Look at that! wolfSSH had another release. New year, new version. Welcome to wolfSSH v1.4.22. This is mainly a bug fix release. We’ve improved interoperability with other implementations of SSH. We’ve improved the build process with several IDEs, Zephyr, and LwIP. We also added an SFTP client example for the Renesas RX72N platform. There is […]
Read MoreMore TagCategory: wolfSSH
Vulnerability Disclosure: wolfSSH CVE-2025-11624
Affected Users: wolfSSH with SFTP enabled on the server side before version 1.4.21. Summary: A stack overflow vulnerability was discovered in wolfSSH’s SFTP server implementation. After an SFTP connection is established, a malicious SFTP client could send a specially crafted read, write, or set state SFTP packet that would cause the SFTP server code to […]
Read MoreMore TagFATFS Enhancements in wolfSSH 1.4.21
FATFS Ready in wolfSSH 1.4.21 wolfSSH 1.4.21 is now available, and this release focuses on making FATFS-backed SFTP deployments easier to ship, test, and maintain. Since tagging v1.4.20-stable, we invested in reliability improvements, developer tooling, and CI coverage that harden FATFS integration for embedded SSH gateways, industrial control systems, and secure file transfer clients. This […]
Read MoreMore TagKeyboard-Interactive (RFC 4256) lands in wolfSSH — flexible SSH authentication for embedded, IoT, and server use
At wolfSSL we build compact, high-performance security libraries for systems that range from tiny MCUs to cloud servers. Our SSHv2 library, wolfSSH, now supports Keyboard-Interactive authentication (RFC 4256), enabling rich challenge/response and multi-step logins without changing your client code. Keyboard-Interactive first shipped in wolfSSH 1.4.20 and has since seen API refinements to simplify how applications […]
Read MoreMore TagwolfSSH 1.4.21 Released
Version 1.4.21 of wolfSSH is now available! This update includes a critical security fix, improved interoperability, and enhancements for embedded and hardware-backed key use cases. Security Updates This release addresses two security issues: CVE-2025-11625: Fixed a client-side host verification bypass that could expose credentials (PR#840). CVE-2025-11624: Fixed an SFTP server stack overflow triggered by malformed […]
Read MoreMore TagwolfSSH Support With TPM Public Key Authentication
wolfSSH now supports TPM public key authentication with RSA. This feature enhances security for embedded and IoT applications by leveraging TPM 2.0 functionality for client side authentication. Below is a summary of the key changes that were made in PR# 754. TPM Public Key Authentication with RSA PR# 754 provides TPM-based RSA authentication for client-side […]
Read MoreMore TagwolfSSH 1.4.20: Enhanced Features and Stability
The wolfSSL team has released wolfSSH version 1.4.20, introducing some new features and nice fixes! New Features: DH Group 16 and HMAC-SHA2-512 Support: This addition gives more options for algorithms used when connecting and more interoperability with other implementations. Keyboard-Interactive Authentication: Providing a more versatile authentication method implementing RFC 4256. Enhancements and Fixes: Memory Management […]
Read MoreMore TagTLS vs. SSH: When To Use Which
TLS and SSH are both widely used protocols used for creating secure connections between two systems over a secure network. But, they are designed for different use cases, so today we are going to take a quick dive into when you should use which. About TLS TLS (Transport Layer Security) is what is most commonly […]
Read MoreMore TagWhat’s New in wolfSSH 1.4.19
The latest version of wolfSSH, 1.4.19, brings improvements, stability fixes and an additional feature! DH Group 14 with SHA-256 Key Exchange (KEX) support was added in with this release. Along with this new feature some of the improvements that were added are: CI testing, macro guards around TTY modes, use of wolfSSL kyber implementation, and […]
Read MoreMore TagwolfSSH with X.509 Certificates
Did you know wolfSSH can use X.509 certificates in place of SSH public keys? wolfSSH supports RFC 6187, “X.509v3 Certificates for Secure Shell Authentication”. This uses wolfSSL’s certificate management for TLS, so the certificates may be checked against CRLs and OCSP. wolfSSH has been used in applications as a server where it needed to validate […]
Read MoreMore Tag