wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. The paper notes that wolfSSL only gives a weak oracle without a practical attack but this is still a flaw. We’ve posted a fix for this and a general release will be available next week. Please note that wolfSSL has disabled static RSA cipher suites by default as of version 3.6.6 because of the lack of perfect forward secrecy. Only users who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA and use those suites on a host are affected.
Contact support@wolfssl.com if you have any questions or concerns.