WOLFSSL VERSUS OPENSSL
Many people are curious about how wolfSSL compares to OpenSSL and what benefits there are to using an SSL/TLS library that has been optimized to minimize size and maximize speed. OpenSSL is free and presents no initial costs to begin using, but wolfSSL provides you with more flexibility, an easier integration of SSL/TLS into your existing platform, current standards support, consistent and regular bug fixes, and much more – all provided under a very easy-to-use license model.
wolfSSL has multiple ways you can migrate from OpenSSL to wolfSSL
- OpenSSL Compatibility Layer - The wolfSSL OpenSSL compatibility layer is a means to switch applications designed for OpenSSL over to use wolfSSL. The compatibility layer is a series of commonly used and essential API that users can utilize to transition from OpenSSL to wolfSSL.
- wolfEngine - wolfEngine is a FIPS-certified crypto module (wolfCrypt) with OpenSSL as an OpenSSL engine.
- wolfSSL Provider for OpenSSL - wolfSSL has developed an OpenSSL 3.0 provider, allowing you to use the latest version of OpenSSL backed by our FIPS-certified wolfCrypt library.
All of these solutions are an excellent pathway for users looking to get FIPS compliance fast while still using OpenSSL, as they are all backed by wolfCrypt, a cryptographic software API library.
The outline below highlights the key differences between wolfSSL and OpenSSL.
With a 20-100kB build size and runtime memory usage between 1-36kB, wolfSSL can be up to 20 times smaller than OpenSSL. In an environment where footprint size is critical or a large cloud environment where memory usage per connection makes a big impact on the performance and success of a project, wolfSSL is an optimal SSL and cryptography solution.
wolfSSL is up-to-date with the most recent standards: TLS 1.3 and DTLS 1.2. With security issues in older versions becoming more and more prominent, it becomes evident that the most recent versions of TLS and DTLS should be used - both of which wolfSSL fully support on both the client and server side. The wolfSSL team is dedicated to supporting new standards as they become available in the future, keeping wolfSSL always up-to-date.
wolfSSL is progressive with support for new secure and high-performance ciphers, including ChaCha20, Curve25519, Ed25519, NTRU, and SHA-3. wolfSSL’s underlying cryptography library is called wolfCrypt. wolfSSL has also started to integrate support for several Post-Quantum algorithms! Email us at firstname.lastname@example.org for our most current status on the integration!
wolfSSL is backed by an outstanding company who cares about its users and about their security, and who actively works to support, improve and expand the library. The wolfSSL team is based in Bozeman, Portland, and Seattle, and is always willing to help.
Ease of Use
OpenSSL is burdened with truckloads of legacy code that are difficult to maintain and keep up to date. wolfSSL was written from the beginning with modularity and maintenance in mind. Because of this mindset, wolfSSL has been developed with a simple and documented API, easy-to-use abstraction layers for OS, Custom I/O, and Standard C library, and clear usage examples.
wolfSSL is the leading SSL/TLS library for real-time, mobile, embedded, and enterprise systems, by virtue of its breadth of platform support and successful implementations. With a long list of supported platforms out of the box, your time to market can be decreased dramatically by using wolfSSL. OpenSSL requires porting to many platforms, which can cost your team both time and money.
wolfSSL is dual licensed under both the GPLv2 as well as a commercial license, where OpenSSL is available only under their unique license from multiple sources.
wolfSSL is powered by the wolfCrypt library. wolfSSL is currently the leader in embedded FIPS certificates. We currently maintain FIPS 140-2 certificate #3389 for the wolfCrypt Cryptographic Module. Certificate #3389 includes algorithm support required for TLS 1.3 and can be used in conjunction with the wolfSSL embedded SSL/TLS library for full TLS 1.3 client and server support. wolfSSL is currently taking wolfCrypt through the FIPS 140-3 validation process. For additional information, visit our FIPS FAQ page or contact email@example.com
wolfSSL was written from the ground up and is maintained and developed by the original developers. Available directly by phone, email or the wolfSSL product support forums, your questions are answered quickly and accurately to help you make progress on your project as quickly as possible.