wolfSSL’s wolfcrypt library includes several cryptographic algorithms that are now considered broken or deprecated. While these algorithms are typically disabled by default, developers should be aware of their security implications. Here is the list of these algorithms along with links to documents explaining why they are no longer considered secure: RC4/ARC4: Prohibited for TLS use […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
Migrating to wolfSSL from mbedTLS
We wanted to highlight a useful migration guide posted by Amazon for their AWS IoT Core with FreeRTOS showing how to migrate from mbedTLS to wolfSSL. The migration guide shows useful API mappings and how to expose PKCS11 capabilities. Check out the FreeRTOS with mbedTLS to FreeRTOS with wolfSSL Migration Guide v1.0. FreeRTOS is a […]
Read MoreMore TagCryptoagility
Have you heard the newest and most pervasive buzzword in online security? Recently, the most popular and over-hyped expression doing the rounds these days is “Cryptoagility”. Why do we think it is so overhyped? Because if you are simply looking for a definition, you’ll be hard pressed to find one. People who talk about it […]
Read MoreMore TagXilinx vs STM: wolfSSL Integration and Build Experience Compared
Selecting the right hardware for an embedded project can be a complex decision—but choosing a security library doesn’t have to be. wolfSSL offers broad platform support, running seamlessly on everything from bare-metal systems to full-featured operating systems. In this post, we’ll compare how wolfSSL integrates with two widely used embedded platforms: Xilinx and STM. While […]
Read MoreMore TagCurve25519 Blinding Support Added in wolfSSL 5.8.0
As of wolfSSL version 5.8.0, support for Curve25519 blinding has been introduced. Although originally listed as a feature addition in the changelog, it is more accurately characterized as a mitigation for a potential side-channel vulnerability affecting specific builds. This feature offers optional hardening against power or electromagnetic (EM) analysis during Curve25519 private key operations. While […]
Read MoreMore TagwolfSSL Adds Support for Open Watcom Compiler
Introduction The wolfSSL embedded SSL/TLS library has recently expanded its compatibility by adding support for the Open Watcom C/C++ compiler. This enhancement enables developers to build wolfSSL using Open Watcom across multiple platforms including Windows, Linux, and OS/2. This blog post explores the new Open Watcom support, its features, and how to leverage it in […]
Read MoreMore TagNew Feature Spotlight: Offloading Extended Master Secret Generation to Hardware in wolfSSL
We’re thrilled to announce a new feature in wolfSSL 5.8.0: the ability to offload Extended Master Secret (EMS) generation to hardware, introduced in Pull Request #8303. Integrated into `–enable-pkcallbacks –enable-extended-master` builds, this enhancement empowers developers to leverage Trusted Execution Environments (TEEs) or custom hardware for EMS generation, boosting security and performance in TLS sessions. This […]
Read MoreMore TagExpired Test Certificate: baltimore-cybertrust-root.pem and make check Failures
On May 12th, 2025, the test certificate baltimore-cybertrust-root.pem expired. This may cause issues with the test cases run during make check with wolfSSL builds that do not use the OpenSSL compatibility layer and have a filesystem enabled. One of the unit tests attempts to load all Certificate Authorities (CAs) from the certs/external directory, which previously […]
Read MoreMore TagwolfSSL Enhances PKCS7 Streaming Support with Indefinite Length Handling
wolfSSL has extended its PKCS7 capabilities to better handle indefinite length encodings, particularly in streaming scenarios. While basic support for indefinite length verification existed, recent updates have refined the wc_PKCS7_VerifySignedData() API to process multipart and indefinite length content more efficiently in a streaming manner.(wolfSSL) Key Enhancements Streaming Verification: The wc_PKCS7_VerifySignedData() function now supports verifying PKCS7 […]
Read MoreMore TagwolfSSL 5.8.0: Easier NXP SE050 Development with Automatic Key Deletion
The NXP EdgeLock SE050 is a popular secure element providing a strong root of trust for IoT devices, known for its “Plug & Trust” simplicity. wolfSSL has consistently supported the SE050, enabling robust hardware-based security for TLS, cloud onboarding, and data protection. However, managing cryptographic keys on secure elements during development can often be a […]
Read MoreMore Tag