FIPS 140-3 and SHA-1 Retirement

This past December, NIST announced that the venerable SHA-1 algorithm, introduced in 1995, is at end-of-life.  While wolfSSL does not use or recommend SHA-1 for new designs, we do implement and support it in our products.  With the NIST announcement, that will soon change for new FIPS 140 submissions, as we too will retire SHA-1.

The wolfSSL FIPS 140-3 cryptographic module currently in process at NIST includes SHA-1.  Thus, customers with an existing requirement for SHA-1 will be able to satisfy that requirement under that certificate once it has been issued.

However, and regardless of FIPS status, customers still using SHA-1 in security-critical roles — signatures, authentications, HMAC, KDFs, etc. — should refactor the implicated systems to use a modern hash algorithm such as SHA-2 or SHA-3.  wolfSSL stands ready to help our customers select and implement an appropriate migration path.

All FIPS 140 modules submitted on or after December 31 2025 will exclude SHA-1, to avoid early certificate sunset under the timeline announced by NIST.

In preparation for this transition, wolfSSL has already prepared its FIPS 140-3 codebase to build, run, and pass full ACVP testing, with SHA-1 gated out.  We are also routinely testing our mainline and FIPS codebases to assure correct function with SHA-1 disabled.

For more information on the announcement from NIST, see