FIPS 140-3 Kernel Crypto: libwolfssl.ko delivers a FIPS 140-3 compliant cryptographic stack for the Linux kernel, using the same validated wolfCrypt implementations as the user-space library. wolfGuard: WolfGuard is a FIPS 140-3 implementation of WireGuard which replaces WireGuard’s non-FIPS algorithms with wolfCrypt’s FIPS based AES-GCM, ECDH, SHA-256 HMAC, and HASH-DRBG. WolfGuard-Go is the Go implementation […]
Read MoreMore TagCategory: wolfGuard
wolfSSL has released an update to wolfGuard
wolfSSL has released an update to wolfGuard, our FIPS-validated algorithm port of WireGuard. We recommend updating. Highlights from this release: AES-GCM crash fix: resolves a kernel panic on kernels dated after March 2026. Cookie security fix: sensitive cryptographic material is now reliably wiped on all validation error paths. Configuration sync fix: corrects a logic error […]
Read MoreMore TagwolfGuard: FIPS-Compliant WireGuard VPN, Now Native in wolfIP
wolfIP now includes native wolfGuard support, bringing a FIPS-compliant WireGuard VPN tunnel directly into the stack. wolfGuard replaces the standard WireGuard cipher suite (Curve25519, ChaCha20-Poly1305, BLAKE2s) with FIPS-certified alternatives (P-256 ECDH, AES-256-GCM, SHA-256) using wolfSSL cryptographic primitives, while preserving the Noise IKpsk2 handshake and its security properties including perfect forward secrecy and automatic key rotation. […]
Read MoreMore TagMeeting FBI CJIS Security Policy v6 with wolfGuard
The FBI’s Criminal Justice Information Services (CJIS) Security Policy v6 has sent a clear message to law enforcement and public safety agencies: the window for legacy cryptography is closing. Specifically, Control SC-13 mandates that all Criminal Justice Information (CJI) in-transit outside of physically secure locations must be protected by FIPS 140-3 validated cryptographic modules. With […]
Read MoreMore TagTLS vs. SSH: When To Use Which (2026 Edition)
TLS and SSH are both widely used protocols for creating secure connections between two systems over an untrusted network. Although they share some fundamental goals, they are designed for different use cases. In this updated guide, we will explore when you should use which, along with a look at the latest developments in both protocols. […]
Read MoreMore TagFIPS-Compliant Tailscale Mesh VPN Powered by wolfSSL
Earlier last year, we shared the integration of our FIPS-validated crypto engine, wolfCrypt, into WireGuard to create a project we call wolfGuard. We’re now extending this effort to Tailscale, the popular mesh VPN built on top of WireGuard. Getting started with wolfSSL? Download the latest libraries here and start exploring. Tailscale simplifies WireGuard deployment by […]
Read MoreMore Tag