Migrating to wolfSSL from mbedTLS

We wanted to highlight a useful migration guide posted by Amazon for their AWS IoT Core with FreeRTOS showing how to migrate from mbedTLS to wolfSSL. The migration guide shows useful API mappings and how to expose PKCS11 capabilities.

Check out the FreeRTOS with mbedTLS to FreeRTOS with wolfSSL Migration Guide v1.0.

FreeRTOS is a real-time operating system used in many embedded systems. It is lightweight and optimized for microcontrollers and small processors. For systems using cryptography or TLS, wolfSSL is a perfect match, so we wanted to highlight a guide for migrating from mbedTLS to wolfSSL.

The AWS IoT Core is a managed cloud service for secure, reliable communication between embedded devices and the AWS Cloud. The AWS Iot Core requires TLS communication to establish connections.

Why Migrate from mbedTLS to wolfSSL?

Moving to wolfSSL offers several advantages for embedded environments, including:

  • Smaller footprint and performance optimizations: wolfSSL provides a reduced memory footprint and faster cryptographic processing.
  • Latest Protocols: It also includes full support for TLS 1.3 and DTLS 1.3, enabling shorter handshakes and stronger encryption.
  • Professional support: Direct support from engineers who authored and maintained the code. Free pre-sales support and paid support plans available.
  • Commercial licensing: While open source, wolfSSL also offers commercial licenses for proprietary projects
  • FIPS 140-3 certified cryptographic software module, making it suitable for regulated industries.
  • Easy integration and extensive resources: The library includes detailed documentation and examples, simplifying testing and adoption.
  • Expanded algorithm support: wolfSSL includes cryptographic algorithms beyond mbedTLS’s offerings such as Post Quantum (PQ) ML-DSA, ML-KEM, XMSS and LMSS.
  • Assembly optimizations for ARM Cortex-M and A. We typically see a 10x speedup using our hand crafted assembly speedups, which are available for all our commonly used symmetric and asymmetric algorithms.

Note: This migration guide is fairly dated. Since then wolfSSL has developed and maintains full PKCS11 support to either consume a PKCS11 provider or to be one through our wolfPKCS11 provider. We also support using a TPM 2.0 module as the cryptographic and storage provider for wolfPKCS11.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now