RECENT BLOG NEWS
wolfSSL 5.8.2 Now Available
wolfSSL 5.8.2 is now available! We are excited to announce the release of wolfSSL 5.8.2, packed with significant enhancements, introducing new functionalities, and refining existing features!
Important Notes for this Release
- GPLv3 Licensing: wolfSSL has transitioned from GPLv2 to GPLv3.
- Deprecated Feature: `–enable-heapmath` is now deprecated.
- MD5 Disabled by Default: For enhanced security, MD5 is now disabled by default.
Key Highlights of wolfSSL 5.8.2
Vulnerability Mitigations:
- ECC and Ed25519 Fault Injection Mitigation (Low): (Thanks to Kevin from Fraunhofer AISEC)
- Apple Native Cert Validation Override (High – CVE-2025-7395): (Thanks to Thomas Leong from ExpressVPN)
- Predictable `RAND_bytes()` after `fork()` (Medium – CVE-2025-7394): (Thanks to Per Allansson from Appgate)
- Curve25519 Blinding Enabled by Default (Low – CVE-2025-7396): (Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris)
New Features:
- Sniffer Enhancements: Support for multiple sessions and a new `ssl_RemoveSession()` API for cleanup.
- New ASN.1 X509 API: `wc_GetSubjectPubKeyInfoDerFromCert` for retrieving public key information.
- PKCS#12 Improvements: `wc_PKCS12_create()` now supports PBE_AES(256|128)_CBC key and certificate encryptions.
- PKCS#7 Decoding: Added `wc_PKCS7_DecodeEncryptedKeyPackage()` for decoding encrypted key packages.
- Linux Kernel Module Expansion: All AES, SHA, and HMAC functionality now implemented within the Linux Kernel Module.
- OpenSSL Compatibility Layer Additions: New APIs for X.509 extensions and RSA PSS: `i2d_PrivateKey_bio`, `BN_ucmp`, and `X509v3_get_ext_by_NID`.
- Platform Support: Added support for STM32N6.
- Assembly Optimizations: Implemented SHA-256 for PPC 32 assembly.
Improvements & Optimizations:
This release includes a wide range of improvements across various categories, including:
- Extensive Linux Kernel Module (LinuxKM) Enhancements: Numerous minor fixes, registrations, and optimizations for cryptography operations within the Linux Kernel Module.
- Post-Quantum Cryptography (PQC) & Asymmetric Algorithms: Updates to Kyber, backward compatibility for ML_KEM IDs, fixes for LMS building and parameters, and OpenSSL format support for ML-DSA/Dilithium.
- Build System & Portability: General build configuration fixes, improvements for older GCC versions, new CMakePresets, and default MD5 disabling.
- Testing & Debugging: Enhanced debugging output, additional unit tests for increased code coverage, and improved benchmark help options.
- Certificates & ASN.1: Improved handling of X509 extensions, fixed printing of empty names, and better error handling.
- TLS/DTLS & Handshake: Corrected group handling, improved DTLS record processing, and refined TLS 1.3 key derivation.
- Memory Management & Optimizations: Stack refactors, improved stack size with MLKEM and Dilithium, and heap math improvements.
- Cryptography & Hash Functions: Added options to disable assembly optimizations for SipHash and SHA3, and improved Aarch64 XFENCE.
- Platform-Specific & Hardware Integration: Explicit support for ESP32P4, public `wc_tsip_*` APIs, and enhanced PlatformIO certificate bundle support.
- General Improvements & Refactoring: Updated libspdm, fixed PEM key formatting, and improved API accessibility for certificate failure callbacks.
wolfSSL 5.8.2 also includes some nice bug fixes, addressing issues across various modules, ensuring greater stability and reliability. For a complete and detailed list of all changes, please refer to the full release notes.
We encourage all users to upgrade to wolfSSL 5.8.2 to take advantage of these important security updates, new features, and performance enhancements. Download the latest release.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
OpenSSL Compatibility Layer Additions in wolfSSL 5.8.2
The wolfSSL’s repo pull request #8897 adds significant OpenSSL compatibility layer enhancements across four key areas: RSA operations, big number mathematics, X.509 certificate extensions, and private key serialization.
RSA API Enhancements:
The PR introduces comprehensive RSA-PSS (Probabilistic Signature Scheme) support with enhanced OpenSSL compatibility. Key additions include:
- wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen() for configuring salt lengths
- wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md() for setting MGF1 hash algorithms
- wolfSSL_EVP_PKEY_CTX_set_rsa_oaep_md() for RSA-OAEP padding configuration
- The existing wolfSSL_RSA_sign and wolfSSL_RSA_verify functions have been enhanced to support RSA-PSS with custom salt lengths and MGF1 hash types.
- Additional functions include wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1() and wolfSSL_RSA_verify_PKCS1_PSS_mgf1() for advanced PSS padding operations with MGF1 support.
Bignum API Additions:
A new wolfSSL_BN_ucmp() function has been added that compares the absolute values of two WOLFSSL_BIGNUM structures. This function provides OpenSSL-compatible behavior identical to BN_ucmp(). The implementation uses internal duplication to avoid modifying const input parameters, making the implementation compliant with the API.
X.509 Extensions API Additions:
Two X.509 certificate extension handling functions have been added. The wolfSSL_X509v3_get_ext_by_NID() function searches for extensions by their Numeric Identifier (NID) within a stack of extensions, supporting iterative searching with a “lastpos” parameter. The wolfSSL_X509v3_get_ext() function retrieves extensions by index position from an extension stack. Both functions enable programmatic certificate extension processing for PKI applications, policy enforcement, and extension data extraction.
Private Key DER Output API Additions:
The new wolfSSL_i2d_PrivateKey_bio() function provides private key serialization to DER format through BIO objects. This function performs a two-pass operation to determine buffer size and encode the key.
These additions collectively enhance wolfSSL’s OpenSSL compatibility layer, providing essential functionality for RSA-PSS operations, mathematical computations, certificate processing, and key management operations required by modern cryptographic applications.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Live Webinar: WolfGuard: FIPS 140-3 Enabled WireGuard
WireGuard is known for its simplicity, speed, and modern cryptography, but what if your deployment requires FIPS 140-3 validated security? That’s where WolfGuard comes in.
Join wolfSSL Software Engineer Lealem Amedie as he introduces WolfGuard, a FIPS 140-3 enabled WireGuard solution optimized for speed and cryptographic agility. Built on the FIPS-certified wolfCrypt library, WolfGuard delivers all of WireGuard’s functionality with the assurance of FIPS-approved algorithms.
Register now: WolfGuard: FIPS 140-3 Enabled WireGuard
Date: August 27th | 9 AM PT
This webinar will cover:
- WireGuard fundamentals and implementations (Linux, GO, BoringTun)
- How WireGuard secures tunnels and encrypts data
- FIPS 140-3, FedRAMP, and CMMC 2.0 compliance needs
- How WolfGuard integrates FIPS into WireGuard with zero architectural changes
- Real-world use cases + live demo with WolfGuard Go
If you need WireGuard with FIPS 140-3 compliance and zero complexity trade-offs, WolfGuard is your solution.
Register now to see WolfGuard in action and achieve compliance in your VPN deployments.
As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 425 8247.
Download wolfSSL Now
How to Make Your TPM Talk PKCS11
TPM vs HSM, what’s the difference? Check out this blog post for more detailed.
In a nutshell, TPMs are typically a dedicated chip included along side a main (host) processor and used for securing a single consumer electronics device. HSMs are external devices that can be used across multiple devices and systems, offering advanced cryptographic operations and key management. For both of them, their main objective is to protect and store private key material. A TPM typically presents itself via the standardized TPM 2.0 API while an HSM presents itself via the standardized PKCS11 API.
If you think about it really, really carefully, the difference is just a matter of form factor, interfaces, and regulatory technicalities. So is it possible for a TPM to present itself as an HSM? The answer is most definitely YES! But how?
Here at wolfSSL we have our own PKCS11 provider library, wolfPKCS11, to leverage cryptographic hardware and keystores on various systems. A while ago, we added support for using TPM 2.0 modules via wolfTPM into wolfPKCS11. We believe that this functionality is particularly useful for users that have coded to the PKCS11 standard, but need to switch to a TPM or fTPM; there are many technical and business reasons to do so.
With that in mind, if you have been using an HSM and want to simplify to simply using a TPM with little to no code changes in your application, let us help you with that. Reach out to us to find out how your specific situation would work!
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
wolfSSL’s Newest Offering for the Financial Vertical
Are you wondering what Microsoft’s roadmap for the IIS (Internet Information Services) webserver says about post-quantum cryptography? We’re not; read on to find out why.
Not everyone in the financial industry is old enough to remember what it was like to be in the trenches during the Y2K (Year 2000) era, but those that were around for it know that it was expensive both in dollar and human terms. Many dollars and man hours were spent converting years from two digits to four digits. In the end the endeavor to fix the Y2K bug was a victim of its own success. When January 1st, 2000 rolled around, everyone was fine and the financial system just went along all honky dory.
We here at wolfSSL are hoping for the same fate for Y2Q (Years To Quantum). Hopefully, when a cryptographically relevant quantum computer is finally built, everyone will have switched over to post-quantum algorithms. To ensure this is the case, we here at wolfSSL have been hard at work getting ahead of the curve.
That said, we feel your pain. We know that you’ve been conservatively using Microsoft products. Why wouldn’t you; who doesn’t trust Microsoft? Microsoft’s approach has been to prioritize stability over agility which makes sense for now. But you also know that there are timelines to move to post-quantum cryptography. So what are your options?
At wolfSSL, we are currently working on a product that is so new that it does not even have a name!! It will act as an alternative to Microsoft Windows SChannel Library. It will hook into the windows SSPI (Security Support Provider Interface). Why is this important? Because this is how network security is provided to the Windows IIS Webserver. Without even knowing it, IIS will seamlessly become quantum-safe when you pop in wolfSSL’s alternative to SChannel!
Let us know what you think of the concept around this new product. Are you interested in seeing the timeline accelerated and the priority raised? Let us know by reaching out to facts@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
MCP (Model Context Protocol) and FIPS-140-3 Requirements
Are you one of our customers tasked by the US federal government to implement their newly minted AI initiatives? Then go get a cup of coffee and sit down because you are going to want to hear what we have to say about the MCP (Model Context Protocol) and how it relates to FIPS 140-3.
The Model Context Protocol (MCP) is a framework that provides AI models with relevant, structured context to improve efficiency and accuracy around how the data is used. It ensures AI agents receive pertinent data and environmental cues for optimal performance, reducing ambiguity, enhancing decision-making, and streamlining AI-environment interaction.
The protocol works on a client-server model. The servers are, generally speaking, data and service providers while the clients are the AI agents. MCP servers can provide real-time sensor data, historical archives, structured databases (CRM, ERP), knowledge bases, and external API access (weather, mapping, translation). MCP clients are AI entities, from chatbots to complex autonomous systems, needing external data/services. Examples include, LLMs, decision-making AIs and robotics/autonomous vehicles.
Here are just a few examples of servers within agencies of the US Federal Government:
The messages are formatted as JSON with some predefined fields. The important part is that these messages need to be authenticated, encrypted, and integrity checked. From the https://modelcontextprotocol.io/docs/concepts/transports:
> Always use TLS/HTTPS for production deployments
So if the US federal government is going to be contracting you to create an AI MCP client to leverage these servers, then you can bet your bottom dollar that it needs to be using FIPS 140-3 certified cryptography.
Want to learn more about our laddered-approach to FIPS 140-3 certifications and our evergreen licensing model? Send a message to fips@wolfssl.com or facts@wolfssl.com and we’ll be happy to explain it all to you!
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
wolfSSL 5.8.2: Smarter and Cleaner Sniffing
The latest release of wolfSSL 5.8.2 comes with key improvements for users of the wolfSSL sniffer.
Multi-Session Sniffer Support
The wolfSSL sniffer now supports decoding multiple TLS sessions, including those using session tickets and session resumption.
This enables more accurate decryption of real-world TLS traffic, where connections are commonly reused for performance.
New ssl_RemoveSession() API
This release also introduces a new API for targeted sniffer session cleanup:
int ssl_RemoveSession(const char* clientIp, int clientPort, const char* serverIp, int serverPort, char* error);
This allows for fine-grained control of cached sessions, helping reduce memory usage which can be integral especially when operating in high traffic environments.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
wolfBoot v2.6.0 Now Available
The wolfSSL team has released version 2.6.0 of wolfBoot, the lightweight and portable secure bootloader for embedded systems. This update expands platform coverage, improves support for external memory layouts, and adds key performance optimizations for a range of architectures. It also includes critical fixes and brings updated module integration across the wolfSSL ecosystem.
New Platform Support
PIC32CZ CA (Cortex-M7) and PIC32CK (Cortex-M33) devices from Microchip are now supported. The PIC32CZ family targets high-performance secure connected applications with integrated HSM and extended memory. The PIC32CK line brings TrustZone support for secure partitioning on Armv8-M systems. wolfBoot can now provide verified secure boot and firmware updates across both families.
External Flash Support with ELF Scattering
wolfBoot now supports external flash configurations when using ELF scattering mode. This enables firmware sections to be distributed between internal and external flash, useful in scenarios where internal flash is limited or where larger applications are split across multiple memory regions.
Encrypted Updates on Renesas RX
Encrypted firmware updates are now supported for the Renesas RX family. When paired with Renesas TSIP (Trusted Secure IP), wolfBoot can handle encrypted update packages, with decryption performed securely on-chip using hardware-managed keys. This provides strong protection for sensitive firmware in the field.
PowerPC 32-bit Optimizations
New assembly-level optimizations for SHA and AES are now available on 32-bit PowerPC platforms. These improvements reduce boot-time cryptographic processing overhead and improve performance during image verification and decryption operations.
STM32F4 Enhancements
wolfBoot v2.6.0 includes updated clock configuration logic for the STM32F4 series, ensuring compatibility across the full device family. In addition, support has been added for the STM32F411 variant, commonly used in development and prototyping platforms.
Fixes and Improvements
This release includes several important bug fixes:
- Fixed unaligned memory access on Cortex-A5
- Corrected compile flags to allow execution from RAM on ARM targets
- Proper handling of VTOR_NS when staging non-secure images in TrustZone-M mode
- Removed redundant flash write-after-erase cycle in wolfBoot_update_trigger
- Multiple TrustZone-related fixes for STM32H5 devices
These changes improve stability, reduce flash wear, and ensure correct behavior on secure platforms.
Updated Module Versions
The following components have been updated in this release:
- wolfSSL version 5.8.2 or later
- wolfTPM version 3.9.1 or later
- wolfPKCS11 latest revision
- wolfHSM latest revision
More Information
To download the latest version of wolfBoot, visit our download page or clone it from the wolfBoot GitHub repository. For questions about commercial support, licensing, or integration assistance, please contact us at facts@wolfssl.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Everything You Need to Know About Medical Device Cybersecurity
Elevate your cybersecurity strategy with proven solutions built for connected care.
Join us on August 20th at 9 AM PT for a live webinar led by wolfSSL Senior Software Engineer Eric Blankenhorn. We’ll cover how to strengthen cybersecurity across the entire medical device ecosystem from implantables and patient monitors to bedside devices and cloud platforms. This session will highlight regulatory requirements, key security challenges, and how wolfSSL’s embedded solutions can help you address them.
Register now: Everything You Need to Know About Medical Device Cybersecurity
Date: August 20th | 9 AM PT
In this webinar, Eric will dive into current cybersecurity threats in healthcare, industry trends, and the growing regulatory pressure on connected devices. Learn how wolfSSL’s lightweight, FIPS 140-3 validated cryptography and secure boot technology can help prevent tampering, conserve power, and support compliance with HIPAA, VA, and other mandates.
Register now to strengthen your security posture in connected healthcare.
As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
Professor Bill Buchanan, OBE, FRSE
Today, we would like to shout out to wolfSSL’s newest friend, Professor Bill Buchanan, OBE, FRSE.
Professor Bill Buchanan stands as one of Scotland’s most distinguished cybersecurity educators, holding the prestigious title of Officer of the Order of the British Empire (OBE) for his services to cybersecurity. As a Professor in the School of Computing at Edinburgh Napier University, Buchanan has dedicated his career to making complex cryptographic concepts accessible to students, developers, and industry professionals worldwide. His work extends far beyond traditional academic boundaries, bridging the gap between theoretical cryptography and practical implementation through innovative educational resources such as his wildly popular website.
The site serves as a treasure trove of cryptographic knowledge and practical implementations. Within this extensive resource, his work with wolfSSL and wolfCrypt demonstrates his commitment to providing hands-on learning experiences with industry-standard cryptographic libraries. The wolfCrypt section of his site showcases detailed implementations and explanations of various cryptographic functions, making these powerful tools accessible to developers working in both C and C# environments.
Buchanan’s exploration of Advanced Encryption Standard implementations through wolfCrypt showcases his ability to make complex symmetric encryption concepts understandable and implementable.
The RSA notes within Buchanan’s wolfCrypt educational materials demonstrate key generation, encryption, decryption, and digital signature operations, providing developers with complete understanding of this foundational public-key cryptographic system.
The ECDH content provides developers with practical knowledge of how to implement secure key exchange mechanisms, essential for establishing secure communications channels in distributed systems. This work demonstrates his ability to translate complex cryptographic protocols into understandable, implementable code examples.
The dual-language approach of Buchanan’s wolfCrypt educational content, covering both C and C# implementations, reflects his commitment to reaching the broadest possible audience of developers. The C# wrapper implementations are particularly valuable, as they make wolfSSL’s powerful cryptographic capabilities accessible to .NET developers who might otherwise struggle with native C library integration.
Buchanan’s wolfCrypt educational materials serve as a bridge between the academic world of cryptographic research and the practical needs of software developers implementing secure systems. His work demonstrates how proper cryptographic education can empower developers to build more secure applications while avoiding common implementation pitfalls that can compromise security. Through these comprehensive resources, he continues to secure software applications worldwide with examples of how to use wolfSSL.
Here at wolfSSL, we applaud his efforts!
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
Broken SSL/TLS Versions: Attacks, Weaknesses, and Mitigations
At wolfSSL, we prioritize strong, modern cryptographic practices—especially for embedded systems where performance, code size, and reliability are critical. While TLS continues to be the standard for securing communications, many early protocol versions have been broken or deprecated due to serious security flaws. Understanding the history of these attacks and their mitigations helps clarify why wolfSSL supports TLS 1.2 and TLS 1.3 only, with hardened configurations and no legacy baggage.
Summary: Vulnerable Versions at a Glance
Protocol | Status | Major Vulnerabilities | Secure with Mitigation? |
---|---|---|---|
SSL 3.0 | Broken | POODLE, Downgrade Attacks, Renegotiation | No – Do Not Use |
TLS 1.0 | Deprecated | BEAST, CRIME, RC4 Bias, Renegotiation | Partially (Obsolete) |
TLS 1.1 | Deprecated | Weak cipher support, Lucky 13, Renegotiation | But not recommended |
TLS 1.2 | Supported | FREAK, Logjam, DROWN (if misconfigured), Lucky 13, Renegotiation | Yes |
TLS 1.3 | Recommended | No known practical attacks | N/A – Strongest Option |
SSL 3.0 – Broken by Design (1996)
Attack: POODLE
- Exploits predictable padding in CBC mode.
- Allows a MITM to decrypt encrypted messages byte-by-byte.
- Requires protocol downgrade (common with fallback support in legacy clients).
Attack: Renegotiation
- Unpatched versions allow MITM data injection.
- Fixed by RFC 5746.
Mitigation:
- Disable SSL 3.0 entirely.
- No fix is possible within the protocol itself.
TLS 1.0 – Weak Encryption and Block Mode Flaws
Attack: BEAST
- Targets predictable IVs in CBC mode.
- Attacker uses JaveScript injection to decrypt HTTPS cookies via MITM.
Attack: CRIME
- Exploits TLS compression to infer secret data via length differences in compressed responses.
Attack: Renegotiation
- Unpatched versions allow MITM data injection.
- Fixed by RFC 5746.
Issue: RC4 Bias
- Long-known statistical biases in RC4 keystream make it vulnerable to ciphertext recovery.
Mitigations:
- TLS 1.1 introduced random IVs to mitigate BEAST.
- Disabling TLS compression and RC4 ciphers mitigates CRIME and RC4 bias.
- TLS 1.0 is officially deprecated by wolfSSL and not recommended for any deployments.
TLS 1.1 – Marginal Upgrade, Still Outdated
- Addressed BEAST with random IVs.
- Still lacked support for authenticated encryption (AEAD), forward secrecy by default, and encrypted handshake metadata.
Attack: Lucky 13
- Partial plaintext recovery through adaptive chosen ciphertext attacks when using CBC-mode ciphers.
Attack: Renegotiation
- Unpatched versions allow MITM data injection.
- Fixed by RFC 5746.
Mitigations:
- While safer than TLS 1.0, TLS 1.1 lacks modern protections.
- Use Encrypt-then-MAC (RFC7366) – default in wolfSSL.
- wolfSSL does not support TLS 1.1 by default and does not recommend enabling it unless required for backward compatibility.
TLS 1.2 – Secure When Properly Configured
TLS 1.2 remains widely used and secure when hardened. The vulnerabilities discovered were due to weak configurations or legacy cipher support—not flaws in the protocol itself.
Attack: FREAK
- Exploits fallback to 512-bit “export-grade” RSA keys.
- Attackers brute-force these weak keys to decrypt session data.
Attack: Logjam
- Similar concept to FREAK but targets Diffie-Hellman key exchange with weak 512-bit parameters.
Attack: DROWN
- Targets servers that share a certificate across both TLS and SSLv2.
- Exploits SSLv2 flaws to decrypt TLS data.
Attack: Lucky 13
- Partial plaintext recovery through adaptive chosen ciphertext attacks when using CBC-mode ciphers.
Attack: Renegotiation
- Unpatched versions allow MITM data injection.
- Fixed by RFC 5746.
Mitigations:
- Disable export cipher suites and SSLv2 support.
- Use strong ephemeral key exchange (e.g., ECDHE).
- Use Encrypt-then-MAC (RFC7366).
- Use AEAD ciphers (AES-GCM, ChaCha20-Poly1305).
- wolfSSL provides TLS 1.2 with modern defaults and no export cipher support.
TLS 1.3 – Minimal, Secure, and Efficient
TLS 1.3 removes legacy features that caused vulnerabilities in the past:
- No RC4, no CBC, no static RSA, no compression, no export ciphers.
- Forward secrecy is mandatory.
- Encrypts more of the handshake, preventing downgrade attacks and metadata leakage.
- Streamlined cipher suite negotiation.
Mitigations Built-In:
- TLS 1.3 was designed from the ground up to address all prior attack classes.
- wolfSSL’s TLS 1.3 implementation is FIPS 140-3 Ready and optimized for resource-constrained devices.
wolfSSL Recommendations
As a TLS library optimized for embedded systems, IoT, aerospace, and automotive, we encourage:
- Use TLS 1.3 wherever possible for reduced code size and maximum security.
- TLS 1.2 is acceptable when configured with strong ciphers and forward secrecy.
- Disable legacy protocols (SSL 3.0, TLS 1.0, TLS 1.1) entirely.
- Audit your build flags to avoid accidental inclusion of weak algorithms.
Conclusion
TLS has evolved from early, flawed implementations to strong, modern protocols that protect billions of connections daily. But only by disabling old versions and enforcing hardened configurations can systems stay secure. wolfSSL supports only TLS 1.2 and TLS 1.3, giving you confidence that your embedded or server deployments are resilient against both legacy and modern threats.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- August 2025 (20)
- July 2025 (27)
- June 2025 (22)
- May 2025 (25)
- April 2025 (24)
- March 2025 (22)
- February 2025 (21)
- January 2025 (23)
- December 2024 (22)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)