 3DES, ARC4, RABBIT, HC-128, ChaCha20, IDEA
|
||||
* Public Key Options
|
||||
- RSA, DSS DH, EDH, NTRU
|
||||
* Password-based Key Derivation
|
||||
- HMAC, PBKDF2, PKCS#5
|
||||
* ECC Support
|
||||
- ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA
|
||||
* RSA Key Generation
|
||||
* Client authentication support
|
||||
* PSK Pre-Shared Keys
|
||||
* Simple API
|
||||
* QUIC support
|
||||
* OCSP, OCSP Stapling, and CRL support
|
||||
* Hybrid Public Key Encryption (HPKE) and Encrypted Client Hello (ECH)
|
||||
* Hash Functions:
|
||||
- MD2, MD4, MD5, SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA-3, RIPEMD-160, Poly1305
|
||||
* Block, Stream, and Authenticated Ciphers:
|
||||
- AES (CBC, CTR, OFB, XTS, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, ARC4, ChaCha20, XChaCha20
|
||||
* Public Key Algorithms:
|
||||
- RSA, DSA, DH, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA
|
||||
* Password-based Key Derivation: HMAC, PBKDF2
|
||||
- Curve25519 and Ed25519
|
||||
* ECC and RSA Key Generation
|
||||
* ECC curve types:
|
||||
- SECP, SECPR2, SECPR3, BRAINPOOL, KOBLITZ
|
||||
* ECC key lengths:
|
||||
- 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521
|
||||
* Post Quantum Cryptography support, including:
|
||||
- Dilithium and FALCON Signature Schemes, SPHINCS+, Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
|
||||
* X.509v3 RSA and ECC Signed Certificate Generation
|
||||
* PEM and DER certificate support
|
||||
* Hash-based PRNG (Hash_DRBG)
|
||||
* Mutual authentication support (client/server)
|
||||
* PSK (Pre-Shared Keys)
|
||||
* Persistent session and certificate cache
|
||||
* zlib compression support
|
||||
* Interchangeable crypto and certificate libraries
|
||||
* PEM and DER certificate support
|
||||
* X.509 v3 RSA and ECC Signed Certificate Generation
|
||||
* PKCS #7 - Cryptographic Message Syntax (CMS)
|
||||
* PKCS #10 - Certificate Signing Request (CSR)
|
||||
* PKCS #8, #5, #12 Private Key Encryption
|
||||
* Supported TLS Extensions
|
||||
- SNI (Server Name Indication)
|
||||
- Maximum Fragment Length
|
||||
- Truncated HMAC
|
||||
- Supported Elliptic Curves
|
||||
- ALPN
|
||||
* Certificate Manager
|
||||
* QSH (Quantum-Safe Handshake) Extension
|
||||
* Modular cryptography library (wolfCrypt)
|
||||
* Supported TLS Extensions:
|
||||
- SNI (Server Name Indication), Maximum Fragment Length, Truncated HMAC, Supported Elliptic Curves, ALPN (Application Layer Protocol Negotiation), Extended Master Secret
|
||||
* Standalone Certificate Manager
|
||||
* SRP (Secure Remote Password)
|
||||
* Hardware Cryptography Support
|
||||
- Intel AES-NI support, AVX1/2
|
||||
- STM32F2/F4 hardware crypto support
|
||||
- Cavium NITROX support
|
||||
- Freescale CAU / mmCAU / SEC support
|
||||
- Microchip PIC32MZ hardware crypto support
|
||||
* SSL Sniffer (SSL Inspection)
|
||||
* Asynchronous crypto support: Intel QuickAssist, Cavium Nitrox
|
||||
* Hardware Cryptography Support:
|
||||
- Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, Freescale/NXP (CAU, mmCAU, SEC, LTC), Microchip PIC32MZ, ARMv8, Renesas TSIP, ARM CryptoCell, PSA Crypto API, and more!
|
||||
* SSL Sniffer (SSL Inspection) Support
|
||||
* IPv4 and IPv6 support
|
||||
* Abstraction Layers / User Callbacks
|
||||
* Abstraction Layers / User Callbacks:
|
||||
- C Standard Library, Custom I/O, Memory hooks, Logging callbacks, User Atomic Record Layer Processing, Public Key
|
||||
* MySQL integration
|
||||
* Lighttpd, GoAhead, Mongoose web server support
|
||||
* stunnel support
|
||||
* OpenSSH support
|
||||
|
||||
* Open Source Project Integrations:
|
||||
- MySQL, OpenSSH, Apache httpd, nginx, wpa_supplicant, Open vSwitch, stunnel, Lighttpd, GoAhead, Mongoose, and more!
|
||||
* PKCS#1 (RSA Cryptography Standard) support
|
||||
* PKCS#3 (Diffie-Hellman Key Agreement Standard) support
|
||||
* PKCS#5 (Password-Based Encryption Standard) support
|
||||
* PKCS#7 (Cryptographic Message Syntax - CMS) support
|
||||
* PKCS#8 (Private-Key Information Syntax Standard) support
|
||||
* PKCS#9 (Selected Attribute Types) support
|
||||
* PKCS#10 (Certificate Signing Request - CSR) support
|
||||
* PKCS#11 (Cryptographic Token Interface) support
|
||||
* PKCS#12 (Certificate/Personal Information Exchange Syntax Standard) support
|
||||
|
||||
### Federal Information Processing Standards (FIPS) certified
|
||||
wolfSSL offers a FIPS solution. Please visit our [FIPS FAQ](https://www.wolfssl.com/wolfSSL/fips.html) for more information
|
||||
wolfSSL offers a FIPS solution. Please visit our [FIPS FAQ](https://www.wolfssl.com/license/fips/) for more information.
|
||||
|
||||
### Supported Operating Systems
|
||||
Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS/OpenRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, ARC MQX, TI-RTOS, uTasker
|
||||
Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Linux, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Cesium, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt, PikeOS, Deos, Azure Sphere OS, Zephyr
|
||||
|
||||
### Resources
|
||||
wolfSSL Website: [[https://www.wolfssl.com]] <br/>
|
||||
wolfSSL Manual: [[https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html]] <br/>
|
||||
wolfSSL API Reference: [[https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html]]<br/>
|
||||
wolfCrypt API Reference: [[https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html]]
|
||||
wolfSSL Manual: [[https://www.wolfssl.com/documentation/manuals/wolfssl/index.html]] <br/>
|
||||
wolfSSL API Reference: [[https://www.wolfssl.com/documentation/manuals/wolfssl/group__Setup.html]]<br/>
|
||||
wolfCrypt API Reference: [[https://www.wolfssl.com/documentation/manuals/wolfssl/group__ASN.html]]
|
||||
Reference in New Issue
Block a user