Hubbry Logo
WolfSSLWolfSSLMain
Open search
WolfSSL
Community hub
WolfSSL
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
WolfSSL
WolfSSL
WolfSSL
View on Wikipedia
from Wikipedia


wolfSSL
DeveloperTodd Ouska
Initial releaseFebruary 19, 2006 (2006-02-19)[1]
Stable release
5.8.2[2] Edit this on Wikidata / 17 July 2025
Repositorygithub.com/wolfssl/wolfssl
Written inC
Operating systemMulti-platform
TypeCryptography library
LicenseGPL-3.0-or-later or proprietary[3]
Websitewww.wolfssl.com

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3, and DTLS 1.0, 1.2, and 1.3) written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.[4][5]

Platforms

[edit]

wolfSSL is currently available for Microsoft Windows, Linux, macOS, Solaris, ESP32, ESP8266, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Project, OpenEmbedded, WinCE, Haiku, OpenWrt, iPhone, Android, Wii, and GameCube through DevKitPro support, QNX, MontaVista, Tron variants, NonStop OS, OpenCL, Micrium's MicroC/OS-II, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, TI-RTOS, HP-UX, uTasker, uT-kernel, embOS, INtime, mbed, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, Keil RTX, TOPPERS, PetaLinux, Apache Mynewt, and PikeOS[6], Deos, Azure Sphere OS, Zephyr, AIX, and Cesium.

History

[edit]

The genesis of wolfSSL dates to 2004. OpenSSL was available at the time, and was dual licensed under the OpenSSL License and the SSLeay license.[7] yaSSL, alternatively, was developed and dual-licensed under both a commercial license and the GPL.[8] yaSSL offered a more modern API, commercial style developer support and was complete with an OpenSSL compatibility layer.[4] The first major user of wolfSSL/CyaSSL/yaSSL was MySQL.[9] Through bundling with MySQL, yaSSL has achieved extremely high distribution volumes in the millions.

In February 2019, Daniel Stenberg, the creator of cURL, was hired by the wolfSSL project to work on cURL.[10]

Protocols

[edit]
Main article: Transport Layer Security

The wolfSSL lightweight SSL library implements the following protocols:[11]

Protocol Notes:

  • SSL 2.0 – SSL 2.0 was deprecated (prohibited) in 2011 by RFC 6176. wolfSSL does not support it.
  • SSL 3.0 – SSL 3.0 was deprecated (prohibited) in 2015 by RFC 7568. In response to the POODLE attack, SSL 3.0 has been disabled by default since wolfSSL 3.6.6, but can be enabled with a compile-time option.[12]

Algorithms

[edit]

wolfSSL uses the following cryptography libraries:

wolfCrypt

[edit]

By default, wolfSSL uses the cryptographic services provided by wolfCrypt.[13] wolfCrypt Provides RSA, DSA, ECC, DSS, Diffie–Hellman, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, NTRU (deprecated and removed), DES, Triple DES, AES (CBC, CTR, CCM, GCM, OFB, XTS, GMAC, CMAC), Camellia, IDEA, ARC4, HC-128, ChaCha20, MD2, MD4, MD5, SHA-1, SHA-2, SHA-3, BLAKE2, RIPEMD-160, Poly1305, SM2, SM3, SM4 Random Number Generation, Large Integer support, base 16/64 encoding/decoding, HMAC, PBKDF2, and post-quantum cryptographic algorithms: ML-KEM (certified under FIPS 203) and ML-DSA (certified under FIPS 204).

  • ECC curve types: SECP, SECPR2, SECPR3, BRAINPOOL, KOBLITZ
  • ECC key lengths: 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521


wolfCrypt also includes support for the X25519 and Ed25519 algorithms, as well as the X448 and Ed448 algorithms..

wolfCrypt acts as a back-end crypto implementation for several popular software packages and libraries, including MIT Kerberos[14] (where it can be enabled using a build option).

wolfCrypt is FIPS validated and holds two FIPS 140-2 certificates (#2425[15] and #3389[16]) and two FIPS 140-3 certificates (#4718[17] and #5041[18]).

NTRU

[edit]

CyaSSL+ includes NTRU[19] public key encryption. The addition of NTRU in CyaSSL+ was a result of the partnership between yaSSL and Security Innovation.[19] NTRU works well in mobile and embedded environments due to the reduced bit size needed to provide the same security as other public key systems. In addition, it's not known to be vulnerable to quantum attacks. Several cipher suites utilizing NTRU are available with CyaSSL+ including AES-256, RC4, and HC-128.

Post-Quantum

[edit]

wolfSSL provides support for a range of post-quantum cryptographic algorithms, including the Kyber Key Encapsulation Mechanism (KEM), hybridized with NIST-recommended ECC curves to maintain FIPS compliance. Supported ML-KEM levels include Level 1 (ML-KEM-512), Level 3 (ML-KEM-768), and Level 5 (ML-KEM-1024). For digital signatures, wolfSSL implements ML-DSA at Levels 2, 3, and 5; FALCON at Levels 1 and 5; and SLH-DSA, LMS/HSS, and XMSS/XMSS^MT. The library also supports hybrid TLS key exchange schemes, combining ECDHE with ML-KEM at corresponding security levels as well as dual-algorithm certificates and TLS 1.3 dual-algorithm authentication.

Hardware Integration

[edit]

Secure Element Support

[edit]

wolfSSL supports the following Secure Elements:

Technology Support

[edit]

wolfSSL supports the following hardware technologies:

  • Intel SGX (Software Guard Extensions) [20] - Intel SGX allows a smaller attack surface and has been shown to provide a higher level of security for executing code without a significant impact on performance.
  • NXP CAAM (Cryptographic Acceleration and Assurance Module) on i.MX6 (QNX), i.MX8 (QNX/Linux), RT1170 FreeRTOS
  • ARM TrustZone CryptoCell 310
  • MAXQ1065/1080 RNG
  • MAX32665 and MAX32666 TPU (Trust Protection Unit)

Licensing

[edit]

wolfSSL is dual licensed: under both the GPL-3.0-or-later license and commercial licensing.

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

WolfSSL

View on Grokipedia
from Grokipedia
wolfSSL is a , portable, C-language-based designed primarily for embedded systems, (IoT) devices, real-time operating systems (RTOS), and resource-constrained environments, providing protocols such as TLS 1.3 and DTLS 1.3. Developed by wolfSSL Inc., it offers an alternative to larger libraries like , being up to 20 times smaller in footprint while maintaining high performance, standards compliance, and features like OCSP/CRL support, validation (certificates #4718 and #5041), and DAL-A certification for applications. The is dual-licensed under the GPLv2 for open-source use and commercial licenses for proprietary applications, and it includes compatibility layers for APIs to ease integration. Originally released as CyaSSL, the library was renamed to wolfSSL in 2015 to align with the company's product naming conventions, with no changes to its core structure, licensing, or functionality during the transition. Founded in 2004 by Larry Stefonic and Todd Ouska in the United States, wolfSSL Inc. aimed to address the need for a secure, open-source SSL/TLS solution optimized for embedded use, featuring a modern API, clear commercial support, and portability across platforms. Today, wolfSSL secures over 5 billion devices and applications worldwide, with integrations in major projects such as MySQL, OpenWRT, cURL, and Ubuntu, and it extends beyond core TLS to related products like wolfCrypt for cryptography, wolfMQTT for messaging, and wolfSSH for secure shell access.

Overview

Description

wolfSSL is an open-source implementation of the SSL/TLS protocols, written in and designed as a lightweight library optimized for minimal size, high speed, and broad portability across diverse hardware and software environments. It primarily serves developers building embedded systems, (IoT) devices, and (RTOS) applications, where resource constraints demand efficient security solutions without compromising on standards compliance or performance. The library includes core client and server components for establishing secure connections, along with an OpenSSL API compatibility layer that enables seamless integration as a for larger libraries in existing codebases. With a typical binary footprint of 30-50 KB, wolfSSL achieves up to 20 times smaller size than , making it ideal for memory-limited deployments. Developed by wolfSSL Inc., a founded by Todd Ouska and Larry Stefonic, the library evolved from the earlier yaSSL project to address the need for embedded-friendly .

Key Features

wolfSSL is renowned for its high portability, implemented in to ensure seamless compilation across diverse architectures and platforms without requiring platform-specific code modifications. This design allows developers to integrate the library into embedded systems, desktops, and cloud environments with minimal adjustments, supporting abstraction layers for operating systems, custom I/O, and standard C libraries. The library maintains strict standards compliance, providing full support for TLS 1.3 as outlined in RFC 8446, along with related extensions such as RFC 6066 for secure renegotiation, RFC 5246 for TLS 1.2, RFC 7301 for , and RFC 8446 for post-handshake authentication. It incorporates progressive cipher suites, enabling the use of modern algorithms like and while allowing configurable enablement of legacy options for . Security is a core strength, with built-in support for fuzz testing through integration with tools like OSS-Fuzz to identify vulnerabilities via automated input mutation. The library includes resistance to side-channel attacks through configurable options such as ECC_TIMING_RESISTANT for operations, TFM_TIMING_RESISTANT for math library timing, and WC_RSA_BLINDING for RSA blinding to prevent timing-based leaks. Progressive enablement further enhances security by defaulting to contemporary, audited primitives while permitting selective activation of others. Performance optimizations are tailored for resource-constrained environments, featuring assembly-optimized routines for critical operations like AES encryption on / processors, which can yield up to 5-10x speedups via AES-NI instructions. Stream ciphers such as ChaCha20 and block ciphers like AES are implemented with efficient, low-memory footprints, typically ranging from 20-100 kB in size and 1-36 kB in runtime memory. Interoperability is facilitated by the wolfSSL API, which offers a lightweight alternative to more verbose libraries, and a dedicated that enables wolfSSL to serve as a for in applications like and . This layer supports equivalent cipher suites, such as TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, ensuring smooth migration without extensive code changes. Additional tools bolster development and analysis, including built-in benchmarking utilities to measure throughput and latency across configurations, an SSL sniffer for protocol inspection supporting ciphers like AES-GCM and , and comprehensive and parsing APIs for handling certificates and keys in PEM and DER formats.

History

Origins and Early Development

wolfSSL originated in 2004 when Todd Ouska and Larry Stefonic founded the project as yaSSL, motivated by the absence of a , open-source SSL suitable for embedded systems. At the time, was the dominant option but suffered from limitations in portability, code size, performance, and commercial licensing clarity, making it unsuitable for resource-constrained environments. yaSSL was designed as a compact alternative, initially implemented in C++ to provide SSL 3.0 and TLS 1.0 support while prioritizing efficiency and ease of integration. A significant early milestone came in 2005 with yaSSL's integration into , the world's most popular open-source database, enabling secure connections without relying on heavier libraries like . This bundling marked the project's first major adoption, highlighting its value in production environments and contributing to widespread distribution. MySQL's inclusion of yaSSL addressed licensing compatibility issues, as both projects shared a dual-licensing model under GPLv2 and commercial terms, allowing use in both open-source and proprietary applications. The project evolved with the initial public release of CyaSSL on February 19, 2006, a pure-C reimplementation that maintained yaSSL's core goals but improved portability and reduced footprint for embedded use. CyaSSL retained the dual-licensing approach (GPLv2 with commercial options) to facilitate adoption in products, emphasizing a modern and commercial support. Key to its early success was robust support for SSL 3.0 and TLS 1.0 protocols in low-resource settings, including an that eased migration for developers. This foundational period established wolfSSL's (then CyaSSL) niche in embedded security, setting the stage for broader ecosystem integration while avoiding the bloat of contemporaries.

Major Milestones and Recent Advances

In , the library was renamed from CyaSSL to wolfSSL to better reflect its expanded capabilities beyond just SSL, encompassing broader TLS implementations and cryptographic functionalities for embedded systems. The wolfCrypt library was introduced in 2012 as a standalone, FIPS-ready provider, separating core cryptographic operations from the SSL/TLS protocol layer to enable modular use in various applications. Key releases have marked significant advancements in protocol support and security. Version 3.11.0, released in May 2017, introduced TLS 1.3 support for both client and server sides. In June 2022, with version 5.4.0, wolfSSL added DTLS 1.3 support, aligning with the RFC 9147 standard published in April 2022. The most recent stable release, version 5.8.2 on July 17, 2025, includes mitigations for several vulnerabilities—such as ECC , Apple certificate validation overrides (CVE-2025-7395), predictable RAND_bytes after fork (CVE-2025-7394), and blinding (CVE-2025-7396)—and disables by default to enhance security. Adoption has grown through integrations with major open-source projects, including Apache HTTPd (supported since version 4.2.0 in 2020), curl (with dedicated backend and consulting support), and (enabling hardware-accelerated cryptography). Partnerships with hardware vendors like NXP, , and have facilitated optimized implementations, such as NXP CAAM support for offloading cryptographic operations. In 2025, wolfSSL advanced its FIPS compliance with the FIPS strategy, a subscription model for continuous validation under (certificate #5041), eliminating expiration gaps and ensuring ongoing security updates. Enhanced integrations, including algorithms like and , were showcased at Embedded World 2025, demonstrating hybrid TLS 1.3 implementations for resource-constrained devices.

Supported Platforms

Operating Systems

wolfSSL offers comprehensive support for major general-purpose operating systems, enabling seamless integration into desktop, server, and mobile environments. It provides full compatibility with across modern versions on 32-bit and 64-bit architectures, as well as legacy embedded variants like Windows CE, allowing developers to build and deploy secure applications without platform-specific modifications. For Linux distributions, wolfSSL features native integration with standard kernels, supporting a wide range of distributions such as and , and includes dedicated recipes for the to facilitate embedded Linux builds within broader Linux ecosystems. Additionally, it integrates with Android through the Android Open Source Project (AOSP), providing TLS/SSL functionality via JSSE providers for system-wide secure communications. On Apple platforms, wolfSSL is fully compatible with macOS and , with optimizations for including ARM-based processors like the M1 and M2 chips, ensuring high performance in native applications. This support extends to app development, adhering to platform requirements for distribution. To streamline development, wolfSSL incorporates multiple build systems, including for cross-platform configuration, Autotools for environments, and native integration for Windows, which supports DLL and static library builds in debug and release modes. These tools enable straightforward compilation and customization across supported operating systems. Quality assurance is maintained through automated testing processes, including and (CI/CD) pipelines via Actions that validate builds on Windows, , and macOS, alongside configuration and unit tests to ensure reliability.

Embedded and RTOS Environments

wolfSSL is specifically adapted for resource-constrained embedded systems and real-time operating systems (RTOS), emphasizing portability, minimal usage, and deterministic to meet the demands of IoT, industrial, and automotive applications. The library's implementation avoids platform-specific dependencies, enabling seamless integration into environments with limited RAM and flash storage, often as low as 20-100 KB code size and 1-36 KB runtime stack. wolfSSL provides native support for several prominent RTOS platforms, including , , , μITRON (across all versions under the framework), and Zephyr. These integrations leverage wolfSSL's abstraction layers for threading, timers, and entropy sources, ensuring compatibility without requiring custom modifications. For instance, support includes validations (certificate #4718), while Zephyr integration extends to wolfSSH for operations in embedded networks. On the hardware side, wolfSSL targets popular microcontroller families such as Espressif's series, STMicroelectronics' lineup, and NXP's MCX series, particularly for Industrial IoT (IIoT) edge devices. These platforms benefit from wolfSSL's , allowing efficient use of on-chip peripherals while maintaining a small footprint suitable for battery-powered or low-power applications. To optimize for embedded constraints, wolfSSL offers configurable options to eliminate dynamic memory allocation, replacing malloc/free with static buffers via the --enable-staticmemory build or wolfSSL_CTX_load_static_memory() API. This ensures predictable behavior in real-time systems and reduces vulnerability to heap fragmentation. Additionally, static control is achieved through compile-time tuning, such as disabling unused features or protocol versions, depending on the configuration. For safety-critical embedded deployments, wolfSSL complies with MISRA C guidelines, facilitating automotive applications under standards like by enforcing coding rules that enhance code reliability and reduce defects. A key example of wolfSSL's embedded utility is its integration with wolfBoot, a secure that supports both bare-metal and RTOS environments for and updates. wolfBoot uses wolfCrypt for cryptographic verification, enabling secure boot chains on platforms like and NXP MCX without an underlying OS, or alongside RTOS like for dynamic updates over TLS. This combination provides end-to-end security for device provisioning in IIoT scenarios.

Protocols

TLS and SSL Support

wolfSSL provides comprehensive support for the (TLS) protocol and its predecessor, the Secure Sockets Layer (SSL), enabling secure communication in embedded and resource-constrained environments. The implements SSL 3.0, though it has been disabled by default since version 3.6.6 due to vulnerabilities, and is considered deprecated in modern deployments. TLS versions 1.0 through 1.3 are fully supported, with TLS 1.0 and 1.1 disabled by default since versions 3.13.0 (2017) and 5.6.6 (2023), respectively, due to deprecation per RFC 8996 and concerns; TLS 1.3 offering compliance to RFC 8446, including streamlined handshakes reduced to a single round-trip time and enhanced features like integrated key derivation. In both client and server modes, wolfSSL facilitates full handshake processes, including , , and negotiation, while supporting session resumption via session tickets for efficient reconnections without full re-authentication. Certificate verification is integrated, allowing customizable checks for chain validation, revocation status, and trust anchors to ensure peer authenticity. These modes are selectable through dedicated methods, such as wolfTLSv1_3_client_method() for clients and wolfTLSv1_3_server_method() for servers, promoting across diverse network endpoints. The library supports a range of cipher suites aligned with progressive security standards, including authenticated encryption with associated data (AEAD) modes like AES-GCM (e.g., TLS_AES_128_GCM_SHA256) and (e.g., TLS_CHACHA20_POLY1305_SHA256), which provide , , and replay protection. Weak suites, such as those using stream ciphers or static key exchanges without ephemeral Diffie-Hellman (e.g., non-PFS RSA), are deprecated and disabled by default to enforce perfect , though they can be re-enabled via build options if legacy compatibility is required. This selective inclusion prioritizes modern, efficient algorithms while maintaining compatibility with older systems through configurable lists. Key TLS extensions enhance wolfSSL's flexibility, including (SNI) for on shared IP addresses (RFC 6066), (ALPN) for multiplexing protocols like over TLS (RFC 7301), and for efficient certificate revocation checking without additional client-side queries. These extensions are enabled at compile time and can be negotiated during the to optimize and security in multi-protocol environments. Configuration of TLS and SSL support in wolfSSL occurs primarily at compile time through options like --enable-tls13 for TLS 1.3 or --enable-ssl for legacy SSL, generating an options.h header that defines protocol availability and cipher preferences. Runtime enforcement is available via calls, such as wolfSSL_CTX_set_min_proto_version() to restrict minimum protocol versions or wolfSSL_CTX_set_cipher_list() to specify allowed suites, allowing dynamic policy adjustments based on deployment needs without recompilation. This dual approach ensures tailored security postures for embedded applications.

DTLS Support

wolfSSL provides robust support for (DTLS), adapting the TLS protocol for unreliable datagram transports like UDP to secure communications in environments prone to and reordering. The library implements DTLS versions 1.0 as specified in RFC 4347, 1.2 as specified in RFC 6347, and 1.3 as defined in RFC 9147, enabling both client and server operations with features tailored to handle the challenges of connectionless protocols. To address the inherent issues of datagram networks, wolfSSL's DTLS implementation incorporates mechanisms for retransmission of lost messages using a timer-based approach and reordering of out-of-sequence packets during the and data transfer phases. These adaptations ensure reliable and secure session establishment despite network unreliability, with the library buffering incoming packets to reconstruct ordered sequences. DTLS in wolfSSL is particularly suited for (IoT) applications, such as securing the (CoAP) over UDP, and real-time media streaming scenarios where low latency is critical, like in WebRTC-based communications. Key features include cookie exchange during the to mitigate denial-of-service (DoS) attacks by verifying client reachability without full resource commitment, and Path Maximum Transmission Unit (PMTU) discovery to optimize packet sizing and avoid fragmentation. Integration with wolfSSL's TLS APIs is seamless, allowing developers to use familiar functions like wolfSSL_CTX_new and wolfSSL_connect by selecting DTLS methods such as wolfDTLSv1_2_client_method, with added internal buffering to manage during application data exchange. Performance optimizations in wolfSSL make DTLS suitable for resource-constrained embedded devices, including configurable anti-replay windows to prevent replay attacks as per RFC 9147, reduced round trips in DTLS 1.3 for lower latency, and minimal through static buffer options.

Cryptographic Algorithms

wolfCrypt Library

The wolfCrypt library serves as the core cryptographic engine for the wolfSSL embedded SSL/TLS library, providing a lightweight, portable implementation of standard in . Designed for resource-constrained environments such as embedded systems and RTOS, it emphasizes small footprint, high performance, and compliance with security standards, including validation (certificates #4718 and #5041). While integrated internally by wolfSSL to handle protocol-level encryption and authentication, wolfCrypt can also operate as a standalone library for general-purpose cryptographic operations. wolfCrypt supports a range of symmetric encryption algorithms suitable for and . Key implementations include AES in modes such as CBC, GCM, CTR, CCM, and others, with key sizes ranging from 128 to 256 bits; ChaCha20 as a ; and Poly1305 for message authentication, often combined with ChaCha20 in AEAD constructions. These algorithms adhere to FIPS-approved where applicable, enabling secure data protection in bandwidth-limited scenarios. For hashing and message authentication, wolfCrypt includes (though deprecated in modern use), variants (224, 256, 384, and 512 bits), and for digest computation up to 512 bits, alongside for keyed hashing and for key derivation. These functions support integrity verification and key expansion in cryptographic protocols, with FIPS validation ensuring reliability for approved variants. Classical public-key algorithms in wolfCrypt facilitate secure and digital signatures. RSA supports keys up to 8192 bits for encryption and signing, ECC operates over NIST P-521 and Brainpool curves up to 521 bits for efficient operations, and Ed25519 provides high-speed signatures on the . These primitives enable asymmetric without relying on quantum-resistant methods. Random number generation in wolfCrypt relies on a deterministic random bit generator (DRBG) compliant with , incorporating hash-based or HMAC-based mechanisms for reproducible yet secure randomness. It also integrates hardware sources, such as or device-specific RNGs, to seed the DRBG and meet requirements for and nonces. This ensures cryptographic strength across diverse hardware platforms. The library exposes a straightforward C API with high-level functions for ease of integration, such as wc_AesEncrypt for direct AES block encryption and wc_Sha256Update for incremental hashing, alongside lower-level primitives like key setup routines (e.g., wc_AesSetKey). These APIs include runtime checks for FIPS mode and support compatibility layers, allowing developers to abstract cryptographic details while maintaining portability.

Post-Quantum Cryptography

wolfSSL integrates (PQC) into its wolfCrypt library to protect against threats from quantum computers capable of breaking classical cryptographic algorithms like RSA and ECC. This support emphasizes NIST-standardized algorithms, including ML-KEM (formerly ) for key encapsulation mechanisms (KEMs) in variants such as ML-KEM-512, ML-KEM-768, and ML-KEM-1024, and ML-DSA (formerly ) for digital signatures in variants ML-DSA-44, ML-DSA-65, and ML-DSA-87. Additionally, wolfSSL supports stateful hash-based signature (HBS) schemes like LMS, HSS, XMSS, and XMSS^MT, as well as the stateless SLH-DSA (SPHINCS+), to provide quantum-resistant authentication options. A key aspect of wolfSSL's PQC implementation is its hybrid modes for TLS 1.3 , which combine classical algorithms with PQC ones to ensure backward compatibility and gradual migration. For example, hybrid groups like P256_ML_KEM_512 pair Diffie-Hellman with ML-KEM-512, allowing secure handshakes that resist both current and future quantum attacks. These hybrids are fully integrated into wolfSSL's TLS 1.3 and DTLS 1.3 implementations, extending to protocols like MQTTv5 and MQTT-SN for IoT applications. Historically, wolfSSL supported the KEM algorithm during NIST's post-quantum competition but removed it after NIST's 2022 standardization announcement, which favored lattice-based alternatives like ML-KEM. Similarly, earlier integrations with the liboqs library included and other candidates, but these were phased out post-standardization to focus on approved schemes; future reintroduction of remains under consideration for enhanced signature performance. Performance-wise, wolfSSL's software implementations of PQC algorithms are optimized for platforms like x86_64 and , with hardware acceleration paths available via assembly code. Benchmarks on an i7-1185G7 show ML-KEM-512 achieving at approximately 293,900 operations per second, encapsulation at 271,900 ops/s, and decapsulation at 237,300 ops/s, representing a 2-5x overhead compared to classical ECDH on similar hardware. For signatures, ML-DSA-44 verifies at around 150,000 ops/s, suitable for embedded systems, though stateful HBS schemes like XMSS offer faster verification at the cost of . Looking ahead, wolfSSL's roadmap targets full CNSA 2.0 compliance by 2030, aligning with NSA timelines for migrating systems to PQC algorithms, including phased adoption of stateful HBS schemes for long-lived keys. As of November 2025, wolfSSL is pursuing validation for its PQC implementations to further support compliance needs. This positions wolfSSL for use cases requiring long-term security, such as quantum-safe IoT deployments and government communications, where hybrid PQC protects against "" threats. As of the latest reports, no post-quantum specific CVEs have been reported for wolfSSL's implementations.

Hardware Integration

Secure Element and HSM Support

wolfSSL provides integration with various secure elements to enable hardware-based key storage and cryptographic operations, enhancing security in resource-constrained environments. These integrations leverage wolfCrypt's API for abstraction, allowing developers to offload sensitive tasks such as key generation, signing, and storage to dedicated hardware without altering application code. For secure elements, wolfSSL supports the TriCore TC3xx series through wolfBoot, its secure , which authenticates firmware and utilizes the hardware's isolated environment for root-of-trust establishment. Additionally, wolfSSL has integrated support for the TROPIC01 secure element from Tropic Square, incorporating dedicated crypto callback functions in wolfCrypt version 5.8.2 to facilitate hardware-backed operations like and during secure boot processes. wolfBoot further extends this capability by serving as a hardware root-of-trust mechanism with the TROPIC01, ensuring integrity and secure updates in embedded systems. In the realm of hardware security modules (HSMs), wolfSSL offers wolfHSM, a portable, open-source framework designed primarily for automotive and enterprise applications, which abstracts hardware , , and isolated processing to protect cryptographic keys and operations. wolfHSM supports offloading , signing, and secure storage to HSMs, providing a unified that integrates seamlessly with wolfCrypt for tasks like signing and . Complementing this, wolfSSL's interface enables standardized access to HSMs for key handling, allowing compatibility with devices such as Infineon TriCore AURIX, Renesas RH850, and ST SPC58, thereby facilitating secure token operations in diverse hardware setups. With a strong automotive focus, wolfSSL's solutions align with ISO 21434 cybersecurity standards, emphasizing secure boot as a to verify software integrity, as highlighted in UN R155 regulations. This includes integration with NXP's S32 platform, where wolfCrypt and wolfBoot enable hardware-secured cryptographic acceleration and firmware protection on automotive microcontrollers. For space applications, wolfSSL announced a 2025 collaboration with Frontgrade Gaisler to integrate its security libraries, including wolfCrypt, with radiation-hardened electronics, aiming to bolster cybersecurity in harsh environments by combining hardware resilience with software-based key protection and authentication.

Cryptographic Accelerator Support

wolfSSL integrates hardware cryptographic accelerators to enhance the performance of cryptographic operations within its wolfCrypt library, offloading computations from the CPU to specialized hardware for faster execution and improved efficiency. This support targets both general-purpose processors and embedded system-on-chip (SoC) designs, enabling seamless utilization of hardware capabilities where available. For CPU extensions, wolfSSL leverages AES-NI instructions on and Core processor families to accelerate AES operations in modes such as GCM, CCM, CBC, ECB, and CTR for 128-256 bit keys, providing significant performance gains over pure software implementations. Similarly, ARMv8 Crypto extensions are supported, including AES in CBC, CTR, and GCM modes (128-256 bits), SHA-256 hashing, and GHASH for , allowing runtime optimization on compatible ARM-based devices. Additional x86 extensions like AVX1/AVX2 enable acceleration of SHA-256, SHA-384, SHA-512, ChaCha20, and Poly1305, while /RDSEED instructions from and provide hardware-based . In SoC integrations, wolfSSL supports NXP's Cryptographic Accelerator and Assurance Module (CAAM) on series processors, accelerating AES encryption and hashing operations to reduce processing overhead in embedded environments. TrustZone CryptoCell 310 is integrated for secure cryptographic acceleration, including AES and SHA algorithms, often via partnerships with vendors like Renesas. microcontrollers from utilize built-in hardware for RNG, DES/3DES in CBC/ECB modes, and AES in CBC/CTR (128-256 bits), enhancing security in resource-constrained IoT devices. As an example, Espressif's SoC benefits from wolfSSL's support for hardware RNG and AES acceleration, streamlining TLS implementations in wireless applications. Recent expansions include () Zynq UltraScale+ and Versal platforms, which accelerate AES-GCM (128/256 bits), RSA (2048/4096 bits), ECC, (384 bits), and true , with performance improvements noted for and automotive use cases as of 2025. Implementation in wolfCrypt involves runtime detection of hardware availability through compile-time options like --enable-cryptocb or the WOLF_CRYPTO_CB macro, which registers hardware callbacks via wc_CryptoCb_RegisterDevice for dynamic offloading of operations such as AES, SHA-256, ECC, and RSA. If hardware is unavailable or unsupported, the library automatically falls back to optimized software implementations, ensuring portability across diverse platforms. This approach can deliver up to 10x speedup for AES-GCM , as demonstrated in benchmarks on supported hardware. wolfSSL provides broad compatibility with over 50 cryptographic schemes across these accelerators, including various AES modes, SHA variants, ECC curves, RSA key sizes, and RNG sources, reflecting ongoing updates through 2025. The primary benefits of this hardware support include reduced CPU load in embedded systems, which is critical for real-time applications, and enhanced power efficiency for battery-powered devices by minimizing computational cycles dedicated to . These optimizations make wolfSSL particularly suitable for IoT, networking, and secure boot scenarios where performance and energy constraints are paramount.

Certifications

FIPS Validations

wolfSSL's wolfCrypt cryptographic library has achieved multiple validations under the (FIPS) 140, administered by the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP). For , the library received Certificate #2425 in 2015 and Certificate #3389 in 2019, both covering the core software modules of wolfCrypt. Transitioning to the updated standard, wolfCrypt obtained Certificate #4718 in 2024, followed by Certificate #5041 in July 2025, which remains valid through July 17, 2030. These validations support an "" subscription model, allowing non-expiring updates to the certified module without requiring full revalidation for minor changes. The scope of these validations encompasses wolfCrypt software modules deployable across more than 80 operating environments, including various embedded systems, distributions, and real-time operating systems, with operational environment caveats specifying supported platforms and configurations. Approved algorithms within the FIPS boundary include AES-256 (in CBC and GCM modes), SHA-384, ECDSA, , RSA, DSA, DRBG, and SHA-512, ensuring compliance for symmetric, asymmetric, and hashing operations. Compliance with NIST CMVP involves rigorous testing of the module's design, implementation, and security features, including power-up self-tests for cryptographic algorithms and conditional self-tests during operation to verify integrity. The FIPS boundary is drawn around wolfCrypt's core functions, enabling seamless integration into broader applications like TLS while maintaining certification. In 2025, wolfSSL advanced FIPS integration by incorporating the validated wolfCrypt into , providing FIPS-compliant networking for , system services, and media applications without modifying end-user code. Additionally, the company released WolfGuard, a enabled version of VPN, leveraging wolfCrypt for certified cryptography in high-performance tunneling.

Other Compliance Standards

wolfSSL's wolfCrypt library supports Common Criteria evaluations at EAL4+ and higher through certified integrations, enabling deployment in European markets where rigorous security assurances are mandated for IT products. These validations ensure that cryptographic operations meet international standards for protection against intentional tampering and high-level threats, as demonstrated in partnerships with hardware providers like NSING Technologies' NS350 TPM devices. For avionics applications, wolfCrypt supports RTCA DAL-A certification, providing traceable artifacts and certification kits for key cryptographic algorithms to facilitate compliance in safety-critical airborne systems. For industry-specific applications, wolfSSL adheres to :2012 guidelines, which promote safe and secure coding practices essential for automotive . This compliance facilitates integration into vehicle systems requiring and reliability, such as secure bootloaders and embedded TLS implementations. Additionally, wolfSSL aligns with ISO/SAE 21434, the international standard for automotive cybersecurity engineering, by providing tools like wolfSentry intrusion detection and supporting validation processes through automated to identify and mitigate vulnerabilities in connected vehicle ecosystems. In the United States, wolfSSL demonstrates readiness for the Cyber Trust Mark labeling program, an FCC initiative for IoT devices that enforces baseline cybersecurity requirements including secure boot and firmware updates. Solutions like wolfBoot enable manufacturers to meet these criteria by providing verifiable secure boot mechanisms compliant with emerging federal procurement regulations. Regarding post-quantum compliance, wolfCrypt aligns with the Agency's Commercial National Security Algorithm Suite (CNSA) 2.0, which outlines a migration timeline to quantum-resistant by 2033 to protect systems from threats. wolfSSL was the first provider to fully support CNSA 2.0 algorithms, including ML-KEM for key encapsulation and ML-DSA for signatures, integrated into TLS 1.3 for hybrid classical-post-quantum security. As of November 2025, wolfSSL is pursuing validation for post-quantum algorithms. As an open-source project, wolfSSL undergoes regular security audits, including extensive fuzzing efforts via OSS-Fuzz integration and third-party tools like those from Code Intelligence and Trail of Bits, which have uncovered and resolved issues such as heap-based use-after-free vulnerabilities. Vulnerabilities are transparently disclosed through the CVE process, with a dedicated tracking page listing all known issues in wolfSSL products to maintain community trust and rapid remediation. In 2025, wolfSSL partnered with IGEL to integrate its cryptographic libraries into the IGEL OS, creating zero-trust endpoint solutions that enhance secure access for enterprise environments. This collaboration sets a benchmark for cryptographic in endpoint operating systems, supporting policy-enforced connections and high-assurance data protection.

Licensing

Open Source Options

wolfSSL provides open-source licensing options under the GNU General Public License (GPL), enabling free use, modification, and distribution for compatible projects. The core wolfSSL library and its wolfCrypt engine are licensed under GPLv3 or any later version, following a transition from GPLv2 in July 2025 with version 5.8.2. Meanwhile, wolfSSH, the SSH implementation, uses GPLv3. The GPL licenses impose copyleft requirements, mandating that the source code of wolfSSL, wolfCrypt, and wolfSSH be made available to users and that any derivative works or integrated software also be released under the same GPL version. This ensures ongoing openness but restricts integration into without a commercial license. Source code availability promotes transparency and allows users to verify security implementations. The open-source versions are freely downloadable from the official GitHub repository at github.com/wolfSSL, which includes comprehensive build examples, unit tests, performance benchmarks, and documentation to facilitate development and integration. Users can compile the libraries for various platforms, including embedded systems, with configuration options via the provided IDE files and scripts. Key limitations apply under the open-source model: the FIPS-validated modules, essential for compliance in regulated environments, cannot be used in applications without a commercial license due to GPL restrictions. Additionally, the licenses disclaim any warranty, holding users responsible for suitability and maintenance. The wolfSSL community actively supports open-source development through pull requests for contributions, bug fixes, and feature enhancements, fostering collaborative improvements. The libraries are integrated into prominent open-source projects, such as for secure data transfers, demonstrating their compatibility and adoption in the ecosystem.

Commercial Licensing

wolfSSL offers commercial licensing options designed for enterprises and organizations developing or closed-source applications, enabling integration without the requirements of the GPL license. These licenses provide flexibility for commercial software products, appliances, and embedded systems where open-source obligations are undesirable. The licensing model includes perpetual licenses priced at $7,500 USD per end product or stock-keeping unit (SKU), granting unlimited royalty-free distribution for that product. Subscription-based models are also available, such as the Evergreen FIPS subscription, which delivers ongoing updates and compliance maintenance. Royalties are optional and typically not required, with custom terms negotiable for specific needs like extended support or tailored features. Key benefits encompass the elimination of GPL copyleft restrictions, allowing closed-source redistribution; access to premium , including dedicated engineers, unlimited incidents, optimization assistance, and priority response times; custom integrations via professional consulting services; and full source code availability for modifications. In contrast to the free GPL alternative covered elsewhere, these options prioritize enterprise-grade reliability and customization. Access to FIPS 140-validated configurations for proprietary deployments necessitates a commercial , as the open-source version does not support certified closed-source use. The subscription specifically addresses this by automating transitions between validation certificates (e.g., from #4718 to #5041), ensuring uninterrupted compliance through at least July 2030 without expiration gaps or manual re-certifications. Pricing is contact-based and scales with deployment size, accommodating factors like the number of SKUs, user seats, or global distribution volume, while including access as standard. Typical use cases include and defense systems requiring secure communications, automotive applications such as (V2X) and advanced driver-assistance systems compliant with , and medical devices handling sensitive data under regulatory standards, all benefiting from compliance without open-source mandates.

References

  1. https://www.wolfssl.com/
  2. https://www.wolfssl.com/cyassl-name-is-changing-to-wolfssl-2/
  3. https://www.wolfssl.com/about/
  4. https://www.wolfssl.com/products/wolfssl/
  5. https://github.com/wolfSSL/wolfssl
  6. https://www.wolfssl.com/docs/quickstart/
  7. https://www.wolfssl.com/documentation/manuals/wolfssl/chapter13.html
  8. https://www.wolfssl.com/docs/wolfssl-openssl/
  9. https://www.wolfssl.com/how-does-wolfssl-compare-to-openssl/
  10. https://www.wolfssl.com/docs/benchmarks/
  11. https://www.wolfssl.com/documentation/manuals/wolfssl/chapter04.html
  12. https://www.wolfssl.com/overview-of-testing-in-wolfssl-2/
  13. https://www.wolfssl.com/wolfssl-in-mysql/
  14. https://github.com/cyassl/cyassl
  15. https://www.wolfssl.com/products/yassl/
  16. https://www.wolfssl.com/license/
  17. https://www.wolfssl.com/products/wolfcrypt/
  18. https://www.wolfssl.com/wolfssl-3-11-0-now-available/
  19. https://www.wolfssl.com/whats-new-dtls-1-3/
  20. https://www.wolfssl.com/wolfssl-5-8-2-now-available/
  21. https://www.wolfssl.com/wolfssl-apache-httpd/
  22. https://www.wolfssl.com/wolfssl-integration-curl/
  23. https://www.wolfssl.com/wolfssl-openvpn-upstream-support/
  24. https://www.wolfssl.com/wolfssl-nxp-partnership-roundup/
  25. https://www.wolfssl.com/every-hardware-cryptography-scheme-wolfssl-has-ever-enabled-2/
  26. https://www.wolfssl.com/wolfssl-advances-fips-leadership-with-new-certificate-5041-and-evergreen-fips-140-strategy/
  27. https://www.wolfssl.com/wolfssl-unveils-post-quantum-cryptography-and-security-solutions-at-embedded-world-2025/
  28. https://www.wolfssl.com/documentation/manuals/wolfssl/chapter05.html
  29. https://www.wolfssl.com/wolfssl-support-178-dal/
  30. https://www.wolfssl.com/docs/getting-started-yocto-openembedded/
  31. https://www.wolfssl.com/docs/installing-a-jsse-provider-in-android-osp/
  32. https://www.wolfssl.com/what-we-talk-about-when-we-talk-about-support/
  33. https://www.wolfssl.com/what-operating-systems-has-wolfssl-been-ported-to/
  34. https://www.wolfssl.com/wolfssl-embedded-ssl-for-bare-metal-and-no-os-environments/
  35. https://www.wolfssl.com/wolfssl-supports-freertos/
  36. https://www.wolfssl.com/wolfssh-adds-support-for-zephyr-rtos/
  37. https://www.wolfssl.com/wolfcrypt-fips-140-3-operating-environments/
  38. https://www.wolfssl.com/docs/espressif/
  39. https://www.wolfssl.com/docs/stm32/
  40. https://www.wolfssl.com/wolfboot-now-supports-nxps-new-mcx-a-and-mcx-w-microcontrollers/
  41. https://www.wolfssl.com/wolfssl-esp32-hardware-acceleration-support/
  42. https://www.wolfssl.com/announcing-stm32wba-support-in-wolfssl/
  43. https://www.wolfssl.com/docs/static-buffer-allocation/
  44. https://www.wolfssl.com/crypto-without-mallocs/
  45. https://www.wolfssl.com/docs/tuning-guide/
  46. https://www.wolfssl.com/how-to-use-the-wolfssl-staticmemory-feature/
  47. https://www.wolfssl.com/wolfssl-support-for-stm32-hardware/
  48. https://www.wolfssl.com/best-tested-addressing-wolfssl-tls-1-3-server-concerns-record-time/
  49. https://www.wolfssl.com/products/wolfboot/
  50. https://www.wolfssl.com/secure-boot-and-tls-1-3-firmware-update-with-freertos-and-wolfssl-on-freescale-freedom-board-k64/
  51. https://www.wolfssl.com/wolfboot-support-for-the-stm32c0-in-2024/
  52. https://www.wolfssl.com/docs/tls13/
  53. https://www.wolfssl.com/deprecation-and-removal-of-tls-1-0-1-1-support-from-wolfssl/
  54. https://datatracker.ietf.org/doc/html/rfc4347
  55. https://www.wolfssl.com/how-wolfssl-protects-your-data-tls-overview/
  56. https://www.wolfssl.com/wolfssl-enhances-dtls-with-easier-connection-id-handling-and-stateless-support/
  57. https://www.wolfssl.com/docs/iot/
  58. https://www.wolfssl.com/skipping-the-cookie-exchange-in-dtls-1-3/
  59. https://www.wolfssl.com/dtls-1-3-examples-use-cases/
  60. https://www.wolfssl.com/forums/topic2222-wolfssldtlsmtu.html
  61. https://www.wolfssl.com/documentation/manuals/wolfssl/ssl_8h.html
  62. https://www.wolfssl.com/dtls-1-3-benchmarks/
  63. https://www.wolfssl.com/documentation/wolfCrypt-API-Reference.pdf
  64. https://www.wolfssl.com/products/wolfcrypt-post-quantum/
  65. https://www.wolfssl.com/documentation/manuals/wolfssl/appendix07.html
  66. https://www.wolfssl.com/integration-falcon-signature-scheme-wolfssl/
  67. https://www.wolfssl.com/post-quantum-benchmark-comparison-ml-kem-wolfssl-5-8-0-vs-openssl-3-5/
  68. https://eprint.iacr.org/2021/1553.pdf
  69. https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS.PDF
  70. https://www.wolfssl.com/coming-soon-wolfssl-takes-pqc-toward-fips-certification/
  71. https://www.wolfssl.com/category/post-quantum/
  72. https://www.wolfssl.com/docs/security-vulnerabilities/
  73. https://www.wolfssl.com/keystores-and-secure-elements-supported-by-wolfssl-2/
  74. https://www.wolfssl.com/documentation/manuals/wolfhsm/chapter02.html
  75. https://www.wolfssl.com/wolfboot-supports-the-infineon-aurix-tricore-tc3xx/
  76. https://www.wolfssl.com/new-keystores-and-secure-elements-added-to-wolfssl-5-8-2/
  77. https://www.wolfssl.com/open-source-secure-boot-meets-open-hardware-announcing-wolfboot-integration-with-tropic01-secure-element/
  78. https://www.wolfssl.com/products/wolfhsm/
  79. https://github.com/wolfSSL/wolfHSM
  80. https://www.wolfssl.com/wolfssl-pkcs11-support/
  81. https://www.wolfssl.com/meeting-secure-boot-compliance-requirements/
  82. https://www.wolfssl.com/docs/nxp/
  83. https://www.gaisler.com/news-events/frontgrade-gaisler-and-wolfssl-collaborate-to-enhance-cybersecurity-in-space-applications
  84. https://www.wolfssl.com/docs/hardware-crypto-support/
  85. https://www.wolfssl.com/every-hardware-cryptography-scheme-wolfssl-has-ever-enabled/
  86. https://www.wolfssl.com/wolfssl-accelerates-cryptography-on-xilinx-hardware-with-more-to-come/
  87. https://www.wolfssl.com/docs/implementing-hardware-cryptographic-support-wolfcrypt/
  88. https://www.wolfssl.com/wolfcrypt-fips-operating-environments/
  89. https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3389
  90. https://www.wolfssl.com/license/fips/
  91. https://www.wolfssl.com/wolfcrypt-fips-140-3-certificate-5041-now-validated/
  92. https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=12988
  93. https://wolfssl.jp/wordpress/wp-content/uploads/2024/03/wolfSSL-FIPS-Ready-140-3.pdf
  94. https://www.wolfssl.com/fips-140-3-enabled-linux-authentication-system-services-with-gnutls-wolfssl/
  95. https://www.wolfssl.com/fips-certified-wireguard/
  96. https://www.wolfssl.com/wolftpm-supports-nsing-technologies-ns350/
  97. https://www.wolfssl.com/wolfssl-support-for-do-178c-dal-a/
  98. https://www.wolfssl.com/wolfssl-conforms-misra-c2012-guidelines/
  99. https://www.wolfssl.com/need-secure-bootloader-misra-c/
  100. https://www.wolfssl.com/considerations-implementing-cybersecurity-standards/
  101. https://www.wolfssl.jp/wordpress/wp-content/uploads/2022/04/wolfSSL-Automotive202204.pdf
  102. https://www.wolfssl.com/cnsa-2-0-update-part-2-niap/
  103. https://www.wolfssl.com/wolfssl-pioneering-the-next-evolution-of-fips-140-3-security-part-1/
  104. https://www.wolfssl.com/ai-automated-fuzz-testing-uncovered-a-vulnerability-in-wolfssl/
  105. https://github.com/wolfSSL/oss-fuzz-targets
  106. https://blog.trailofbits.com/2023/01/12/wolfssl-vulnerabilities-tlspuffin-fuzzing-ssh/
  107. https://www.igel.com/about-us/press-releases/strengthening-zero-trust-igel-partners-with-wolfssl-to-set-new-benchmark-in-cryptographic-security/
  108. https://www.gnu.org/licenses/gpl.html
  109. https://github.com/wolfSSL/wolfssh
  110. https://www.wolfssl.com/products/curl/
  111. https://www.wolfssl.com/wolfssl-premium-support/
  112. https://www.wolfssl.com/docs/consulting/
  113. https://www.commercialuavnews.com/how-wolfssl-secures-safe-data-communication-in-the-drone-space
  114. https://www.wolfssl.com/wolfssl-expands-capabilities-with-iso-26262-documentation-for-asil-compliance/
  115. https://www.wolfssl.com/upcoming-webinar-everything-need-know-securing-medical-devices/
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.