PRODUCTS

Products -> wolfSSL Embedded SSL Library

Supported Chipmakers

  1. wolfSSL has support for chipsets including ARM, Intel, Motorola, mbed, Freescale, Microchip (PIC32), STMicro (STM32F2/F4), NXP, Analog Devices, Texas Instruments, and more


  1. If you would like to use or test wolfSSL on another chipset, let us know and we’ll be happy to support you.

wolfSSL Embedded SSL Library (formerly CyaSSL)

Version:  3.6.6

Release Date: 8/20/2015

View ChangeLog

Platform and Language Support


wolfSSL is built for maximum portability and is generally very easy to compile on new platforms.  If your desired platform is not listed under the supported operating environments, please contact us.


wolfSSL supports the C programming language as a primary interface. It also supports several other host languages, including Java, PHP, Perl, and Python (through a swig interface). If you have interest in using wolfSSL in another programming language that it does not currently supported, please contact us.


Commercial Support


Support packages for wolfSSL are available on an annual basis directly from wolfSSL.  With three different package options, you can compare them side-by-side and choose the package that best fits your specific needs.  Please see our Support Packages page for more details or contact us with any questions.


Benchmarks


For benchmarking information or data, please visit our wolfSSL Benchmark page or contact us for more information.


If you would like more detailed information about RAM usage, please contact us for the wolfSSL Resource Use document.


Special Builds


LeanPSK - wolfSSL recently implemented a set of build options for the wolfSSL library which enable the library to be built in as little as 20kB! This build configuration requires the use of pre-shared keys (PSK). Contact us for more details about this build.


wolfSSL Training Course


Interested in getting trained by the wolfSSL team on subjects related to wolfSSL and SSL/TLS?  Learn more.

Documentation:

wolfSSL is dual licensed under both the GPLv2 and commercial licensing.  For more information, please see the following links.

Licensing and Ordering:

Follow us on Twitter and Facebook!

Stay up to date:

Download Now

Get the latest open source GPLv2 version now!

Supported Operating Environments

  1. Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, ARC MQX, TI-RTOS


  1. If you would like to test wolfSSL on another environment, let us know and we’ll be happy to support you.

HIGHLIGHTS


- Up to TLS 1.2 and DTLS 1.2

  1. -Full client and server support

  2. -Progressive list of supported ciphers

  3. -Key and Certificate generation

  4. -OCSP, CRL support

  5. -Support Available

LIGHTWEIGHT


- Small Size: 20-100kB

  1. -Runtime Memory:  1-36kB

  2. -20X smaller than OpenSSL

PORTABLE


  1. -Abstraction Layers (OS, Custom I/O, Standard C library, and more)

  2. -Simple API

  3. -OpenSSL Compatibility Layer

  4. -Long list of supported platforms

Description

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b.  User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL.


wolfSSL is powered by the wolfCrypt library. A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #2425). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com

Features


  1. SSL version 3.0 and TLS versions 1.0, 1.1 and 1.2 (client and server)

  2. DTLS 1.0, 1.2 support (client and server)

  3. Minimum footprint size of 20-100 kB, depending on build options and operating environment

  4. Runtime memory usage between 1-36 kB (depending on I/O buffer sizes, public key algorithm, and key size)

  5. OpenSSL compatibility layer

  6. OCSP and CRL support

  7. Multiple Hashing Functions:

            MD2, MD4, MD5, SHA-1, SHA-2, SHA-256,

            SHA-384, SHA-512, BLAKE2b, RIPEMD-160,

            Poly1305

  1. Block, Stream, and Authenticated Ciphers:

            AES (CBC, CTR, GCM, CCM), Camellia, DES,

            3DES, ARC4, RABBIT, HC-128, ChaCha20

  1. Public Key Options: 

            RSA, DSS, DH, EDH, NTRU

  1. Password-based Key Derivation: 

            HMAC, PBKDF2, PKCS#5

  1. ECC Support

            ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA,

            ECDHE-RSA

  1. RSA Key Generation

  2. Curve25519 and Ed25519 at wolfCrypt level

  3. Client authentication support

  4. PSK Pre-Shared Keys

  5. Simple API

  6. Persistent session and certificate cache

  7. zlib compression support

  8. Interchangeable crypto and certificate libraries

  9. PEM and DER certificate support

  10. x509 v3 RSA and ECC Signed Certificate Generation

  11. PKCS #7 - Cryptographic Message Syntax (CMS)

  12. PKCS #10 - Certificate Signing Request (CSR)

  13. PKCS #8, #5, #12 Private Key Encryption

  14. Supported TLS Extensions:

            SNI (Server Name Indication)

            Maximum Fragment Length

            Truncated HMAC

            Supported Elliptic Curves

  1. Certificate Manager

  2. QSH (quantum-safe handshake) extension

  3. SRP (Secure Remote Password)

  4. Hardware Cryptography Support

            Intel AES-NI support

            Cavium NITROX support

            STM32F2/F4 hardware crypto support

            Freescale CAU / mmCAU / SEC

            Microchip PIC32MZ

  1. SSL Sniffer (SSL Inspection) Support

  2. IPv4 and IPv6 support

  3. Abstraction Layers / User Callbacks

            C Standard Library, Custom I/O,

            Memory hooks, Logging callbacks,

            User Atomic Record Layer Processing,

            Public Key

  1. yaSSL Embedded Web Server support (see yaSSL EWS)

  2. MySQL integration

  3. Lighttpd, GoAhead, Mongoose web server support

  4. stunnel support

  5. OpenSSH support

Copyright 2015 wolfSSL Inc.  All rights reserved.

embedded ssl

Questions? +1 (425) 245-8247