Introducing tinytls13: A minimal TLS 1.3 build profile that fits a complete client in about 30 KB of flash.

In brief. tinytls13 is a new wolfSSL build profile for deeply constrained devices. It compiles a complete, working TLS 1.3 client in about 30.8 KB of flash on an ARM Cortex-M33, with no X.509 and no extras you did not ask for.

Why we built it


Secure boot, attestation, and IoT connectivity increasingly need TLS 1.3, yet TLS 1.3 has a reputation for being too large for the smallest microcontrollers. tinytls13 removes that objection. It is a TLS 1.3-only profile that strips everything which is not TLS 1.3 and defaults to the smallest useful handshake, so you start from a tiny floor and add only the features your product needs.

How small


On a bare-metal ARM Cortex-M33, the PSK floor links in 30.8 KB of flash (text plus data). The same recipe reproduces on Intel x86_64 and ARM aarch64, with the instruction set setting the absolute scale. Only about a third of that footprint is cryptography; the rest is the TLS 1.3 protocol itself.

Add only what you need


The floor is deliberately minimal: TLS 1.3 only, client only, one key-exchange group (X25519 by default), AES-128-GCM, SHA-256, and no X.509. From there you opt into exactly what you need:

  • Zero-heap memory. A static memory pool with no system malloc adds about 1.3 KB.
  • NIST P-256. Switching the curve from X25519 to P-256 adds about 6 KB.
  • Certificates and mTLS. Minimal X.509 verification brings the client to about 61 KB, and mutual authentication to about 65 KB.
  • Post-quantum. ML-DSA-44 signature verification fits in about 43 KB.

Reproduce it in one flag


The smallest client is a single configure flag, and each measured configuration is one switch:

./configure --enable-tinytls13                  # PSK X25519 floor (~30.8 KB)
./configure --enable-tinytls13=psk,p256         # PSK with NIST P-256
./configure --enable-tinytls13=cert             # X.509 certificate verify
./configure --enable-tinytls13=cert,mutualauth  # mutual TLS
make

Flash is read straight from the linked binary with size, so every number is easy to confirm on your own toolchain. The full build recipe, including the parity-matched comparison against MbedTLS, is in our size-comparison benchmark.

Availability


tinytls13 is available now in wolfSSL. Every configuration is built and tested in CI, with live TLS 1.3 handshakes on each profile. To get started, or to discuss a footprint target for your hardware, contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

tinytls13 was added to wolfSSL in pull request #10751. For more information and the full implementation, see PR #10751.

Download wolfSSL Now