When choosing a TLS library, two questions come up again and again: how much memory does it use and how fast is it. This post focuses on memory, comparing the heap usage of wolfSSL against several OpenSSL releases for an identical TLS 1.2 handshake. All numbers below were regenerated with current releases; wolfSSL 5.9.1 versus […]
Read MoreMore TagMonth: June 2026
Bringing the Broker to the Edge – wolfMQTT’s New Embedded MQTT Broker
What if your MQTT architecture could eliminate the gateway entirely? Most MQTT deployments rely on a cloud-hosted or gateway-based broker. But some systems need local operation, lower latency, disconnected communication, or tighter control over system resources. Join us on June 17 at 9 AM PT for a technical introduction to the new embedded MQTT broker […]
Read MoreMore TagwolfIP: Deterministic TCP/IP Without Dynamic Memory Allocation – APAC-Friendly Time
Many networking stacks make it difficult to predict memory usage, runtime behavior, and certification effort. For embedded, real-time, and safety-critical systems, that uncertainty can add complexity throughout development, testing, and deployment. Join us for a technical webinar on wolfIP, a compact TCP/IP stack designed specifically for deterministic embedded networking. wolfIP eliminates runtime memory allocation and […]
Read MoreMore TagNative HTTP Message Signatures in curl, Powered by wolfSSL – Part 3
In Part 1, we argued agents need cryptographic request authenticity. In Part 2 we surveyed the ecosystem and the adjacent tools. This post is about what we’re contributing: native RFC 9421 support at the plumbing layer — curl and libcurl, with wolfCrypt providing the Ed25519 math. Two open PRs: curl — curl/curl#21239 — httpsig: add […]
Read MoreMore TagwolfCOSE: The First COSE Implementation with ML-DSA – Production-Tested, CAVP-Validated Post-Quantum Signatures in wolfCOSE
If you are signing CBOR payloads on an embedded device and you have started worrying about “harvest now, decrypt later,” that worry now extends to signatures too. Long-lived firmware artifacts, attestation reports, supply-chain manifests: anything signed today with ECDSA or RSA can be retroactively forged by an adversary with a cryptographically relevant quantum computer. wolfCOSE […]
Read MoreMore TagwolfCOSE: What is COSE?
COSE (CBOR Object Signing and Encryption) is a compact binary format for attaching signatures, encryption, or MACs directly to a piece of data, so that the proof travels with the object no matter how it is stored, cached, or forwarded. That is the whole idea. If you know JOSE, JWT, JWS, JWE, COSE is the […]
Read MoreMore TagThe Identity Gap: SigV4, JWT, mTLS, and the Open-Source Race to Authenticate AI Agents – Part 2
In Part 1, we argued that AI agents break the identity model the web was built on, and that RFC 9421 is a natural — if incomplete — primitive for the layer that’s missing. That invites three fair questions: Doesn’t AWS Signature V4 already do this? Doesn’t JWT already do this? If 9421 is the […]
Read MoreMore TagReplacing Zephyr’s TCP/IP Stack with wolfIP
Zephyr is a great RTOS for embedded development: broad board support, a familiar BSD socket interface, and a flexible networking subsystem. However, teams building long-lived connected products often need more than a default network stack: they need predictable memory behavior, modern TCP features, and tight alignment with their security architecture. Our new wolfIP port, replacing […]
Read MoreMore TagAnnouncing wolfssl-wolfcrypt Rust Crate v2.0.0
We are pleased to announce the release of wolfssl-wolfcrypt version 2.0.0, now available on crates.io. This major update introduces critical safety enhancements, expanded algorithm support, and architectural changes to improve reliability across different build configurations. Breaking Changes This release includes some breaking API changes necessitated by memory safety and soundness improvements: RNG Ownership: ECC::set_rng, RSA::set_rng, […]
Read MoreMore TagSigning the Agentic Web: Why AI Agents Need an Identity Layer – Part 1
We spent two decades teaching the web how to trust people. Passwords, OAuth, WebAuthn, passkeys — each generation a little less phishable than the last. It worked because the client was a human, or a program a human wrote, and there was typically one of them per session. That assumption has quietly collapsed. An autonomous […]
Read MoreMore Tag