Skip to content

Introduction

This page lists some of the most common issues and questions that are recieved by our wolfSSL security experts, along with their responses. This FAQ is useful for solving general questions that pertain to building/implementing wolfSSL FIPS. If this page does not provide an answer to your question, please feel free to check the wolfSSL Manual, or contact us at support@wolfssl.com.

Last Updated: 8 Dec 2025

Questions

  1. Why did I receive wolfSSL_X.X.X_commercial-fips-OE-v2.7z when we validated with Y.Y.Y?
  2. How do I know if I am using the FIPS module?
  3. Does the Power On Self Test (POST) really have to run every time?
    1. Followup Post Q: What about this feature NO_ATTRIBUTE_CONSTRUCTOR? Can I use that to by-pass the POST by not running it in the constructor?
    2. Followup Post Q: Why is the feature NO_ATTRIBUTE_CONSTRUCTOR there then if I can not use it?
    3. Followup Post Q: Who can determine when NO_ATTRIBUTE_CONSTRUCTOR is allowed?
    4. Followup Post Q: What about with fips-ready, can I use NO_ATTRIBUTE_CONSTRUCTOR with fips-ready?
  4. What can go wrong for the end user after basic testing?
  5. Moving from 140-2 to 140-3, what's new?
    1. Will my applications that are linked agaist the 140-2 module still work with the 140-3 module?
    2. The wc_SetSeed_Cb() callback and the TLS Layer:
    3. The wc_SetSeed_Cb() callback and a custom seed generation function:
    4. Threading consideration for all CASTs():
    5. wc_SetSeedCb() a bit unique with relation to CAST's:
    6. Key Access Management
    7. wc_SetSeedCb() a bit unique with relation to CAST's:
      1. API's that require UNLOCK before first use (should also be re-LOCKED after use):