How to speed up handshake times when using ECDHE (and/or ECDSA)

We have had some reports of low-end embedded systems taking 10-20 seconds to establish a TLS connection when generating a shared secret using the ECDH algorithm.

We wanted to remind our users of the fixed-point caching mechanism provided by wolfSSL. Users can enable fixed point caching with the configure option --enable-fpecc or by defining FP_ECC in their settings. Users will also need to configure which look up table (FP_LUT) to use and the number of entries (FP_ENTRIES).

FP_LUT: General rule is the larger the table, the more memory is needed but the faster subsequent lookup operations will be.

FP_ENTRIES: The number of entries allowed in the cache.

By default if users are not using the autoconf system (IE ./configure --enable-fpecc) users can start by adding these to either wolfssl/wolfcrypt/settings.h or their own user_settings.h when defining WOLFSSL_USER_SETTINGS globally:

/* Fixed point cache (speeds repeated operations against same private key) */
#undef  FP_ECC
#define FP_ECC
#ifdef FP_ECC
    /* Bits / Entries */
    #undef  FP_ENTRIES
    #define FP_ENTRIES  2
    #undef  FP_LUT
    #define FP_LUT      4  /* NOTE: FP_LUT must be between 2 and 12 inclusively */

Users can pre-cache fixed points on a curve related to a specific private key prior to establishing a connection to speed up shared secret computation times. Below we have provided some sample code users might use to accomplish this “pre-caching”. Ideally this would be a function you would run on system start-up or initialization of your embedded device prior to establishing a connection:

#include <stdio.h>
#include <string.h>

/* NOTE: ALWAYS include options.h or settings.h before any other wolf headers */
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/wolfcrypt/asn.h>

/* Build wolfSSL using ./configure --enable-fpecc or by adding #define FP_ECC to your user_settings.h. */

/* Fixed client ECC key */
static const unsigned char ecc_clikey_der_256[] =
    0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xF8, 0xCF, 0x92,
    0x6B, 0xBD, 0x1E, 0x28, 0xF1, 0xA8, 0xAB, 0xA1, 0x23, 0x4F,
    0x32, 0x74, 0x18, 0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92,
    0xF8, 0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7, 0xA0,
    0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
    0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
    0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
    0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
    0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
    0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
    0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
    0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
static const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256);

int pre_cache_my_priv_key(void)
    int ret;
/* If we plan on caching fixed points for ECC operations... */
#ifdef FP_ECC
    word32 idx = 0;
    WC_RNG rng;
    ecc_key dummyPubKey;
    ecc_key myPrivKey;
    word32 x = 32; /* large enough for 256-bit */
    unsigned char exportBuf[x];


    ret = wc_ecc_make_key(&rng, 32, &dummyPubKey);
    if (ret != 0) {
        printf("Failed to make the public key\n");
        return -1;

    ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx,
                                 &myPrivKey, sizeof_ecc_clikey_der_256);
    if (ret != 0) {
        printf("Failed to import private key, ret = %d\n", ret);
        return -1;

    ret = wc_ecc_shared_secret(&myPrivKey, &dummyPubKey, exportBuf, &x);
    if (ret != 0) {
        printf("Failed to generate a shared secret\n");
        return -1;

    printf("Successfully pre-cached curve points!\n");
    ret = 0;

    return ret;

int main(void)
    int ret;

    ret = pre_cache_my_priv_key();

   /* Do other interesting things, establish a TLS connection, etc. */

   wolfSSL_Cleanup(); /* Calls the wc_ecc_fp_free() function to free cache resources */

   return 0;

If you have any questions on the above solution please contact us anytime at! If you have feedback or comments please send a note to we would love to hear from you!

TLS 1.3 combined with FIPS (#FIPS #TLS13)

wolfSSL is a lightweight TLS/SSL library that is targeted for embedded devices and systems. It has support for the TLS 1.3 protocol, which is a secure protocol for transporting data between devices and across the Internet. In addition, wolfSSL uses the wolfCrypt encryption library to handle its data encryption.

Because there is a FIPS 140-2 validated version of wolfCrypt, this means that wolfSSL not only has support for the most current version of TLS, but it also has the encryption backbone to support your FIPS 140-2 needs if required.

Some key benefits of combining TLS 1.3 with FIPS validated software include:

  1. Software becomes marketable to federal agencies - without FIPS, a federal agency is not able to use cryptographic-based software
  2. Single round trip
  3. 0-RTT (a mode that enable zero round trip time)
  4. After Server Hello, all handshake messages are encrypted.

And much more! For more information regarding the benefits of using TLS 1.3 or using the FIPS validated version of wolfCrypt, check out wolfSSL's TLS 1.3 Protocol Support and our wolfCrypt FIPS page.

FIPS 140-2 is a government validation that certifies that an encryption module has successfully passed rigorous testing and meets high encryption standards as specified by NIST. For more information or details on FIPS 140-2, it may be helpful to view this Wikipedia article:

For more details about wolfSSL, TLS 1.3, or if you have any other general inquiries please contact

To find out more about FIPS, check out the NIST FIPS publications or contact

Using cURL with wolfSSL and TLS 1.3

cURL is an open-source project that provides the command line tool, curl, for transferring data between client and server with URLs, powered by cURL’s library, libcurl. curl and libcurl both provide support for building SSL/TLS libraries, including wolfSSL! The latest version of cURL can be downloaded from

To build curl with wolfSSL, simply configure and install curl with:

$ ./configure --with-wolfssl --without-ssl
$ make && make install

Starting with version 7.52.0, curl provides TLS 1.3 support when built with a TLS library. TLS 1.3 protocol support is also currently available in the wolfSSL library. Since both curl and wolfSSL support TLS 1.3, curl can be compiled with the addition of wolfSSL to select the TLS 1.3 protocol.

Configuring wolfSSL and curl to implement TLS 1.3 is simple. To build curl and libcurl with wolfSSL, wolfSSL must first be configured with TLS 1.3 support.

To enable TLS 1.3 support in wolfSSL, compile and install wolfSSL with the “–enable-tls13” option:

$ ./configure --enable-tls13
$ make && make install

Then, build curl with TLS 1.3-enabled wolfSSL:

$ ./configure --with-wolfssl --without-ssl
$ make && make install

To test a TLS 1.3 connection with curl + wolfSSL, invoke curl with the –tlsv1.3 option on a server that supports TLS 1.3. For example:

$ curl --tlsv1.3

A successful connection will return the HTML page downloaded from


For more information on the cURL project, visit

If you would like more information about wolfSSL’s support for TLS 1.3 or help on using it in your application, contact us at

wolfSSL at RIOT Summit

wolfSSL will be attending and exhibiting at RIOT Summit 2018, in Amsterdam, Netherlands. wolfSSL engineer Daniele Lacamera will be giving a talk titled "TLS v1.3 and RIOT OS", on Thursday, September 13th during the IoT Security Session (1:30pm - 3:30pm). Additionally, wolfSSL expert and Business Director, Rod Weaver will be attending the event on Thursday, September 13th.

RIOT Summit 2018 will be held on September 13th and 14th, at the Science Park Congress Center (directions).

Stop by to hear Daniele's presentation, to have questions about wolfSSL/licensing wolfSSL answered in person, or email us at for more details.

wolfSSL also supports TLS 1.3, and will have TLS 1.3 stickers on hand. We look forward to seeing you there!

Live Webinar – Build wolfSSL Into Secure Enclaves

Please join wolfSSL Senior Engineer David Garske for the live webinar, "Build wolfSSL into secure enclaves / ST, Infineon, Microchip". Explore wolfSSL's support of external crypto hardware (I.E. secure enclaves). Specifically the Infineon SLB 9670 and ST33 TPM 2.0, Microchip ATECC508A and the ST ST-SAFE100A chips we support.

Please register for one of the following times:

When: Sep 12, 2018 3:00 PM Central European Time
Watch the recorded webinar:

When: Sep 12, 2018 10:00 AM Pacific Time (US and Canada)
Watch the recorded webinar:

When: Sep 14, 2018 10:00 AM Singapore
Watch the recorded webinar:

After registering, you will receive a confirmation email containing information about joining the webinar.

We look forward to seeing you there!

For more information regarding the webinar or wolfSSL, please contact

wolfSSH Manual Now Available

The wolfSSH Manual is now available on the wolfSSL website! It is easily navigable, descriptive, and detailed.

Some of the topics covered in the manual are listed below:

  • How to build wolfSSH
  • How to run the example applications
  • Library design
  • wolfSSH User Authentication Callback
  • Callback Function Setup API
  • wolfSSH SFTP Beta Introduction
  • wolfSSH API reference
  • And more!

The wolfSSH Manual can be viewed as HTML here:
Or downloaded as a PDF here:

wolfSSL Intel SGX (#SGX) + FIPS 140-2 (#FIPS140)!

wolfSSL is pleased to announce the following addition to the wolfSSL FIPS certificate!

Debian 8.7.0 Intel ® Xeon® E3 Family with SGX support Intel®x64 Server System R1304SP
Windows 10 Pro Intel ® Core TM i5 with SGX support Dell LatitudeTM 7480

The wolfCrypt FIPS validated cryptographic module has been validated while running inside an Intel SGX enclave and examples have been setup for both Linux and Windows environments.

Intel ® SGX (Software Guard Extensions) can be thought of as a black-box where no other application running on the same device can see inside regardless of privilege. From a security standpoint this means that even if a malicious actor were to gain complete control of a system including root privileges, that actor, no matter what they tried, would not be able to access data inside of this “black-box”.

An Intel enclave is a form of user-level Trusted Execution Environment (TEE) which can provide both storage and execution. Meaning one can store sensitive information inside and also move sensitive portions of a program or an entire application inside.

While testing, wolfSSL has placed both individual functions and entire applications inside the enclave. One of the wolfSSL examples shows a client inside the enclave with the only entry/exit points being “start_client”, “read”, and “write”. The client is pre-programmed with a peer to connect with and specific functionality. When “start_client” is invoked it connects to the peer using SSL/TLS and executes the pre-programmed tasks where the only data entering and leaving the enclave is the info being sent to and received from the peer. Other examples show placing a single cryptographic operation inside the enclave, passing in plain-text data and receiving back encrypted data masking execution of the cryptographic operations.

If you are working with SGX and need FIPS validated crypto running in an enclave contact us at or with any questions. We would love the opportunity to field your questions and hear about your project!


wolfSSL FAQ page

The wolfSSL FAQ page can be useful for information or general questions that need need answers immediately. It covers some of the most common questions that the support team receives, along with the support team's responses. It's a great resource for questions about wolfSSL, embedded TLS, and for solutions to problems getting started with wolfSSL.

To view this page for yourself, please follow this link here.

Here is a sample list of 5 questions that the FAQ page covers:

  1. How do I build wolfSSL on ... (*NIX, Windows, Embedded device) ?
  2. How do I manage the build configuration of wolfSSL?
  3. How much Flash/RAM does wolfSSL use?
  4. How do I extract a public key from a X.509 certificate?
  5. Is it possible to use no dynamic memory with wolfSSL and/or wolfCrypt?

Have a  question that isn't on the FAQ? Feel free to email us at

Posts navigation

1 2