In September of 2026, the Cryptographic Module Validation Program (CMVP) will move all remaining FIPS 140-2 certificates to the Historical List, including the modules powering Windows BitLocker. For organizations navigating FIPS, CMMC, and FedRAMP, this is an immediate critical stop, as NIST guidance states federal agencies “should not include” Historical-status modules in new procurements, and […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
wolfKeyMgr: Decrypt Internal TLS 1.3 Traffic Without Breaking It
TLS 1.3 made per-session forward secrecy the default. That is a win for privacy on the open internet, but inside your own data center it leaves monitoring, compliance, and intrusion-detection tools blind to the traffic they are meant to watch. wolfKeyMgr is wolfSSL’s answer. What wolfKeyMgr Does wolfKeyMgr is a secure key management service […]
Read MoreMore TagWhy is wolfSSL reporting so many CVEs?
Why are we reporting so many CVEs? If you follow wolfSSL, you’ve probably noticed the number of CVEs we file per release has ramped up this spring 2026. From 5.8.0 (April 2025) to 5.9.1 (April 2026) we’ve experienced nearly geometric growth in reported CVEs per wolfSSL release. So what’s going on? Should users of wolfSSL […]
Read MoreMore TagwolfSSL vs OpenSSL: Heap Usage Comparison
When choosing a TLS library, two questions come up again and again: how much memory does it use and how fast is it. This post focuses on memory, comparing the heap usage of wolfSSL against several OpenSSL releases for an identical TLS 1.2 handshake. All numbers below were regenerated with current releases; wolfSSL 5.9.1 versus […]
Read MoreMore TagNative HTTP Message Signatures in curl, Powered by wolfSSL – Part 3
In Part 1, we argued agents need cryptographic request authenticity. In Part 2 we surveyed the ecosystem and the adjacent tools. This post is about what we’re contributing: native RFC 9421 support at the plumbing layer — curl and libcurl, with wolfCrypt providing the Ed25519 math. Two open PRs: curl — curl/curl#21239 — httpsig: add […]
Read MoreMore TagAnnouncing wolfssl-wolfcrypt Rust Crate v2.0.0
We are pleased to announce the release of wolfssl-wolfcrypt version 2.0.0, now available on crates.io. This major update introduces critical safety enhancements, expanded algorithm support, and architectural changes to improve reliability across different build configurations. Breaking Changes This release includes some breaking API changes necessitated by memory safety and soundness improvements: RNG Ownership: ECC::set_rng, RSA::set_rng, […]
Read MoreMore TagwolfCrypt Performance on the Altera Agilex 5
The Agilex Family and Agilex 5 The Altera Agilex portfolio represents a family of modern SoC FPGAs designed to address the scaling and power efficiency requirements of edge, data center, and communication infrastructures. Built on advanced process technologies, the family unifies programmable logic with hardened processor subsystems, high-bandwidth memory interfaces, and specialized digital signal processing […]
Read MoreMore TagNXP S32K3 Hardware Security Engine (HSE) support using wolfSSL
wolfSSL now supports hardware-accelerated cryptography on the NXP S32K3 family using the on-chip Hardware Security Engine (HSE). The HSE is a secure coprocessor integrated into NXP’s automotive S32K3 microcontrollers. The Hardware Security Engine (HSE) The HSE runs its own firmware on a dedicated core and communicates with the application core over a Messaging Unit (MU). […]
Read MoreMore TagAre You Still Stuck on OpenSSL 1.x.y? We Can Help.
Many organizations still rely on legacy versions of OpenSSL because upgrading certified or long lifecycle products is not always simple. wolfSSL provides lightweight SSL/TLS and cryptography libraries designed for modern embedded and security-focused systems. For compliance-driven environments, wolfCrypt FIPS offers FIPS 140-3 validated cryptography with TLS 1.3 support. If your team is still using OpenSSL […]
Read MoreMore TagwolfSSL Now Runs on CHERI
wolfSSL now builds and runs on CHERI purecap RISC-V, with all of the supporting fixes merged upstream. This brings one of the most widely deployed TLS/SSL and cryptography libraries to a hardware-enforced memory-safety architecture, a natural pairing for the kind of security-critical embedded code wolfSSL is built for. This work was contributed by William Beasley […]
Read MoreMore Tag
