Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cR0w</span></a></span> too many.</p><ul><li>Jist like there are way too many applications suceptible to the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> of <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>.</li></ul><p><a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p><p>So far testing by <span class="h-card" translate="no"><a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ct_Magazin</span></a></span> / <span class="h-card" translate="no"><a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>heiseonline</span></a></span> (and myseof later on) revealed only few <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> not vulnerable to this specifics <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a>:</p><ul><li><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.cc/@Mozilla" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mozilla</span></a></span> / <span class="h-card" translate="no"><a href="https://mastodon.social/@mozilla_support" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mozilla_support</span></a></span> / <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> <a href="https://infosec.space/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSS</span></a> & has it's own <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> certificate storage)</li><li><span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> (Mozilla NSS)</li><li><span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> (Mozilla NSS; custom certificates)</li><li><a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> <a href="https://infosec.space/tags/WolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WolfSSL</span></a> and manages it's own certs)</li></ul><p>Anything else that uses the CryptoAPI is, espechally *all <a href="https://infosec.space/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chromium</span></a>-Forks (aka. All Browsers except Firefox, Tor Browser, <a href="https://infosec.space/tags/dillo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dillo</span></a>, <a href="https://infosec.space/tags/LynxBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LynxBrowser</span></a>…)</p>
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
258active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#wolfssl
0 posts · 0 participants · 0 posts today
Matt "msw" Wilson<p>“AWS-LC looks like a very active project with a strong community. […] Even the recently reported performance issue was quickly fixed and released with the next version. […] This is definitely a library that anyone interested in the topic should monitor.”</p><p><a href="https://mstdn.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> <a href="https://mstdn.social/tags/BoringSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BoringSSL</span></a> <a href="https://mstdn.social/tags/WolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WolfSSL</span></a> <a href="https://mstdn.social/tags/AWSLC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AWSLC</span></a> <a href="https://mstdn.social/tags/HAProxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HAProxy</span></a> <a href="https://mstdn.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mstdn.social/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a> <a href="https://mstdn.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://mstdn.social/tags/OSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSS</span></a> <a href="https://mstdn.social/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://mstdn.social/tags/QUIC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QUIC</span></a><br><a href="https://www.haproxy.com/blog/state-of-ssl-stacks" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">haproxy.com/blog/state-of-ssl-</span><span class="invisible">stacks</span></a></p>
gojimmypi<p>I'll be speaking at CYSAT Conference in Paris next month! </p><p>Let me know if you are going! Stop by and say hi. I'll be at the <a href="https://hackaday.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> booth, too.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@icing" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>icing</span></a></span> that's why <a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> uses <a href="https://infosec.space/tags/WolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WolfSSL</span></a>!</p>
daniel:// stenberg://<p>At this year's <a href="https://mastodon.social/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSDEM</span></a> my team at <a href="https://mastodon.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> got no booth space so my large volume <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> sticker distribution (LVCSD) has to be done using other means.</p><p>The LVCSD will most likely happen in the cafeteria area, but feel free to ping me if you can't get your fix as planned.</p><p>I will bring thousands of curl stickers and hundreds of coasters. There will be a few mugs and maybe some tshirts.</p><p>Buying myself friends, like a boss.</p>
gojimmypi<p>The encryption libraries worked in a project; however, this update lets components in the ESP-IDF such as the esp-tls and http libraries leverage the power and flexibility of <a href="https://hackaday.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> <a href="https://hackaday.social/tags/wolfcrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfcrypt</span></a> <a href="https://hackaday.social/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> 1.3 <a href="https://hackaday.social/tags/PQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PQ</span></a> and more.</p>
ricardo :mastodon:<p><a href="https://fosstodon.org/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> "Immediately Retired" From <a href="https://fosstodon.org/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> For Failing To Follow Packaging Rules :fedora: 🐺 </p><p><a href="https://www.phoronix.com/news/wolfSSL-Fedora-Immediately-Ends" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">phoronix.com/news/wolfSSL-Fedo</span><span class="invisible">ra-Immediately-Ends</span></a></p>
gojimmypi<p><a href="https://hackaday.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> 5.7.2 update now available on <a href="https://hackaday.social/tags/platformio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>platformio</span></a> </p><p>Commercial Grade, NIST FIPS 140-3 Certified Cryptographic libraries. All open source ❤️</p><p><a href="https://registry.platformio.org/libraries/wolfssl/wolfssl" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">registry.platformio.org/librar</span><span class="invisible">ies/wolfssl/wolfssl</span></a></p>
das_menschy<p><span class="h-card"><a href="https://infosec.exchange/@ryanc" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ryanc</span></a></span> Maybe by using <a href="https://toot.bike/tags/wolfssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfssl</span></a> instead of <a href="https://toot.bike/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a>, just like <a href="https://toot.bike/tags/openwrt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openwrt</span></a> for embedded devices does it: <a href="https://openwrt.org/releases/21.02/notes-21.02.0-rc1#tls_and_https_support_included_by_default" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openwrt.org/releases/21.02/not</span><span class="invisible">es-21.02.0-rc1#tls_and_https_support_included_by_default</span></a></p>
gojimmypi<p>Official <a href="https://hackaday.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> on <a href="https://hackaday.social/tags/PlatformIO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PlatformIO</span></a>!😍</p>
Rick Moen 🇺🇸 🇳🇴 🇬🇧<p><span class="h-card" translate="no"><a href="https://ngmx.com/@sindarina" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sindarina</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@deirdresm" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>deirdresm</span></a></span><br><br><span class="h-card" translate="no"><a href="https://eightpoint.app/@orc" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>orc</span></a></span> </p><p>linuxmafia.com is my site.</p><p>I really don't care about SSL (on my site), because there's no compelling use-case for https for anything the site does. (I could remove the current self-signed cert with no functional loss.) </p><p>The whole CA thing is notorious security theatre <u>as implemented</u>. (See Schneier's entire chapter on that in <u>Secrets and Lies</u>.)</p><p>Yes, I'll probably eventually upgrade to a serious SSL implementation using something less hopeless than OpenSSL (looking at wolfSSL and MatrixSSL in additon to the obvious LibreSSL), and I'll probably accomodate the unthinking masses with a Let's Encrypt cert the way MIchael Orlitzky eventually did, but think it's a well-meaning solution (from excellent and righteous people who are cherished friends) to the wrong problem, for the same reason MIchael Orlitzky does. </p><p><a href="https://michael.orlitzky.com/articles/lets_not_encrypt.xhtml" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">michael.orlitzky.com/articles/</span><span class="invisible">lets_not_encrypt.xhtml</span></a></p><p><a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <br><a href="https://infosec.exchange/tags/EFF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EFF</span></a><br><a href="https://infosec.exchange/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a> <br><a href="https://infosec.exchange/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> <br><a href="https://infosec.exchange/tags/MatrixSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MatrixSSL</span></a> <br><a href="https://infosec.exchange/tags/indyweb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>indyweb</span></a><br><br><a href="https://infosec.exchange/tags/geezer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>geezer</span></a></p>
gojimmypi<p>I've been working on Official <a href="https://hackaday.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> cryptography support for <a href="https://hackaday.social/tags/Arduino" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Arduino</span></a>. It's there! Check it out, let me know how it goes. Please open issues for any boards that might need extra attention. See my blog:</p><p><a href="https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wolfssl.com/getting-started-wi</span><span class="invisible">th-wolfssl-on-arduino</span></a></p>
daniel:// stenberg://<p><a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> comes post-quantum prepared. All you need is a TLS library setup for it (for example <a href="https://mastodon.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a>). I explained this already in 2021:</p><p><a href="https://daniel.haxx.se/blog/2021/10/04/post-quantum-curl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2021/10/04</span><span class="invisible">/post-quantum-curl/</span></a></p>
daniel:// stenberg://<p>Today at <a href="https://mastodon.social/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSDEM</span></a> I talk in k1.105 at 10:00 "you too could have made <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a>" . After that, find me in the <a href="https://mastodon.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> booth to get stickers. If I have any left...</p>
daniel:// stenberg://<p>On this day five years ago, I started working on <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> full time. <a href="https://daniel.haxx.se/blog/2024/02/02/five-year-full-time-curl-anniversary/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2024/02/02</span><span class="invisible">/five-year-full-time-curl-anniversary/</span></a></p><p>for <a href="https://mastodon.social/tags/wolfssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfssl</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> TBH that kinda matches the description.</p><p>After all, your work on <a href="https://mstdn.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> and <a href="https://mstdn.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> is something noone outside of the know even is aware of but millions pf people if not billions of devices rely on daily...</p><p>Really like that XKCD dependency stack...</p>
Olivier Duclos<p>> typically 10 times faster than OpenSSL 3.0.8 on a large system, using 1 lock per connection vs 691 for OpenSSL</p><p>yikes 😬 </p><p><a href="https://mstdn.io/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a> <a href="https://mstdn.io/tags/wolfssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfssl</span></a></p>
Olivier Duclos<p>Which SSL library should you chose? This is a nice review of the many options available today. It was written for HAProxy but most of the information is valid for any server. <a href="https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/haproxy/wiki/wiki/S</span><span class="invisible">SL-Libraries-Support-Status</span></a></p><p>OpenSSL is clearly not an option anymore for production servers.</p><p><a href="https://mstdn.io/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a> <a href="https://mstdn.io/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a> <a href="https://mstdn.io/tags/wolfssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfssl</span></a> <a href="https://mstdn.io/tags/performance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>performance</span></a> <a href="https://mstdn.io/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mstdn.io/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a></p>
daniel:// stenberg://<p>How to build a smaller <a href="https://mastodon.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a> library when used with <a href="https://mastodon.social/tags/cURL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cURL</span></a>?</p><p><a href="https://www.wolfssl.com/how-to-build-a-smaller-wolfssl-library-when-used-with-curl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wolfssl.com/how-to-build-a-sma</span><span class="invisible">ller-wolfssl-library-when-used-with-curl/</span></a></p>
daniel:// stenberg://<p>"QUIC and HTTP/3 with <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> and <a href="https://mastodon.social/tags/wolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wolfSSL</span></a>" is the webinar <span class="h-card"><a href="https://chaos.social/@icing" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>icing</span></a></span> and me did back in April. Check it out!</p><p><a href="https://youtu.be/SouvkGW0UZQ?t=43" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/SouvkGW0UZQ?t=43</span><span class="invisible"></span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload