RECENT BLOG NEWS
Enhancing wolfSSL’s CMake Build System: Adding WOLFSSL_CLU Support
The wolfSSL team recently merged a significant improvement to their CMake build system with Pull Request #8548. This enhancement adds a new WOLFSSL_CLU option to CMakeLists.txt, providing CMake users with the same functionality that was previously only available through the –enable-wolfclu option in the autotools build system.
What is wolfCLU?
Before diving into the technical details, let’s understand what wolfCLU is. The wolfSSL Command Line Utility (wolfCLU) is a powerful tool that provides cryptographic operations through a command-line interface. It leverages wolfSSL’s cryptographic library (wolfCrypt) to perform common operations such as:
- Creating certificates and certificate requests
- Generating public/private key pairs
- Creating and verifying digital signatures
- Encrypting and decrypting files
- Parsing X.509 certificates
- Establishing certificate chains with a Certificate Authority
wolfCLU serves as an alternative to OpenSSL’s command-line tools, particularly for environments where OpenSSL is not installed or for users who prefer wolfSSL’s lightweight and security-focused implementation.
The Technical Enhancement
The PR adds a new WOLFSSL_CLU option to wolfSSL’s CMakeLists.txt that, when enabled, automatically configures wolfSSL with all the features required by wolfCLU. This includes:
- Certificate Operations:
- Certificate Generation (WOLFSSL_CERTGEN)
- Certificate Request Generation (WOLFSSL_CERTREQ)
- Certificate Extensions (WOLFSSL_CERTEXT)
- Cryptographic Algorithms:
- MD5 (WOLFSSL_MD5)
- AES Counter Mode (WOLFSSL_AESCTR)
- ED25519 for digital signatures (WOLFSSL_ED25519)
- SHA-512 (WOLFSSL_SHA512)
- Triple DES (WOLFSSL_DES3)
- Additional Features:
- Key Generation (WOLFSSL_KEYGEN)
- OpenSSL Compatibility (WOLFSSL_OPENSSLALL)
- PKCS#7 Support (WOLFSSL_PKCS7)
- Compiler Flags:
- -DHAVE_OID_ENCODING: Enables OID encoding functionality
- -DWOLFSSL_NO_ASN_STRICT: Disables strict ASN.1 parsing
- -DWOLFSSL_ALT_NAMES: Enables alternative name support
- -DOPENSSL_ALL: Ensures OpenSSL compatibility functions are available
The PR also updates the GitHub Actions workflow to test this new option, ensuring it works correctly in the CI environment.
How to Use It
To build wolfSSL with wolfCLU support using CMake, simply add the -DWOLFSSL_CLU=yes option to your CMake command:
mkdir build cd build cmake .. -DWOLFSSL_CLU=yes make
This will configure wolfSSL with all the necessary features and compiler flags to support wolfCLU.
Conclusion
This PR demonstrates wolfSSL’s commitment to providing consistent build options across different build systems and improving the developer experience. By adding the WOLFSSL_CLU option to CMakeLists.txt, the wolfSSL team has made it easier for developers to build and use wolfCLU with wolfSSL, regardless of their preferred build system.
For more information about wolfCLU and its capabilities, visit the wolfSSL website or check out the wolfCLU GitHub repository.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Using secp256k1 with wolfSSL: A Step-by-Step Guide
Elliptic curve cryptography (ECC) is increasingly popular in secure communications, and secp256k1—famous for its use in Bitcoin and Blockchains—is a widely used curve. This blog post will walk you through building wolfSSL with support for secp256k1, generating an ECC certificate using that curve, and using it in a TLS connection with wolfSSL’s example client and server.
Step 1: Build wolfSSL with secp256k1 Support
Start by cloning the wolfSSL repository and building it with custom curve and certificate generation support:
# Download wolfssl from https://www.wolfssl.com/download/ cd wolfssl ./configure --enable-ecccustcurves=all --enable-keygen --enable-certgen --enable-certreq --enable-certext make sudo make install
Step 2: Generate a secp256k1 Certificate
Next, use the certgen example from wolfSSL’s examples repository.
git clone https://github.com/wolfssl/wolfssl-examples cd wolfssl-examples/certgen
Modify the example for secp256k1
In certgen_example.c, modify the key generation line to explicitly use secp256k1:
- ret = wc_ecc_make_key(&rng, 32, &newKey); + ret = wc_ecc_make_key_ex(&rng, 32, &newKey, ECC_SECP256K1);
Add Key Output in PEM Format
To write the private key to a file, add the following block after certificate generation (be sure to add in proper error checks):
derBufSz = wc_EccKeyToDer(&newKey, derBuf, LARGE_TEMP_SZ);
pemBufSz = wc_DerToPem(derBuf, derBufSz, pemBuf, LARGE_TEMP_SZ, ECC_PRIVATEKEY_TYPE);
if (pemBufSz < 0) goto exit;
file = fopen("newCert.key", "wb");
if (!file) goto exit;
ret = (int)fwrite(pemBuf, 1, pemBufSz, file);
fclose(file);
Build and Run
make ./certgen_example
You should now have newCert.pem and newCert.key files using a secp256k1 key.
Step 3: Configure Client/Server for secp256k1
Go back to the wolfssl directory and modify the client example to explicitly support the secp256k1 curve:
+++ b/examples/client/client.c
@@ -3707,6 +3707,9 @@
#endif
+
+ wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256K1);
+
#if defined(HAVE_SUPPORTED_CURVES)
Run the Server and Client
Use the generated cert/key with the server, and run the client with a trusted CA cert:
./examples/server/server -d -c newCert.pem -k newCert.key ./examples/client/client -A ./certs/ca-ecc-cert.pem
If everything is set up correctly, you'll see output like:
SSL version is TLSv1.2 SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 SSL curve name is SECP256K1 I hear you fa shizzle!
You’ve just built wolfSSL with support for custom ECC curves, generated a certificate using secp256k1, and successfully used it in a TLS session. This setup is great for anyone integrating Bitcoin-style cryptography into embedded or resource-constrained systems using wolfSSL.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Announcing mcwolf: Classic McEliece Support with wolfSSL
We are excited to announce the creation of mcwolf, a new project that brings a Classic McEliece post-quantum cryptographic algorithm implementation and integration to wolfSSL. We would like to thank Daniel J. Bernstein for the integration work that went into mcwolf.
The mcwolf project is a series of scripts and patches against wolfSSL that adds support for Classic McEliece, a code-based post-quantum cryptographic algorithm that is deployed in various applications (see https://mceliece.org) and is under consideration for standardization by ISO. The project uses the official vec implementation of Classic McEliece, providing a portable solution that can be optimized for various platforms. This implementation vectorizes across 64-bit integers.
The project’s page can be found here.
Why Classic McEliece?
Post-quantum cryptographic algorithms like Classic McEliece are designed to resist attacks from both classical and quantum computers, ensuring long-term security for sensitive data.
Classic McEliece is particularly known for its:
- Strong security foundations based on the well-studied McEliece cryptosystem with a long pedigree dating back to 1978
- Relatively small ciphertext sizes compared to other post-quantum KEMs
Technical Details
The mcwolf project has several notable characteristics:
- Uses the official vec implementation of Classic McEliece, which is portable across platforms
- Includes comprehensive testing, with the same code being extensively tested in SUPERCOP and libmceliece
The implementation supports various parameter sets for Classic McEliece, including:
- mceliece348864
- mceliece348864pc
- mceliece460896
- mceliece460896pc
- mceliece6688128
- mceliece6688128pc
- mceliece6960119
- mceliece6960119pc
- mceliece8192128
- mceliece8192128pc
How to Build mcwolf
Building mcwolf is straightforward. Go to https://cr.yp.to/2025/20250426-mcwolf/notes.html and download the build script. Mark it as executable and run the script on your linux machine. You need curl, python3, git, autoconf, libtool and generic gcc build tools already installed.
The mcwolf implementation includes tests that are integrated into the existing testing framework. Here is some expected output:
... MCELIECE348864 test passed! MCELIECE460896 test passed! MCELIECE6688128 test passed! MCELIECE6960119 test passed! MCELIECE8192128 test passed! ... ------------------------------------------------------------------------------ wolfSSL version 5.8.0 ------------------------------------------------------------------------------ Math: ??????Multi-Precision: Wolf(SP) word-size=64 bits=4096 sp_int.c wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each) mceliece 348864 key gen 100 ops took 4.492 sec, avg 44.922 ms, 22.261 ops/sec mceliece 348864 encap 18100 ops took 1.005 sec, avg 0.056 ms, 18007.073 ops/sec mceliece 348864 decap 6500 ops took 1.005 sec, avg 0.155 ms, 6466.727 ops/sec mceliece 460896 key gen 100 ops took 14.307 sec, avg 143.068 ms, 6.990 ops/sec mceliece 460896 encap 9800 ops took 1.005 sec, avg 0.103 ms, 9751.777 ops/sec mceliece 460896 decap 2200 ops took 1.009 sec, avg 0.459 ms, 2180.508 ops/sec mceliece 6688128 key gen 100 ops took 30.491 sec, avg 304.906 ms, 3.280 ops/sec mceliece 6688128 encap 5900 ops took 1.007 sec, avg 0.171 ms, 5856.450 ops/sec mceliece 6688128 decap 2000 ops took 1.001 sec, avg 0.500 ms, 1998.431 ops/sec mceliece 6960119 key gen 100 ops took 27.325 sec, avg 273.249 ms, 3.660 ops/sec mceliece 6960119 encap 6300 ops took 1.008 sec, avg 0.160 ms, 6248.913 ops/sec mceliece 6960119 decap 2100 ops took 1.022 sec, avg 0.487 ms, 2055.315 ops/sec mceliece 8192128 key gen 100 ops took 35.826 sec, avg 358.255 ms, 2.791 ops/sec mceliece 8192128 encap 5500 ops took 1.001 sec, avg 0.182 ms, 5495.955 ops/sec mceliece 8192128 decap 2100 ops took 1.044 sec, avg 0.497 ms, 2010.617 ops/sec
Conclusion
The mcwolf implementation brings another post-quantum cryptographic KEM to wolfSSL, helping to future-proof security-critical applications against the threat of quantum computing. We encourage the wider community to try out the mcwolf project!
From the wolfSSL team, we give our heart-felt thanks to Daniel J. Bernstein! Thank you Daniel!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
wolfSSL Inc. achieves first major maintenance submission post FIPS 140-3 validation
wolfSSL is thrilled to announce a significant achievement! Following receipt of our FIPS 140-3 validated certificate #4718 last July, wolfSSL completed the first update to that certificate. On May 16, 2025, the wolfSSL OEUP submission, encompassing a batch of 25 Operating Environments, received approval from the CMVP. The exceptional reviews provided by our trusted FIPS laboratory Aegisolve Inc. were critical to achieving this milestone, and they have our utmost gratitude! We invite all to review the updated details in our Security Policy Table 6, also provided below. This approval marks a major advancement in wolfSSL’s FIPS 140-3 efforts!
| Operating System | Hardware Platform | Processors | PAA/PAI | Hypervisor or Host OS | Version(s) |
|---|---|---|---|---|---|
| Linux 4.4 (Ubuntu 16.04 LTS) | Intel Ultrabook 2 in 1 | Intel Core i5-5300U CPU @2.30GHz x 4 | Yes | v5.2.1 | |
| Linux 4.4 (Ubuntu 16.04 LTS) | Intel Ultrabook 2 in 1 | Intel Core i5-5300U CPU @2.30GHz x 4 | No | v5.2.1 | |
| Android 13 | Samsung Galaxy XCover Pro | Exynos 9611 without PAA | No | v5.2.1 | |
| Linux 5.4 | WTM 4100 | Broadcom BCM56260B0IFSBG – Saber2 | No | v5.2.1 | |
| RedHat Enterprise Linux Workstation 8.9 | Precision 5820 Tower | Intel® Xeon® W-2255 @ 3.7GHz | No | v5.2.1 | |
| FreeRTOS v10.4 | Network Interface Card for Aclara RF | Renesas R7FA6E10F | No | v5.2.1 | |
| Linux 5.15 | iSTAR physical access controller | Freescale i.MX7 Dual Arm Cortex A-7 | No | v5.2.1 | |
| Linux 4.14 | Ricoh IM C3010 | Intel® Atom® E3930 @1.30GHz | No | v5.2.1 | |
| Linux 4.14 | Ricoh IM C4510 | Intel® Atom® E3940 @1.60GHz | No | v5.2.1 | |
| NET+OS v7.6 | Spectrum Infusion System | Digi International NS9210 | No | v5.2.1 | |
| Yocto (kirkstone) 4.0 | Novum IQ Infusion Platform | NXP i.MX6UL | No | v5.2.1 | |
| MQX 3.4 | FEI-Zyfer Time and Frequency System | NXP PowerQUICC II MPC8313e 32bit | No | v5.2.1 | |
| CodeOS v1.4 | Series CR2700 Code Reader(s) | CodeCorp CT8200 (ARM FA626TE) | No | v5.2.1 | |
| OpenRTOS v10.5 | Teledyne Webb SOM Module | STM32L4R5 | No | v5.2.1 | |
| Endace Crypto Firmware 2.1 | EndaceProbe 2144 | Intel® Xeon® Silver 4316 CPU @2.30GHz | No | v5.2.1 | |
| Endace Crypto Firmware 2.1 | EndaceProbe 2144 | Intel® Xeon® Silver 4316 CPU @2.30GHz | Yes | v5.2.1 | |
| Endace Crypto Firmware 2.1 | EndaceProbe 2184 | Intel® Xeon® Gold 6338N CPU @2.20GHz | No | v5.2.1 | |
| Endace Crypto Firmware 2.1 | EndaceProbe 2184 | Intel® Xeon® Gold 6338N CPU @2.20GHz | Yes | v5.2.1 | |
| Endace Crypto Firmware 2.1 | EndaceProbe 94C8 | Intel® Xeon® Gold 5418N CPU @1.80GHz | Yes | v5.2.1 | |
| Endace Crypto Firmware 2.1 | EndaceProbe 92C8 | Intel® Xeon® Gold 6230N CPU @2.30GHz | Yes | v5.2.1 | |
| Anyware Trusted Zero Client Firmware Kernel 6.1 | Anyware Trusted Zero Client | AMD Ryzen Embedded R1305G | No | v5.2.1 | |
| Anyware Trusted Zero Client Firmware Kernel 6.1 | Anyware Trusted Zero Client | AMD Ryzen Embedded R1305G | Yes | v5.2.1 | |
| Anyware Trusted Zero Client Firmware Kernel 6.1 | HP tz655 Trusted Zero Client | AMD Ryzen Embedded R2314 | Yes | v5.2.1 | |
| Fusion Embedded RTOS 5.0 | Classone ® IP Radio Gateway | Analog Devices ADSP-BF516 (Blackfin) | No | v5.2.1 | |
| Linux 5.4 | Harman MUSE MU Controller | NXP i.MX8M | No | v5.2.1 | |
| Linux 4.9 | Harman N2612S Video encoder/decoder | ARM Cortex-A7 | No | v5.2.1 | |
| Linux 5.10 | Harman N4321D audio transcoder | NXP i.MX8 | No | v5.2.1 |
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Partner Webinar: Securing the Future: wolfSSL Solutions for NXP IIoT Edge MCX MCU Portfolio
With cybersecurity regulations like the U.S. Cyber Trust Mark and EU Cyber Resilience Act on the rise, embedded developers need to stay ahead of the curve. Join wolfSSL Senior Software Engineer David Garske and NXP Security Product Manager Stella Or for an in-depth technical webinar where we’ll explore how to meet these new challenges with modern, standards-based solutions.
Register today: Securing the Future: wolfSSL Solutions for NXP IIoT Edge MCX MCU Portfolio
Date: May 21st | 9 AM PT
In this session, we’ll dive into NXP’s MCX MCU portfolio, featuring Arm® Cortex®-M33 cores and EdgeLock® Secure Enclave, and how they power secure, high-performance IoT edge applications. With integrated wireless connectivity, secure boot, and flexible memory, MCX MCUs simplify secure and scalable IIoT development.
We’ll also showcase how wolfSSL’s optimized solutions—like TLS 1.3, wolfBoot, and wolfMQTT—are designed for embedded systems. Plus, learn how wolfSSL’s FIPS 140-3 support ensures your security is compliance-ready, seamlessly integrating with NXP’s Application Code Hub (ACH) to streamline your development process.
In this webinar, you’ll learn to:
- Decode key cybersecurity regulations (U.S. Cyber Trust Mark, EU CRA, FIPS 140-3)
- Discover how NXP’s MCX MCU portfolio enables secure IIoT development
- Implement secure updates and connections using wolfSSL’s TLS, wolfBoot, and wolfMQTT
- Accelerate your development with ready-to-use examples from NXP’s ACH
- Watch live demos of TLS 1.3 on Zephyr with MCX N947 and secure boot with wolfBoot on MCX W716
As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
curl-up 2025 Recap
Special thanks to Apify for sponsoring curl-up 2025!
The much-anticipated curl-up 2025 has wrapped up, bringing developers. Open-source enthusiasts, and industry leaders together in Prague.
Over the weekend, sixteen insightful curl-related presentations were delivered, sparking discussions not only during the sessions but also over lunches, coffee breaks, and evening gatherings.
If you missed it or want to rewatch your favorite moments, the entire event is available on the YouTube Playlist. You can also explore the Agenda Page for slides and session details.
We appreciate the dedication of the curl community and the project sponsors that made this event possible. Plans are already in motion for curl-up 2026! Stay tuned for updates!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Announcing STM32WBA Support in wolfSSL
We’re excited to announce that wolfSSL now officially supports the STM32WBA series of microcontrollers from STMicroelectronics! This addition broadens our commitment to providing lightweight, robust, and high-performance SSL/TLS solutions across a wide range of embedded platforms.
What is the STM32WBA Series?
The STM32WBA series is a family of ultra-low-power wireless microcontrollers designed to bring advanced Bluetooth® Low Energy (LE) connectivity to IoT and embedded devices. Built around the Arm Cortex-M33 core with TrustZone security and integrated radio, STM32WBA microcontrollers are optimized for secure, connected applications in healthcare, industrial, and smart home environments.
Why This Matters
By integrating wolfSSL with STM32WBA, developers now have:
- Seamless TLS/SSL support for Bluetooth LE and IP-based connectivity.
- Optimized performance with wolfSSL’s small footprint and STM32’s hardware acceleration features.
- Ease of integration with STM32Cube ecosystem tools and examples to get started quickly.
Key Highlights:
- Full TLS 1.3 and DTLS 1.3 support.
- Hardware crypto acceleration using STM32WBA’s on-chip crypto engine.
- Support for wolfCrypt’s entire crypto-suite (including Post-Quantum Cryptography).
- Example projects for STM32CubeIDE and STM32CubeMX to simplify setup.
To explore wolfSSL on STM32WBA, check out our STM32 Cube Pack instructions and examples here.
For more information on wolfSSL and how it integrates with the STM32WBA, visit our documentation or reach out to our team at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfSSL’s µITRON support and HSM integration
We have received many inquiries about wolfSSL’s µITRON support for years.
The fact that µITRON is used so widely by wolfSSL customers is unique to Japan, but wolfSSL supports µITRON in all wolfSSL products to meet the needs of Japanese customers.
ITRON is an RTOS specification definition, so it is available in many commercial versions, including the open source TOPPERS/ASP, eT-Kernel (eSOL), µC3 (eForce), NORTi (MISPO), and many others. There are also cases where companies have developed their own µITRON-compliant RTOS and are using it, and there are many derivative versions of µITRON that have their own functional enhancements and specification changes.
wolfSSL supports all µITRON versions, including these derivatives.
wolfBoot is available for secure boot, and wolfHSM is available for more robust systems using HSMs (hardware security modules), which have recently been gaining attention.
HSM is a technology that isolates the root of trust functions, such as signature verification and encryption processing, into a physically independent processor or isolated execution context, dramatically improving the security of encryption keys and encryption processing. While HSM’s may make it easier to achieve physical robust security, there is also the issue that the functions such as encryption algorithms provided by the HSM processor are limited. wolfHSM is a framework that makes it possible to expand the encryption algorithm functions as needed by integrating software encryption processing with the basic functions provided by such chips. It is also possible to use the latest quantum-resistant encryption algorithms developed by wolfSSL, as well as algorithms such as SM2, SM3, and SM4.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Live Webinar: What’s New in wolfBoot – Tailored for the Asia-Pacific Time Zone
Learn how wolfBoot revolutionizes secure boot for embedded systems with groundbreaking features designed for quantum resistance and hybrid authentication.
wolfBoot is a lightweight, OS-independent secure bootloader designed specifically for embedded systems. It ensures trusted firmware verification, supports a wide range of architectures, and is optimized for resource-constrained environments. With FIPS 140-3 validation and post-quantum readiness, wolfBoot is essential for securing devices in a future-proof manner.
Join us for a secure boot webinar tailored for Asia-Pacific time zones and discover the latest updates in wolfBoot.
Register today: What’s New in wolfBoot – Tailored for the Asia-Pacific Time Zone
Date: May 15th | 7 PM PT / May 16th | 11 AM JST
As quantum computing capabilities advance, securing your boot process with post-quantum cryptography becomes increasingly critical. This session will explore how wolfBoot meets that challenge with hybrid cryptographic authentication, expanded hardware support, and compliance with industry standards like FIPS 140-3 and CNSA 2.0.
This webinar will cover:
- Introduction to wolfBoot: secure boot principles, specifications, and architecture support
- Boot strategies, trust anchor management, and TPM integration
- Recent updates including FIPS 140-3 and the Intel Tiger Lake port
- Keystore and keyvault management enhancements
- Post-quantum migration strategies, including ML-DSA and hybrid authentication
As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Post-Quantum Benchmark Comparison: ML-KEM wolfSSL 5.8.0 vs. OpenSSL 3.5
Recently, both OpenSSL 3.5 and wolfSSL 5.8.0 have been released. We thought we’d run some benchmarks on an x86_64 Linux PC.
Note: output has been edited for brevity and clarity.
OpenSSL
Configuration and build:
$ ./Configure $ make all
Benchmarking Output:
47317 ML-KEM-512 KEM keygen ops in 0.99s 72114 ML-KEM-512 KEM encaps ops in 1.00s 46625 ML-KEM-512 KEM decaps ops in 1.00s 31811 ML-KEM-768 KEM keygen ops in 1.00s 55855 ML-KEM-768 KEM encaps ops in 0.99s 35390 ML-KEM-768 KEM decaps ops in 1.00s 20942 ML-KEM-1024 KEM keygen ops in 1.00s 42164 ML-KEM-1024 KEM encaps ops in 0.99s 27043 ML-KEM-1024 KEM decaps ops in 1.00s
wolfSSL
Configuration and build:
$ ./configure --enable-mlkem=yes,cache-a --enable-dilithium \
--enable-all-asm
$ make all
Benchmarking Output:
ML-KEM 512 128 key gen 293900 ops took 1.000 sec ML-KEM 512 128 encap 271900 ops took 1.000 sec ML-KEM 512 128 decap 237300 ops took 1.000 sec ML-KEM 768 192 key gen 163900 ops took 1.000 sec ML-KEM 768 192 encap 152500 ops took 1.000 sec ML-KEM 768 192 decap 200700 ops took 1.000 sec ML-KEM 1024 256 key gen 109200 ops took 1.000 sec ML-KEM 1024 256 encap 106200 ops took 1.000 sec ML-KEM 1024 256 decap 143600 ops took 1.001 sec
Analysis & Conclusions
It can be observed that wolfSSL is faster than OpenSSL by a wide margin at every operation and parameter set. Here at wolfSSL, we are extremely proud of our long tradition of excellence when it comes to efficiency and performance.
Now, it is worth pointing out that this is not an apples-to-apples comparison. The build configuration for wolfSSL does indicate that assembly optimizations are enabled while to date, OpenSSL does not have such optimizations. Similarly, we are enabling the “Cache A” optimization which is described as:
Stores the matrix A during key generation for use in encapsulation when performing decapsulation. The key is 8KB larger but decapsulation is significantly faster. Turn on when performing make key and decapsulation with the same object.
We would be happy to re-run these comparisons once OpenSSL has such optimizations enabled.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- July 2025 (3)
- June 2025 (22)
- May 2025 (25)
- April 2025 (24)
- March 2025 (22)
- February 2025 (21)
- January 2025 (23)
- December 2024 (22)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)