TLS and Secure Boot in the EU Cyber Resilience Act

As of June 2024, the EU Cyber Resilience Act (CRA) is a pending piece of legislation that has been approved by the European Parliament and is waiting on adoption by the Council of the European Union. Once the act comes into force, manufacturers will have 36 months to apply the rules. It aims to tackle the challenges of cyber security in the EU and “safeguard consumers and businesses buying or using products or software with a digital component”. The act will require that any product sold in the EU with a digital component will adhere to stricter cyber security regulations. Products will have to be secure by default, have a way to apply security updates, have a clear vulnerability process, and define a product life cycle among other requirements.

The CRA requires that all communications are secure. We recommend using secure protocols such as SSL/TLS and SSH instead of trying to develop your own solution. These protocols provide privacy, integrity, and authentication across unsecure networks. They protect against unauthorized access and protect the confidentiality of the transmitted information.

To provide security updates to devices in the field, we recommend using wolfBoot’s Over-The-Air (OTA) update feature. This allows you to provide security updates in compliance with the CRA. wolfBoot provides a highly reliable, transport-agnostic firmware update mechanism.

Over at wolfSSL we take vulnerabilities very seriously. We investigate them immediately and fixes are always developed within days of an initial report. We implement rigorous security testing and code review to ensure the best quality releases possible.

With wolfSSL you can be sure that your products will meet the CRA requirements. For more questions about how to comply with the CRA, or if you have questions about any of the above, please write to us at or call us at +1 425 245 8247.

Download wolfSSL Now