So, what’s new at wolfSSL? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL adds Silicon Labs Hardware acceleration support

wolfSSL is excited to announce support for using Silicon Labs Hardware acceleration. The EFR32 family of devices support multiple wireless interfaces with hardware cryptographic operations. wolfSSL can now offload cryptographic operations for dramatically increased performance on the Silicon Labs EFR32 family!

Our new support includes hardware acceleration of the following algorithms:

  • RNG
  • SHA-1
  • SHA-2

The new functionality can be enabled by defining WOLFSSL_SILABS_SE_ACCEL. In user_settings.h More details are available in the in wolfcrypt/src/port/silabs of the wolfSSL tree.


Benchmark was performed on an EFR32 Gecko 2 (Series 1) using the xGM210P022.

The tests use Simplicity Studio v5 with Gecko SDK 3.0 using Micrium OS 5 and Secure Element Manager.

Algorithm Data Throughput (MB/s)
RNG 1.895
SHA 7.195
SHA-224 7.327
SHA-256 7.334
HMAC-SHA 6.304
HMAC-SHA224 6.329
HMAC-SHA256 6.323
AES-128-CBC-enc 4.897
AES-128-CBC-dec 4.907
AES-192-CBC-enc 4.795
AES-192-CBC-dec 4.805
AES-256-CBC-enc 4.703
AES-256-CBC-dec 4.712
AES-128-GCM-enc 4.463
AES-128-GCM-dec 4.317
AES-192-GCM-enc 4.377
AES-192-GCM-dec 4.235
AES-256-GCM-enc 4.297
AES-256-GCM-dec 4.162
AES-CCM-Enc 4.203
AES-CCM-Dec 4.045


ECC operation Average time to complete (ms) Operations per second
ECC 256 key gen 5.929 168.663
ECDHE 256 agree 5.440 183.816
ECDSA 256 sign 6.373 156.902
ECDSA 256 verify 6.727 148.662

Please contact us at  with any questions you have on wolfSSL, or just give us a call!

wolfSSL NXP SE050 Support Update

wolfSSL now supports NXP’s SE050 hardware security chip. This is an external I2C crypto co-processor chip that supports RSA key sizes up to 4096-bit, ECC curves up to 521 bit and ED25519 / Curve25519. You can see the full implementation details in GitHub pull request 4322.

We have also expanded our Kinetis LTC support to accelerate RSA key generation. This made it into our v4.8.1 release of wolfSSL.

NXP Semiconductor is a key member of wolfSSL’s partner network. wolfSSL ships with support for offloading cryptographic operations onto several NXP devices, such as the Coldfire, Kinetis, LPC, S32 and i.MX microprocessors. Additionally we support hardware cryptographic acceleration using NXP’s CAU, MMCAU, LTC, CAAM and SE050 hardware. If your target is missing, tell us!

wolfSSL develops a full suite of products supporting NXP designs. Learn about wolfBoot secure boot and TLS 1.3 firmware update with FreeRTOS and wolfSSL on NXP Freedom Board K64 here. After the release of wolfSSL version 4.2.0, we provide improved support for crypto hardware performance, now on NXP mmCAU. Download the latest wolfSSL version 4.8.1 here!

wolfSSL also provides surviving FIPS certificates that can be leveraged for your i.MX8, i.MX7 and i.MX8 CAAM projects. Stay tuned for upcoming FIPS 140-3 support. 

For more information, visit our blog post on the wolfSSL-NXP Partnership Roundup. Write to us at so we can learn more about your NXP projects!

Love it? Star us on GitHub!

Open Source Project Ports: tcpdump


wolfSSL is always adding new ports to our highly portable wolfCrypt library! We’re continuing our series on the latest open source project portsthis week, we’re featuring tcpdump.

We have integrated wolfSSL with tcpdump, a powerful command-line packet analyzer. This update allows for the use of tcpdump with our FIPS-validated crypto library, wolfCrypt. Tcpdump is a versatile tool with many options and filters, and is commonly used to capture or filter TCP/IP packets that are received or transferred over a network on a specific interface. Its long-running history ensures that there are many resources available for learning how to use this tool (See the tcpdump Wikipedia page for more info). 

Through the OpenSSL compatibility layer, tcpdump is able to call into wolfSSL. Visit the GitHub page here:

Need more? Subscribe to our YouTube channel for access to wolfSSL webinars!
Love it? Star us on GitHub!

U-Boot with wolfTPM Update

News to look forward towolfSSL plans to integrate wolfTPM, our portable TPM 2.0 library, into U-Boot! This would extend the TPM 2.0 capabilities in U-Boot to include signature verification and measured boot.

For many platforms, we can replace U-Boot such as on the Xilinx UltraScale+ MPSoC.

wolfBoot is a portable secure bootloader solution that offers firmware authentication and firmware update mechanisms. Thanks to its minimalistic design, wolfBoot is completely independent from any OS or bare-metal application. Some of its key features include:

  • Partition signature verification using ED25519, RSA and ECC
  • Encryption of partitions
  • Updating of partitions in the boot loader
  • Measured boot with TPM 2.0 PCR registers
  • Offloading to crypto coprocessors like the TPM 2.0 modules
  • Version checking for updates
  • Rollback on failed updates

For information on our wolfBoot TPM integration, visit

If you are interested in our U-Boot wolfTPM integration, please email

Connect with wolfSSL!

RSA 3k or ECC 384 support in wolfBoot

Public key infrastructure or PKI is important term used to define everything that is used to “create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.” ( As RSA and ECC are one of the main algorithms used for PKI key generation, we are wondering if anyone is interested in RSA 3k or ECC 384 support in wolfBoot?

Please let us know by sending a note to

You can download the latest release here:
Or clone directly from our GitHub repository:
While you’re there, show us some love and give the wolfBoot project a Star!

wolfSSL and libOQS Integration

wolfSSL has long been aware of the quantum threat to modern cryptography. Though quantum computing currently exists on small scales, research has determined enough to know that once full-scale quantum computing is available, all modern cryptography (RSA, ECC, etc.) will no longer be secure. Furthermore, the proven usage model of Quantum Computing as a Service (QCaaS) via the Cloud means that quantum capabilities will be more widely available, posing a greater security threat. This risk is why wolfSSL provides support for integration with the NTRU cryptosystem and an implementation of the QSH TLS extension. 

With NIST already having announced the Round 3 finalists of the Post-Quantum Cryptography Competition, we thought it was time to update our quantum-safe offerings. WolfSSL will soon support integration with the Open Quantum-Safe project’s libOQS. Initial support will be for Key Exchange only using all parameter sets of Crystals-Kyber, NTRU, and SABER for TLS 1.3. With perfect forward secrecy, these algorithms can protect you from the “Harvest and Decrypt” threat model.


“Harvest and Decrypt”

If encrypted sensitive data is stolen (harvested) today, it will be accessible (decrypted) once a sufficiently-powered quantum computer is available. If the sensitive information has a secrecy requirement that extends beyond the time it will take to develop large-scale quantum computing, then that data should be considered at risk today. The quantum threat to current confidential data demonstrates the importance of migrating to quantum-safe solutions as soon as possible. For more details, you can look up “Mosca’s Inequality”.


Next Steps

To continue future-proofing encrypted data streams, wolfSSL plans to hybridize key construction algorithms with NIST-standardized ECDSA components. These hybridized algorithms will continue to be FIPS compliant under the current NIST standards. In addition, wolfSSL is developing a test for post-quantum cURL, coming in the next 4 to 6 weeks.

wolfSSL is attending ICMC (International Cryptographic Module Conference) this week, where we will be talking more about post-quantum computing—come visit us there! 

For more information, please contact us at or visit our GitHub!

Meet us at ICMC This Week!

wolfSSL is an exhibiting sponsor at this year’s International Cryptographic Module Conference (ICMC) in Maryland. We’re all about doing cryptography right, and as the best-tested crypto on the market, we can’t wait to talk through securing your projects at ICMC.

Find us September 1-3 in Washington DC at the Hyatt Regency Bethesda or online to join this hybridized event! We’re talking about:
• Benchmarking wolfCrypt for your target
• FIPS 140-3 validated crypto
• The advantages of TLS 1.3
• wolfCrypt as an engine for OpenSSL
• TPM/HSM support
• OCSP support
• TLS 1.3 sniffing
• wolfRand, wolfSSL’s FIPS module with a hardware entropy source
• DO-178C DAL A
• Post-quantum algorithms in wolfSSH
• RISC-V support in wolfBoot
• Commercial-style developer support backed 24×7 by a team of real Engineers
• Why open source matters for best-tested security

Come meet us at ICMC and bring all your cryptography questions! In the meantime, download and star wolfSSL on GitHub. If you’d like to book a meeting online or in-person, email We can’t wait to see you!

Open Source Project Ports: libssh2

One of the highlights of our wolfCrypt library is its exceptional portability, which allows wolfSSL’s team of engineers to frequently add new ports! Stay tuned for the rest of our blog series on the latest open source project ports over the next few weeks.

This week, we’re showcasing libssh2! We have integrated wolfSSL with the libssh2 project, which allows for the use of libssh2 with our FIPS-validated crypto library, wolfCrypt. Libssh2 is a client-side C library designed to implement the SSH2 protocol for embedding specific SSH (Secure Shell) capabilities into other tools. The project includes hundreds of functions that allow specific activities and components to be selected and added to an application, while still remaining small in size.

We’ve enabled libssh2 to be able to call into wolfSSL through the OpenSSL compatibility layer. You can access the GitHub page here:

Need more? Subscribe to our YouTube channel for access to wolfSSL webinars!
Love it? Star us on GitHub!

lighttpd Upstream Support

lighttpd has added support for wolfSSL in version 1.4.51! lighttpd is a fast and lightweight web server designed with a very low memory footprint. These design goals make wolfSSL an excellent choice as the SSL/TLS implementation, as it’s built to be lightweight, portable, and very fast. wolfSSL targets embedded and IoT devices but works just as well on desktop, enterprise, and cloud environments. Configuring wolfSSL as the SSL/TLS backend for lighttpd is simple and can provide you with the immediate benefit of a lower memory footprint and faster cryptography!

Compile wolfSSL with:

./configure --enable-lighty
make install

Compile lighttpd with:

./configure --with-wolfssl
make install

To learn about how to setup your lighttpd instance to use wolfSSL, please visit

Contact us at with any questions or feedback.
Love it? Star us on GitHub!

Upcoming Webinar : wolfCLU – Command Line Utility

Did you know we have a command-line utility? wolfSSL has laid the groundwork for a portable CLU, called wolfCLU. We want our community to be aware so you have the opportunity to begin using it with the wolfSSL embedded SSL/TLS library! Join our upcoming webinar to learn how.

Join this webinar to learn about wolfCLU and current features–such as autoconf for portability and FIPS build compatibility–as well as our future plans like certificate request creation. As always, bring your questions for the Q&A following the presentation. This is your chance to tell us what YOU want from wolfCLU!

When: Aug 26, 2021 10:00 AM Pacific Time (US and Canada)

Register in advance for this webinar:

Contact us at to learn more!

Posts navigation

1 2 3 4 5 6 138 139 140

Weekly updates


Latest Tweets