Topic: CyaSSL 3.3.0 Released

We're happy to announce the release of CyaSSL version 3.3.0. CyaSSL version 3.3.0 offers:

  • Secure countermeasures for Handshake message duplicates, CHANGE CIPHER without FINISHED, and fast forward attempts added to our source code.  Thanks to Karthikeyan Bhargavan from the Prosecco team at INRIA Paris-Rocquencourt for the report.  This is an important fix and all users should update!

  • Complete testing for FIPS 140-2 version submitted to NIST.  FIPS 140-2 source code now available.

  • Removes SSLv2 Client Hello processing for enhanced security, can be enabled with OLD_HELLO_ALLOWED

  • Protocol level control:  User can now control TLS protocol down-cycling to a minimum downgrade version with CyaSSL_SetMinVersion().  For example, you could reject handshakes at a protocol level less than TLS 1.1.

  • Small stack improvements at TLS/SSL layer, to benefit environments with limited available stack.

  • TLS Master Secret generation and Key Expansion are now exposed at the API level

  • Adds client side Secure Renegotiation, * not recommended, ever! *

  • Client side session ticket support.  This feature is not fully tested with Secure Renegotiation, so don’t use Secure Renegotiation.

  • Allows up to 4096-bit DHE at TLS Key Exchange layer

  • Handles non standard SessionID sizes in Hello Messages

  • PicoTCP Support added

  • TLS Sniffer now supports SNI Virtual Hosts

  • TLS Sniffer now handles non HTTPS protocols using STARTTLS

  • TLS Sniffer can now parse records with multiple messages

  • TI-RTOS updates or enhances support

  • Fix for ColdFire optimized fp_digit read only in explicit 32bit case

  • Added ADH Cipher Suite ADH-AES128-SHA for EAP-FAST

Stay up to date with what is happening with wolfSSL, you can follow our blog at

If you have any questions please feel free to contact us anytime at or (425)245-8247.
We look forward to hearing from you!

CyaSSL 3.3.0 can be downloaded from the wolfSSL download page:

Thank You!