RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL 5.8.2 Now Available

wolfSSL 5.8.2 is now available! We are excited to announce the release of wolfSSL 5.8.2, packed with significant enhancements, introducing new functionalities, and refining existing features!

Important Notes for this Release

  • GPLv3 Licensing: wolfSSL has transitioned from GPLv2 to GPLv3.
  • Deprecated Feature: `–enable-heapmath` is now deprecated.
  • MD5 Disabled by Default: For enhanced security, MD5 is now disabled by default.

Key Highlights of wolfSSL 5.8.2

Vulnerability Mitigations:

  • ECC and Ed25519 Fault Injection Mitigation (Low): (Thanks to Kevin from Fraunhofer AISEC)
  • Apple Native Cert Validation Override (High – CVE-2025-7395): (Thanks to Thomas Leong from ExpressVPN)
  • Predictable `RAND_bytes()` after `fork()` (Medium – CVE-2025-7394): (Thanks to Per Allansson from Appgate)
  • Curve25519 Blinding Enabled by Default (Low – CVE-2025-7396): (Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris)

New Features:

  • Sniffer Enhancements: Support for multiple sessions and a new `ssl_RemoveSession()` API for cleanup.
  • New ASN.1 X509 API: `wc_GetSubjectPubKeyInfoDerFromCert` for retrieving public key information.
  • PKCS#12 Improvements: `wc_PKCS12_create()` now supports PBE_AES(256|128)_CBC key and certificate encryptions.
  • PKCS#7 Decoding: Added `wc_PKCS7_DecodeEncryptedKeyPackage()` for decoding encrypted key packages.
  • Linux Kernel Module Expansion: All AES, SHA, and HMAC functionality now implemented within the Linux Kernel Module.
  • OpenSSL Compatibility Layer Additions: New APIs for X.509 extensions and RSA PSS: `i2d_PrivateKey_bio`, `BN_ucmp`, and `X509v3_get_ext_by_NID`.
  • Platform Support: Added support for STM32N6.
  • Assembly Optimizations: Implemented SHA-256 for PPC 32 assembly.

Improvements & Optimizations:

This release includes a wide range of improvements across various categories, including:

  • Extensive Linux Kernel Module (LinuxKM) Enhancements: Numerous minor fixes, registrations, and optimizations for cryptography operations within the Linux Kernel Module.
  • Post-Quantum Cryptography (PQC) & Asymmetric Algorithms: Updates to Kyber, backward compatibility for ML_KEM IDs, fixes for LMS building and parameters, and OpenSSL format support for ML-DSA/Dilithium.
  • Build System & Portability: General build configuration fixes, improvements for older GCC versions, new CMakePresets, and default MD5 disabling.
  • Testing & Debugging: Enhanced debugging output, additional unit tests for increased code coverage, and improved benchmark help options.
  • Certificates & ASN.1: Improved handling of X509 extensions, fixed printing of empty names, and better error handling.
  • TLS/DTLS & Handshake: Corrected group handling, improved DTLS record processing, and refined TLS 1.3 key derivation.
  • Memory Management & Optimizations: Stack refactors, improved stack size with MLKEM and Dilithium, and heap math improvements.
  • Cryptography & Hash Functions: Added options to disable assembly optimizations for SipHash and SHA3, and improved Aarch64 XFENCE.
  • Platform-Specific & Hardware Integration: Explicit support for ESP32P4, public `wc_tsip_*` APIs, and enhanced PlatformIO certificate bundle support.
  • General Improvements & Refactoring: Updated libspdm, fixed PEM key formatting, and improved API accessibility for certificate failure callbacks.

wolfSSL 5.8.2 also includes some nice bug fixes, addressing issues across various modules, ensuring greater stability and reliability. For a complete and detailed list of all changes, please refer to the full release notes.

We encourage all users to upgrade to wolfSSL 5.8.2 to take advantage of these important security updates, new features, and performance enhancements. Download the latest release.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

OpenSSL Compatibility Layer Additions in wolfSSL 5.8.2

The wolfSSL’s repo pull request #8897 adds significant OpenSSL compatibility layer enhancements across four key areas: RSA operations, big number mathematics, X.509 certificate extensions, and private key serialization.

RSA API Enhancements:

The PR introduces comprehensive RSA-PSS (Probabilistic Signature Scheme) support with enhanced OpenSSL compatibility. Key additions include:

  • wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen() for configuring salt lengths
  • wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md() for setting MGF1 hash algorithms
  • wolfSSL_EVP_PKEY_CTX_set_rsa_oaep_md() for RSA-OAEP padding configuration
  • The existing wolfSSL_RSA_sign and wolfSSL_RSA_verify functions have been enhanced to support RSA-PSS with custom salt lengths and MGF1 hash types.
  • Additional functions include wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1() and wolfSSL_RSA_verify_PKCS1_PSS_mgf1() for advanced PSS padding operations with MGF1 support.

Bignum API Additions:

A new wolfSSL_BN_ucmp() function has been added that compares the absolute values of two WOLFSSL_BIGNUM structures. This function provides OpenSSL-compatible behavior identical to BN_ucmp(). The implementation uses internal duplication to avoid modifying const input parameters, making the implementation compliant with the API.

X.509 Extensions API Additions:

Two X.509 certificate extension handling functions have been added. The wolfSSL_X509v3_get_ext_by_NID() function searches for extensions by their Numeric Identifier (NID) within a stack of extensions, supporting iterative searching with a “lastpos” parameter. The wolfSSL_X509v3_get_ext() function retrieves extensions by index position from an extension stack. Both functions enable programmatic certificate extension processing for PKI applications, policy enforcement, and extension data extraction.

Private Key DER Output API Additions:

The new wolfSSL_i2d_PrivateKey_bio() function provides private key serialization to DER format through BIO objects. This function performs a two-pass operation to determine buffer size and encode the key.

These additions collectively enhance wolfSSL’s OpenSSL compatibility layer, providing essential functionality for RSA-PSS operations, mathematical computations, certificate processing, and key management operations required by modern cryptographic applications.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: WolfGuard: FIPS 140-3 Enabled WireGuard

WireGuard is known for its simplicity, speed, and modern cryptography, but what if your deployment requires FIPS 140-3 validated security? That’s where WolfGuard comes in.

Join wolfSSL Software Engineer Lealem Amedie as he introduces WolfGuard, a FIPS 140-3 enabled WireGuard solution optimized for speed and cryptographic agility. Built on the FIPS-certified wolfCrypt library, WolfGuard delivers all of WireGuard’s functionality with the assurance of FIPS-approved algorithms.

Register now: WolfGuard: FIPS 140-3 Enabled WireGuard
Date: August 27th | 9 AM PT

This webinar will cover:

  • WireGuard fundamentals and implementations (Linux, GO, BoringTun)
  • How WireGuard secures tunnels and encrypts data
  • FIPS 140-3, FedRAMP, and CMMC 2.0 compliance needs
  • How WolfGuard integrates FIPS into WireGuard with zero architectural changes
  • Real-world use cases + live demo with WolfGuard Go

If you need WireGuard with FIPS 140-3 compliance and zero complexity trade-offs, WolfGuard is your solution.

Register now to see WolfGuard in action and achieve compliance in your VPN deployments.

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 425 8247.

Download wolfSSL Now

How to Make Your TPM Talk PKCS11

TPM vs HSM, what’s the difference? Check out this blog post for more detailed.

In a nutshell, TPMs are typically a dedicated chip included along side a main (host) processor and used for securing a single consumer electronics device. HSMs are external devices that can be used across multiple devices and systems, offering advanced cryptographic operations and key management. For both of them, their main objective is to protect and store private key material. A TPM typically presents itself via the standardized TPM 2.0 API while an HSM presents itself via the standardized PKCS11 API.

If you think about it really, really carefully, the difference is just a matter of form factor, interfaces, and regulatory technicalities. So is it possible for a TPM to present itself as an HSM? The answer is most definitely YES! But how?

Here at wolfSSL we have our own PKCS11 provider library, wolfPKCS11, to leverage cryptographic hardware and keystores on various systems. A while ago, we added support for using TPM 2.0 modules via wolfTPM into wolfPKCS11. We believe that this functionality is particularly useful for users that have coded to the PKCS11 standard, but need to switch to a TPM or fTPM; there are many technical and business reasons to do so.

With that in mind, if you have been using an HSM and want to simplify to simply using a TPM with little to no code changes in your application, let us help you with that. Reach out to us to find out how your specific situation would work!

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL’s Newest Offering for the Financial Vertical

Are you wondering what Microsoft’s roadmap for the IIS (Internet Information Services) webserver says about post-quantum cryptography? We’re not; read on to find out why.

Not everyone in the financial industry is old enough to remember what it was like to be in the trenches during the Y2K (Year 2000) era, but those that were around for it know that it was expensive both in dollar and human terms. Many dollars and man hours were spent converting years from two digits to four digits. In the end the endeavor to fix the Y2K bug was a victim of its own success. When January 1st, 2000 rolled around, everyone was fine and the financial system just went along all honky dory.

We here at wolfSSL are hoping for the same fate for Y2Q (Years To Quantum). Hopefully, when a cryptographically relevant quantum computer is finally built, everyone will have switched over to post-quantum algorithms. To ensure this is the case, we here at wolfSSL have been hard at work getting ahead of the curve.

That said, we feel your pain. We know that you’ve been conservatively using Microsoft products. Why wouldn’t you; who doesn’t trust Microsoft? Microsoft’s approach has been to prioritize stability over agility which makes sense for now. But you also know that there are timelines to move to post-quantum cryptography. So what are your options?

At wolfSSL, we are currently working on a product that is so new that it does not even have a name!! It will act as an alternative to Microsoft Windows SChannel Library. It will hook into the windows SSPI (Security Support Provider Interface). Why is this important? Because this is how network security is provided to the Windows IIS Webserver. Without even knowing it, IIS will seamlessly become quantum-safe when you pop in wolfSSL’s alternative to SChannel!

Let us know what you think of the concept around this new product. Are you interested in seeing the timeline accelerated and the priority raised? Let us know by reaching out to facts@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

MCP (Model Context Protocol) and FIPS-140-3 Requirements

Are you one of our customers tasked by the US federal government to implement their newly minted AI initiatives? Then go get a cup of coffee and sit down because you are going to want to hear what we have to say about the MCP (Model Context Protocol) and how it relates to FIPS 140-3.

The Model Context Protocol (MCP) is a framework that provides AI models with relevant, structured context to improve efficiency and accuracy around how the data is used. It ensures AI agents receive pertinent data and environmental cues for optimal performance, reducing ambiguity, enhancing decision-making, and streamlining AI-environment interaction.

The protocol works on a client-server model. The servers are, generally speaking, data and service providers while the clients are the AI agents. MCP servers can provide real-time sensor data, historical archives, structured databases (CRM, ERP), knowledge bases, and external API access (weather, mapping, translation). MCP clients are AI entities, from chatbots to complex autonomous systems, needing external data/services. Examples include, LLMs, decision-making AIs and robotics/autonomous vehicles.

Here are just a few examples of servers within agencies of the US Federal Government:

The messages are formatted as JSON with some predefined fields. The important part is that these messages need to be authenticated, encrypted, and integrity checked. From the https://modelcontextprotocol.io/docs/concepts/transports:

> Always use TLS/HTTPS for production deployments

So if the US federal government is going to be contracting you to create an AI MCP client to leverage these servers, then you can bet your bottom dollar that it needs to be using FIPS 140-3 certified cryptography.

Want to learn more about our laddered-approach to FIPS 140-3 certifications and our evergreen licensing model? Send a message to fips@wolfssl.com or facts@wolfssl.com and we’ll be happy to explain it all to you!

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL 5.8.2: Smarter and Cleaner Sniffing

The latest release of wolfSSL 5.8.2 comes with key improvements for users of the wolfSSL sniffer.

Multi-Session Sniffer Support

The wolfSSL sniffer now supports decoding multiple TLS sessions, including those using session tickets and session resumption.

This enables more accurate decryption of real-world TLS traffic, where connections are commonly reused for performance.

New ssl_RemoveSession() API

This release also introduces a new API for targeted sniffer session cleanup:

int ssl_RemoveSession(const char* clientIp, int clientPort,
                      const char* serverIp, int serverPort,
                      char* error);

This allows for fine-grained control of cached sessions, helping reduce memory usage which can be integral especially when operating in high traffic environments.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfBoot v2.6.0 Now Available

The wolfSSL team has released version 2.6.0 of wolfBoot, the lightweight and portable secure bootloader for embedded systems. This update expands platform coverage, improves support for external memory layouts, and adds key performance optimizations for a range of architectures. It also includes critical fixes and brings updated module integration across the wolfSSL ecosystem.

New Platform Support

PIC32CZ CA (Cortex-M7) and PIC32CK (Cortex-M33) devices from Microchip are now supported. The PIC32CZ family targets high-performance secure connected applications with integrated HSM and extended memory. The PIC32CK line brings TrustZone support for secure partitioning on Armv8-M systems. wolfBoot can now provide verified secure boot and firmware updates across both families.

External Flash Support with ELF Scattering

wolfBoot now supports external flash configurations when using ELF scattering mode. This enables firmware sections to be distributed between internal and external flash, useful in scenarios where internal flash is limited or where larger applications are split across multiple memory regions.

Encrypted Updates on Renesas RX

Encrypted firmware updates are now supported for the Renesas RX family. When paired with Renesas TSIP (Trusted Secure IP), wolfBoot can handle encrypted update packages, with decryption performed securely on-chip using hardware-managed keys. This provides strong protection for sensitive firmware in the field.

PowerPC 32-bit Optimizations

New assembly-level optimizations for SHA and AES are now available on 32-bit PowerPC platforms. These improvements reduce boot-time cryptographic processing overhead and improve performance during image verification and decryption operations.

STM32F4 Enhancements

wolfBoot v2.6.0 includes updated clock configuration logic for the STM32F4 series, ensuring compatibility across the full device family. In addition, support has been added for the STM32F411 variant, commonly used in development and prototyping platforms.

Fixes and Improvements

This release includes several important bug fixes:

  • Fixed unaligned memory access on Cortex-A5
  • Corrected compile flags to allow execution from RAM on ARM targets
  • Proper handling of VTOR_NS when staging non-secure images in TrustZone-M mode
  • Removed redundant flash write-after-erase cycle in wolfBoot_update_trigger
  • Multiple TrustZone-related fixes for STM32H5 devices

These changes improve stability, reduce flash wear, and ensure correct behavior on secure platforms.

Updated Module Versions

The following components have been updated in this release:

More Information

To download the latest version of wolfBoot, visit our download page or clone it from the wolfBoot GitHub repository. For questions about commercial support, licensing, or integration assistance, please contact us at facts@wolfssl.com or +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Everything You Need to Know About Medical Device Cybersecurity

Elevate your cybersecurity strategy with proven solutions built for connected care.

Join us on August 20th at 9 AM PT for a live webinar led by wolfSSL Senior Software Engineer Eric Blankenhorn. We’ll cover how to strengthen cybersecurity across the entire medical device ecosystem from implantables and patient monitors to bedside devices and cloud platforms. This session will highlight regulatory requirements, key security challenges, and how wolfSSL’s embedded solutions can help you address them.

Register now: Everything You Need to Know About Medical Device Cybersecurity
Date: August 20th | 9 AM PT

In this webinar, Eric will dive into current cybersecurity threats in healthcare, industry trends, and the growing regulatory pressure on connected devices. Learn how wolfSSL’s lightweight, FIPS 140-3 validated cryptography and secure boot technology can help prevent tampering, conserve power, and support compliance with HIPAA, VA, and other mandates.

Register now to strengthen your security posture in connected healthcare.

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Professor Bill Buchanan, OBE, FRSE

Today, we would like to shout out to wolfSSL’s newest friend, Professor Bill Buchanan, OBE, FRSE.

Professor Bill Buchanan stands as one of Scotland’s most distinguished cybersecurity educators, holding the prestigious title of Officer of the Order of the British Empire (OBE) for his services to cybersecurity. As a Professor in the School of Computing at Edinburgh Napier University, Buchanan has dedicated his career to making complex cryptographic concepts accessible to students, developers, and industry professionals worldwide. His work extends far beyond traditional academic boundaries, bridging the gap between theoretical cryptography and practical implementation through innovative educational resources such as his wildly popular website.

The site serves as a treasure trove of cryptographic knowledge and practical implementations. Within this extensive resource, his work with wolfSSL and wolfCrypt demonstrates his commitment to providing hands-on learning experiences with industry-standard cryptographic libraries. The wolfCrypt section of his site showcases detailed implementations and explanations of various cryptographic functions, making these powerful tools accessible to developers working in both C and C# environments.

Buchanan’s exploration of Advanced Encryption Standard implementations through wolfCrypt showcases his ability to make complex symmetric encryption concepts understandable and implementable.

The RSA notes within Buchanan’s wolfCrypt educational materials demonstrate key generation, encryption, decryption, and digital signature operations, providing developers with complete understanding of this foundational public-key cryptographic system.

The ECDH content provides developers with practical knowledge of how to implement secure key exchange mechanisms, essential for establishing secure communications channels in distributed systems. This work demonstrates his ability to translate complex cryptographic protocols into understandable, implementable code examples.

The dual-language approach of Buchanan’s wolfCrypt educational content, covering both C and C# implementations, reflects his commitment to reaching the broadest possible audience of developers. The C# wrapper implementations are particularly valuable, as they make wolfSSL’s powerful cryptographic capabilities accessible to .NET developers who might otherwise struggle with native C library integration.

Buchanan’s wolfCrypt educational materials serve as a bridge between the academic world of cryptographic research and the practical needs of software developers implementing secure systems. His work demonstrates how proper cryptographic education can empower developers to build more secure applications while avoiding common implementation pitfalls that can compromise security. Through these comprehensive resources, he continues to secure software applications worldwide with examples of how to use wolfSSL.

Here at wolfSSL, we applaud his efforts!

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Broken SSL/TLS Versions: Attacks, Weaknesses, and Mitigations

At wolfSSL, we prioritize strong, modern cryptographic practices—especially for embedded systems where performance, code size, and reliability are critical. While TLS continues to be the standard for securing communications, many early protocol versions have been broken or deprecated due to serious security flaws. Understanding the history of these attacks and their mitigations helps clarify why wolfSSL supports TLS 1.2 and TLS 1.3 only, with hardened configurations and no legacy baggage.

Summary: Vulnerable Versions at a Glance

Protocol Status Major Vulnerabilities Secure with Mitigation?
SSL 3.0 Broken POODLE, Downgrade Attacks, Renegotiation No – Do Not Use
TLS 1.0 Deprecated BEAST, CRIME, RC4 Bias, Renegotiation Partially (Obsolete)
TLS 1.1 Deprecated Weak cipher support, Lucky 13, Renegotiation But not recommended
TLS 1.2 Supported FREAK, Logjam, DROWN (if misconfigured), Lucky 13, Renegotiation Yes
TLS 1.3 Recommended No known practical attacks N/A – Strongest Option

SSL 3.0 – Broken by Design (1996)

Attack: POODLE

  • Exploits predictable padding in CBC mode.
  • Allows a MITM to decrypt encrypted messages byte-by-byte.
  • Requires protocol downgrade (common with fallback support in legacy clients).

Attack: Renegotiation

  • Unpatched versions allow MITM data injection.
  • Fixed by RFC 5746.

Mitigation:

  • Disable SSL 3.0 entirely.
  • No fix is possible within the protocol itself.

TLS 1.0 – Weak Encryption and Block Mode Flaws

Attack: BEAST

  • Targets predictable IVs in CBC mode.
  • Attacker uses JaveScript injection to decrypt HTTPS cookies via MITM.

Attack: CRIME

  • Exploits TLS compression to infer secret data via length differences in compressed responses.

Attack: Renegotiation

  • Unpatched versions allow MITM data injection.
  • Fixed by RFC 5746.

Issue: RC4 Bias

  • Long-known statistical biases in RC4 keystream make it vulnerable to ciphertext recovery.

Mitigations:

  • TLS 1.1 introduced random IVs to mitigate BEAST.
  • Disabling TLS compression and RC4 ciphers mitigates CRIME and RC4 bias.
  • TLS 1.0 is officially deprecated by wolfSSL and not recommended for any deployments.

TLS 1.1 – Marginal Upgrade, Still Outdated

  • Addressed BEAST with random IVs.
  • Still lacked support for authenticated encryption (AEAD), forward secrecy by default, and encrypted handshake metadata.

Attack: Lucky 13

  • Partial plaintext recovery through adaptive chosen ciphertext attacks when using CBC-mode ciphers.

Attack: Renegotiation

  • Unpatched versions allow MITM data injection.
  • Fixed by RFC 5746.

Mitigations:

  • While safer than TLS 1.0, TLS 1.1 lacks modern protections.
  • Use Encrypt-then-MAC (RFC7366) – default in wolfSSL.
  • wolfSSL does not support TLS 1.1 by default and does not recommend enabling it unless required for backward compatibility.

TLS 1.2 – Secure When Properly Configured

TLS 1.2 remains widely used and secure when hardened. The vulnerabilities discovered were due to weak configurations or legacy cipher support—not flaws in the protocol itself.

Attack: FREAK

  • Exploits fallback to 512-bit “export-grade” RSA keys.
  • Attackers brute-force these weak keys to decrypt session data.

Attack: Logjam

  • Similar concept to FREAK but targets Diffie-Hellman key exchange with weak 512-bit parameters.

Attack: DROWN

  • Targets servers that share a certificate across both TLS and SSLv2.
  • Exploits SSLv2 flaws to decrypt TLS data.

Attack: Lucky 13

  • Partial plaintext recovery through adaptive chosen ciphertext attacks when using CBC-mode ciphers.

Attack: Renegotiation

  • Unpatched versions allow MITM data injection.
  • Fixed by RFC 5746.

Mitigations:

  • Disable export cipher suites and SSLv2 support.
  • Use strong ephemeral key exchange (e.g., ECDHE).
  • Use Encrypt-then-MAC (RFC7366).
  • Use AEAD ciphers (AES-GCM, ChaCha20-Poly1305).
  • wolfSSL provides TLS 1.2 with modern defaults and no export cipher support.

TLS 1.3 – Minimal, Secure, and Efficient

TLS 1.3 removes legacy features that caused vulnerabilities in the past:

  • No RC4, no CBC, no static RSA, no compression, no export ciphers.
  • Forward secrecy is mandatory.
  • Encrypts more of the handshake, preventing downgrade attacks and metadata leakage.
  • Streamlined cipher suite negotiation.

Mitigations Built-In:

  • TLS 1.3 was designed from the ground up to address all prior attack classes.
  • wolfSSL’s TLS 1.3 implementation is FIPS 140-3 Ready and optimized for resource-constrained devices.

wolfSSL Recommendations

As a TLS library optimized for embedded systems, IoT, aerospace, and automotive, we encourage:

  1. Use TLS 1.3 wherever possible for reduced code size and maximum security.
  2. TLS 1.2 is acceptable when configured with strong ciphers and forward secrecy.
  3. Disable legacy protocols (SSL 3.0, TLS 1.0, TLS 1.1) entirely.
  4. Audit your build flags to avoid accidental inclusion of weak algorithms.

Conclusion

TLS has evolved from early, flawed implementations to strong, modern protocols that protect billions of connections daily. But only by disabling old versions and enforcing hardened configurations can systems stay secure. wolfSSL supports only TLS 1.2 and TLS 1.3, giving you confidence that your embedded or server deployments are resilient against both legacy and modern threats.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 208 209 210

Weekly updates

Archives