Topic: wolfSSL unaffected by May 3rd, 2016 OpenSSL high severity security fix

OpenSSL released a security advisory on May 3rd 2016:  Some wolfSSL embedded SSL/TLS users are probably wondering if similar security fixes are needed in wolfSSL.  The answer to that is no.  Specifically, CVE-2016-2107 and CVE-2016-2108 are OpenSSL implementation bugs.  Since wolfSSL and CyaSSL embedded SSL libraries have a completely different code base from OpenSSL we do not share these defects.

Please contact wolfSSL by email at, or call us at 425 245 8247 if you have any security related questions.