cURL Up 2022 – Save The Date

The cURL Project and wolfSSL is happy to announce the annual cURL Developers Conference, cURL Up is being held in San Fransisco CA, USA this year! The event is on June 6th, 2022 at the Fort Mason Firehouse!

cURL Up is the annual curl developers conference where we gather and talk Internet protocols, curl’s past, current situation and how to design its future.

This is an intimate  and very friendly meetup where you will have the opportunity to talk to Daniel Stenberg, founder and maintainer of cURL, as well as other speakers and sponsors about cURL and related technologies.

There are only 100 slots available, stay tuned for when the registration page goes live!

If you have questions or comments contact us at


wolfSSL Summer of Security Internship Program 2022

Are you a college or university student interested in application, device, and Internet security?  Do you want to learn more about cryptography, SSL/TLS, SSH, MQTT, TPM, secure boot, and other protocols used to secure connected applications and devices?  If so, continue reading to learn about the wolfSSL Summer of Security internship program!

wolfSSL is the leading global producer of Open Source Internet security products, securing over 2 Billion active connections on the Internet today. The wolfSSL “Summer of Security” program is an internship which spans the Summer months and brings qualified students on-board to learn about how security software is written, tested, and used around the world.

Interns who participate in this program gain valuable knowledge in the embedded SSL/TLS and security industry as well as C programming experience on Linux and embedded systems.  Throughout the summer, interns play a role in improving wolfSSL products – working on testing, documentation, examples, porting, marketing, and interacting with our community.

This program is a great opportunity to be part of the Open Source community, learn how real-world software is created and maintained, gain work experience in the field of Computer Science, and work towards a potential career with the wolfSSL team.


Ideal candidates are students who have experience in C programming.  Prior experience with embedded systems, network programming, Linux/Unix, and familiarity with git/GitHub are a plus.

Apply Today!

If you are interested in learning more about the wolfSSL Summer of Security internship program, please send the following items to

  1. Resume with Cover Letter
  2. C Programming Sample
    • A C application which best demonstrates your C programming ability.  There are no requirements on the category or length of the application.
  3. Technical Writing Sample
    • A writing sample which best demonstrates your writing ability.  There is no requirement of topic or length of this sample.

Learn More

wolfSSL Homepage
wolfSSL Products Page
wolfSSL User Manual
TLS 1.3 Support!
wolfSSL Examples Repository (GitHub)

New wolfSSL Documentation Launched

Over the past few months the engineering team at wolfSSL have been working on a new reference documentation system for all of the wolfSSL products. The first fruits of this can be found in the form of the wolfSSL library documentation which is also available in PDF form.

This project had several goals:

  • Update the documentation as much as possible
  • Unify documentation locations and standards
  • Reduce the barrier of entry to getting new edits into the documentation
  • Reduce the barrier of entry to consuming the documentation
  • Create methods of automatically building and deploying the documentation

The documentation source itself is in two parts, the first is the long form documentation pages which were previously shared documents to be edited. These are now Markdown documents in a GitHub repository. The second part is the Doxygen reference you can find in the repository with the code. Our new build system dynamically converts the Doxygen to Markdown, merges it with the long form pages, does some other minor cleanups and manipulations and then generates HTML and PDF outputs.

There are now fully working cross-links in the documentation to learn more about specific options and the formatting has been standardized across the entire documentation.

Over the coming weeks we will be automating the build and deployment of the documentation so it is always up-to-date every day. We will also be releasing documentation using the same system for the full suite of wolfSSL products. We will also be making edits over time to refine and improve the documentation that is there. We welcome any feedback to!

For other questions about the wolfSSL embedded SSL/TLS library, TLS 1.3, or other products, contact us at


Have you been noticing the shiny little wolfSSL stickers floating around the HACS event ( That’s right, our man in Amsterdam Anthony Hu has been giving out stickers at HACS! If you didn’t get one, don’t panic. He will also be attending RWC so if you want one, please find him to get one.

HACS was an energetic and productive event for wolfSSL where we were able to network and get some productive interactions.  But now that it is over, it is time for RWC to begin! If you are also attending RWC, come find Anthony Hu to get your wolfSSL sticker.

wolfCrypt Submitted for FIPS 140-3!

After much work, wolfSSL is proud to announce that wolfCrypt v5 has been submitted to the CMVP and wolfCrypt is on the Modules in Process list for FIPS 140-3 Approval.

We’ve added more algorithms to our testing. We have AES-OFB mode. We added the TLSv1.2 and TLSv1.3 KDFs, including the extended master secret, and the SSH KDF. We’ve also testing 4096-bit RSA and ECDSA with SHA-3.

If you need to use TLSv1.3 in a FIPS environment, we have you covered! wolfCrypt FIPS also works with our other products including wolfBoot, wolfEngine, and wolfSSH.

More about FIPS 140-3

FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications. Historically, ISO 19790 was based on FIPS 140-2, but has continued to advance since that time. FIPS 140-3 will now point back to ISO 19790 for security requirements. Keeping FIPS 140-3 as a separate standard will still allow NIST to mandate additional requirements on top of what the ISO standard contains when needed.

Among the changes for FIPS 140-3 are conditional algorithm self-tests, where the algorithm self-tests are only performed if used. The pre-operational self-test is now faster, as all the algorithms are not tested until needed. This helps with startup times as the public key self-testing can be time consuming. The self tests can be run at appropriate times for your application startup. Also, there is additional testing of the DRBG entropy sources.

For more information, please visit our FIPS page here.

If you want an up to date cryptography library and TLS stack that is ready for FIPS 140-3, contact us at

Love it? Star wolfSSL on GitHub!

Webinar Alert: Looking Under the Hood – wolfSSL Automotive Stories and Examples!

Story time with wolfSSL! Join us for a comprehensive presentation on how to leverage wolfSSL for all of your Automotive Security needs as we go through a variety of different use cases and example with the specific engineering details for each story. As always bring your questions for the Q&A following the presentation.

Register here and join us this Thursday (April 14th) at 10AM Pacific (US and Canada)!

wolfEngine 1.0.0 Released

We’re happy to announce the first major release of wolfEngine, version 1.0.0. This release brings several improvements to wolfEngine. Here are some notable ones:

– Improved Visual Studio support.

– Improvements to the initialization code to support our upcoming FIPS 140-3 module.

– A rework of the AES-GCM implementation to support all OpenSSL use cases.

– New control commands for enabling wolfSSL debug logging.

– Better logging around the failure of the FIPS integrity check.

– A set of examples in the examples/ subdirectory.

– Additional HMAC functionality.

If you’re interested in using wolfEngine to satisfy FIPS requirements, please reach out to and we can discuss getting you a commercial version!


wolfSSL Supports git

wolfSSL has added support for git 2.35.1. git is a version control system that handles projects of all sizes. It is capable of handling the version history of projects all the way up to the size of the Linux kernel. git uses SSL/TLS for its imap-send command. This command sends a collection of patches from stdin to an IMAP folder. git can also be configured to use the crypto library for all SHA-1 and SHA-256 hashing. wolfSSL supports all of this functionality in our port. (

Compile wolfSSL with

./configure --enable-opensslextra


make install

Compile git with:

patch -p1 < /path/to/our/patch



git uses external dependencies for most of its communication protocols. The two more common protocols used within git are https and ssh. git builds and links against the system available curl for http and https support and uses the ssh utility that is available at runtime in $PATH for ssh support. To use only wolfSSL in git make sure that all dependencies are using wolfSSL. curl can be built to use wolfSSL using a configure option ( while you can build OpenSSH against wolfSSL using our patches (

To find out more please email

Webinar Alert: Securing IoT Devices with Microchip Security Solutions

Join us Thursday, April 7th at 9AM Pacific!

This webinar will highlight wolfSSL’s Microchip partnership and our support for their microcontrollers and secure elements. We will discuss best practices for securing IoT devices using wolfSSL and Microchip. Join us to learn about using Microchip MPLABX and Harmony for embedded projects and use of the ATECC608 secure element with wolfSSL for TLS and MQTT.

Register here.

As always, bring your questions for the Q&A following the presentation.

KYBER-Level1 Benchmarks on STM32

Further to our previous announcement about bringing post-quantum KEMs in TLS 1.3 on STM32, we have also brought PQM4’s KYBER Level1 KEM into our benchmarking infrastructure. Note that we do not build PQM4 with optimizations as a bug fix is soon to come for optimization flags. You can monitor the progress of the issue here.

Once that is fixed, we’ll re-post our results on this blog. We run the benchmarks together with conventional algorithms so you can compare the results. Please see below:

[NUCLEO-F446ZE at 168MHz using SP Math with Assembly]

Running wolfCrypt Benchmarks…
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG                  1 MB took 1.004 seconds,    1.070 MB/s
AES-128-CBC-enc      1 MB took 1.000 seconds,    1.172 MB/s
AES-128-CBC-dec      1 MB took 1.008 seconds,    1.187 MB/s
AES-192-CBC-enc      1 MB took 1.000 seconds,    1.001 MB/s
AES-192-CBC-dec      1 MB took 1.004 seconds,    0.997 MB/s
AES-256-CBC-enc    900 KB took 1.007 seconds,  893.744 KB/s
AES-256-CBC-dec    900 KB took 1.004 seconds,  896.414 KB/s
AES-128-GCM-enc     75 KB took 1.094 seconds,   68.556 KB/s
AES-128-GCM-dec     75 KB took 1.094 seconds,   68.556 KB/s
AES-192-GCM-enc     75 KB took 1.118 seconds,   67.084 KB/s
AES-192-GCM-dec     75 KB took 1.117 seconds,   67.144 KB/s
AES-256-GCM-enc     75 KB took 1.134 seconds,   66.138 KB/s
AES-256-GCM-dec     75 KB took 1.130 seconds,   66.372 KB/s
GMAC Small          75 KB took 1.008 seconds,   74.405 KB/s
CHACHA               4 MB took 1.004 seconds,    4.426 MB/s
CHA-POLY             3 MB took 1.000 seconds,    2.905 MB/s
POLY1305            12 MB took 1.000 seconds,   12.183 MB/s
SHA-256              3 MB took 1.000 seconds,    2.832 MB/s
HMAC-SHA256          3 MB took 1.000 seconds,    2.808 MB/s
RSA     2048 public         78 ops took 1.016 sec, avg 13.026 ms, 76.772 ops/sec
RSA     2048 private         4 ops took 1.836 sec, avg 459.000 ms, 2.179 ops/sec
DH      2048 key gen         5 ops took 1.196 sec, avg 239.200 ms, 4.181 ops/sec
DH      2048 agree           6 ops took 1.439 sec, avg 239.833 ms, 4.170 ops/sec
ECC   [      SECP256R1]   256 key gen       113 ops took 1.000 sec, avg 8.850 ms, 113.000 ops/sec
ECDHE [      SECP256R1]   256 agree          54 ops took 1.008 sec, avg 18.667 ms, 53.571 ops/sec
ECDSA [      SECP256R1]   256 sign           78 ops took 1.019 sec, avg 13.064 ms, 76.546 ops/sec
ECDSA [      SECP256R1]   256 verify         38 ops took 1.012 sec, avg 26.632 ms, 37.549 ops/sec
kyber_level1-kg         62 ops took 1.004 sec, avg 16.194 ms, 61.753 ops/sec
kyber_level1-ed         28 ops took 1.043 sec, avg 37.250 ms, 26.846 ops/sec
Benchmark complete

Posts navigation

1 2 3 4 5 150 151 152