RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL 5.8.2 Now Available

wolfSSL 5.8.2 is now available! We are excited to announce the release of wolfSSL 5.8.2, packed with significant enhancements, introducing new functionalities, and refining existing features!

Important Notes for this Release

  • GPLv3 Licensing: wolfSSL has transitioned from GPLv2 to GPLv3.
  • Deprecated Feature: `–enable-heapmath` is now deprecated.
  • MD5 Disabled by Default: For enhanced security, MD5 is now disabled by default.

Key Highlights of wolfSSL 5.8.2

Vulnerability Mitigations:

  • ECC and Ed25519 Fault Injection Mitigation (Low): (Thanks to Kevin from Fraunhofer AISEC)
  • Apple Native Cert Validation Override (High – CVE-2025-7395): (Thanks to Thomas Leong from ExpressVPN)
  • Predictable `RAND_bytes()` after `fork()` (Medium – CVE-2025-7394): (Thanks to Per Allansson from Appgate)
  • Curve25519 Blinding Enabled by Default (Low – CVE-2025-7396): (Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris)

New Features:

  • Sniffer Enhancements: Support for multiple sessions and a new `ssl_RemoveSession()` API for cleanup.
  • New ASN.1 X509 API: `wc_GetSubjectPubKeyInfoDerFromCert` for retrieving public key information.
  • PKCS#12 Improvements: `wc_PKCS12_create()` now supports PBE_AES(256|128)_CBC key and certificate encryptions.
  • PKCS#7 Decoding: Added `wc_PKCS7_DecodeEncryptedKeyPackage()` for decoding encrypted key packages.
  • Linux Kernel Module Expansion: All AES, SHA, and HMAC functionality now implemented within the Linux Kernel Module.
  • OpenSSL Compatibility Layer Additions: New APIs for X.509 extensions and RSA PSS: `i2d_PrivateKey_bio`, `BN_ucmp`, and `X509v3_get_ext_by_NID`.
  • Platform Support: Added support for STM32N6.
  • Assembly Optimizations: Implemented SHA-256 for PPC 32 assembly.

Improvements & Optimizations:

This release includes a wide range of improvements across various categories, including:

  • Extensive Linux Kernel Module (LinuxKM) Enhancements: Numerous minor fixes, registrations, and optimizations for cryptography operations within the Linux Kernel Module.
  • Post-Quantum Cryptography (PQC) & Asymmetric Algorithms: Updates to Kyber, backward compatibility for ML_KEM IDs, fixes for LMS building and parameters, and OpenSSL format support for ML-DSA/Dilithium.
  • Build System & Portability: General build configuration fixes, improvements for older GCC versions, new CMakePresets, and default MD5 disabling.
  • Testing & Debugging: Enhanced debugging output, additional unit tests for increased code coverage, and improved benchmark help options.
  • Certificates & ASN.1: Improved handling of X509 extensions, fixed printing of empty names, and better error handling.
  • TLS/DTLS & Handshake: Corrected group handling, improved DTLS record processing, and refined TLS 1.3 key derivation.
  • Memory Management & Optimizations: Stack refactors, improved stack size with MLKEM and Dilithium, and heap math improvements.
  • Cryptography & Hash Functions: Added options to disable assembly optimizations for SipHash and SHA3, and improved Aarch64 XFENCE.
  • Platform-Specific & Hardware Integration: Explicit support for ESP32P4, public `wc_tsip_*` APIs, and enhanced PlatformIO certificate bundle support.
  • General Improvements & Refactoring: Updated libspdm, fixed PEM key formatting, and improved API accessibility for certificate failure callbacks.

wolfSSL 5.8.2 also includes some nice bug fixes, addressing issues across various modules, ensuring greater stability and reliability. For a complete and detailed list of all changes, please refer to the full release notes.

We encourage all users to upgrade to wolfSSL 5.8.2 to take advantage of these important security updates, new features, and performance enhancements. Download the latest release.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

FIPS 140-3 Enabled Linux Network Infrastructure with GnuTLS-wolfSSL

wolfSSL is thrilled to announce that core network infrastructure applications can now achieve FIPS 140-3 compliance through our GnuTLS-wolfSSL integration. This breakthrough comes from our ongoing work integrating wolfSSL’s FIPS 140-3 certified cryptography (wolfCrypt) into GnuTLS, enabling a true drop-in solution for Linux applications.

For developers and system administrators in government, defense, finance, healthcare, and other regulated industries, this eliminates a critical barrier to deploying secure network infrastructure that must meet federal compliance standards.

What We’ve Built

Unlike traditional approaches requiring extensive rewrites, our solution operates entirely behind the scenes. By patching GnuTLS at the library level with wolfCrypt’s certified cryptographic operations, applications can gain FIPS 140-3 compliance without changing a single line of their code. Simply rebuild with our patched GnuTLS library, and your entire networking stack achieves FIPS compliance.

We’re continuously validating this integration through CI/CD testing against 17 applications, testing target versions, latest releases, and master branches to ensure rock-solid compatibility. Our fork is now debianized, making deployment as simple as installing a standard Debian package.

Network Applications Now FIPS-Ready

chrony – The widely-deployed NTP implementation for time synchronization across Linux systems, critical for distributed infrastructure and audit logging.

NetworkManager – The standard Linux network connection manager that handles everything from WiFi to VPN connections in modern distributions.

libnice – Implements ICE protocol for NAT traversal, essential for WebRTC and real-time communication applications.

curl & wget – The ubiquitous data transfer utilities now gain a clear path to FIPS compliance for secure communications.

How We Enable FIPS Compliance

These applications rely on GnuTLS for TLS connections, certificate handling, and cryptographic operations. By integrating wolfSSL’s FIPS 140-3 certified wolfCrypt module into GnuTLS, we deliver a true drop-in solution. Depending on the algorithms your application uses, you may need no code changes at all, just rebuild with our patched library and achieve FIPS compliance across your network infrastructure.

The debianized package makes deployment straightforward: install our GnuTLS-wolfSSL package on your Debian-based system, and your network applications automatically benefit from FIPS-certified cryptography.

Questions?

Take a more in-depth look at our integration on the wolfSSL GitHub, if you need support we are more than happy to help you out, you can email us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.
Download wolfSSL Now

FIPS 140-3 Enabled Linux Desktop & Media Applications with GnuTLS-wolfSSL

wolfSSL is thrilled to announce that desktop, development, and media applications can now achieve FIPS 140-3 compliance through our GnuTLS-wolfSSL integration. This breakthrough comes from our ongoing work integrating wolfSSL’s FIPS 140-3 certified cryptography (wolfCrypt) into GnuTLS, enabling a true drop-in solution for Linux applications.

For developers and organizations in government, defense, finance, healthcare, and other regulated industries, this eliminates barriers to deploying user-facing applications and specialized libraries that must meet federal compliance standards.

What We’ve Built

Unlike traditional approaches requiring extensive rewrites, our solution operates entirely behind the scenes. By patching GnuTLS at the library level with wolfCrypt’s certified cryptographic operations, applications gain FIPS 140-3 compliance without changing a single line of their code. Simply rebuild with our patched GnuTLS library, and your entire application stack achieves FIPS compliance.

We’re continuously validating this integration through CI/CD testing against 17 applications, testing target versions, latest releases, and master branches to ensure rock-solid compatibility. Our fork is now debianized, making deployment as simple as installing a standard Debian package.

Desktop & Media Applications Now FIPS-Ready

glib-networking – The GNOME network stack that provides TLS support for countless GTK-based applications across Linux desktops.

libvnc – Enables VNC client and server functionality for remote desktop access and support tools.

libvte – The terminal emulator widget library used by GNOME Terminal and other popular Linux terminal applications.

libcups – The Common Unix Printing System library that handles secure printing operations across networks.

libcamera – Modern camera support library for Linux systems, handling secure camera data streams.

QPDF – PDF manipulation library for viewing, editing, and transforming PDF documents securely.

libjcat – Archive verification library used by fwupd and other tools for validating signed package integrity.

RTMP – Real-Time Messaging Protocol implementation for secure streaming media applications.

How We Enable FIPS Compliance

These applications rely on GnuTLS for TLS connections, certificate handling, secure communications, and cryptographic operations. By integrating wolfSSL’s FIPS 140-3 certified wolfCrypt module into GnuTLS, we deliver a true drop-in solution. Depending on the algorithms your application uses, you may need no code changes at all, just rebuild with our patched library and achieve FIPS compliance across your desktop and media applications.

The debianized package makes deployment straightforward: install our GnuTLS-wolfSSL package on your Debian-based system, and your applications automatically benefit from FIPS-certified cryptography.

Questions?

Take a more in-depth look at our integration on the wolfSSL GitHub, if you need support we are more than happy to help you out, you can email us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.
Download wolfSSL Now

New Keystores and Secure Elements Added to wolfSSL (5.8.2)

wolfSSL continues to expand its hardware security ecosystem with significant new additions over the past year. Here are the latest keystores and secure elements now supported by our cryptographic library:

New Secure Element Support

TROPIC01 Secure Element
wolfSSL now includes dedicated crypto callback functions for the TROPIC01 secure element, providing seamless hardware-backed cryptographic operations for enhanced security applications.

Enhanced STM32 Hardware Security

STM32MP135F Platform
Complete hardware acceleration suite featuring:

  • STM32CubeIDE integration
  • Hardware Abstraction Layer (HAL) support for SHA-2 and SHA-3
  • AES hardware acceleration
  • Hardware RNG integration
  • ECC cryptographic operations

Additional STM32 Variants

  • STM32H5 – Advanced performance microcontroller with enhanced security features
  • STM32WBA – Wireless connectivity focused platform for IoT security
  • STM32G4 – General purpose microcontroller series with crypto acceleration
  • STM32U575xx – Ultra-low-power microcontroller boards for battery-powered secure devices
  • STM32 Cube Expansion Pack – Enhanced development environment support

Expanded Renesas Security Solutions

Renesas TSIP v1.15
Enhanced support for RX65N and RX72N platforms including:

  • RSA Public Encrypt and Private Decrypt operations
  • AES-CTR mode hardware acceleration
  • Improved cryptographic performance

Renesas SCE Integration
New crypto-only RSA support providing dedicated hardware acceleration without requiring full TLS integration.

Development Board and Platform Support

Raspberry Pi Enhanced Support

  • RP2350 – Latest generation with enhanced RNG optimizations
  • RP2040 – Improved support with performance-optimized random number generation

RISC-V Platform

  • SiFive HiFive Unleashed Board – Complete RISC-V development board support for hardware-accelerated cryptography

Operating System and Bootloader Integration

Zephyr Project RTOS
Full integration with the Zephyr real-time operating system, including:

  • TPM usage examples
  • Hardware security integration
  • Real-time cryptographic operations

U-Boot Bootloader
Secure boot integration supporting:

  • TPM-based measured boot
  • Hardware security module validation
  • Boot integrity verification

Microchip Harmony (MPLABX)
Complete development ecosystem support including:

  • SPI HAL integration
  • Benchmarking tools
  • Development environment optimization

Advanced Infineon Security Features

Infineon TriCore (TC2XX/TC3XX)
Hardware security module support with comprehensive TPM integration using the WOLFTPM_INFINEON_TRICORE macro.
Infineon SLB9672/SLB9673
Advanced TPM modules featuring:

  • Secure firmware update capabilities
  • Enhanced I2C communication
  • Industrial-grade security certification

Infineon Development Tools

  • Modus Toolbox – Integrated development environment
  • CyHal I2C/SPI – Hardware abstraction layer support

Additional TPM Hardware

Nations NS350
New TPM 2.0 module support expanding our certified hardware ecosystem for secure applications.
Memory Mapped I/O (MMIO) TPMs
Direct memory access support for TPM modules, enabling:

  • Faster cryptographic operations
  • Reduced system overhead
  • Simplified hardware integration

Development Environment Enhancements

Espressif IDE Support
Complete integration with Espressif’s development environment for ESP32 and related platforms.
Windows Visual Studio
New project templates and GitHub Actions testing for Windows development environments.

Advanced Security Features

Pre-provisioned Device Identity Keys
Support for manufacturer-provisioned security credentials, enabling:

  • Zero-touch device provisioning
  • Factory-sealed security credentials
  • Simplified device authentication

Secure Firmware Update
Advanced firmware update capabilities for supported TPM modules with cryptographic verification and rollback protection.

Getting Started

These new hardware security features are available in wolfSSL version 5.7.0 and later, with wolfTPM version 3.0.0 and later. To enable support for your specific platform, consult our documentation or contact our technical support team.
The expanded hardware support demonstrates wolfSSL’s commitment to providing comprehensive security solutions across embedded systems, IoT devices, and enterprise applications.

Questions?

If you have questions about any of the above, please contact us at facts@wolfssl.com, call us at +1 425 245 8247, or visit our FAQ page for more information.
Download wolfSSL Now

Live webinar: Clarinox Wi-Fi and Bluetooth Integration with wolfSSL

Unlock secure, reliable wireless communication for your embedded devices.

In this webinar, wolfSSL and Clarinox will show how developers can integrate lightweight TLS 1.3 security with embedded wireless stacks to build safer, standards-compliant devices. You’ll learn how Clarinox Wireless Stacks leverage wolfSSL for FIPS 140-3 validated cryptography and post-quantum support. You’ll also learn how ClarinoxBlue and ClarinoxWiFi streamline Bluetooth® LE and Wi-Fi integration, followed by a demo that brings it all together.

Register now: Clarinox Wi-Fi and Bluetooth Integration with wolfSSL
Date: October 16th | 8 AM PT

This webinar will cover:

  • Secure Wireless Foundations: How wolfSSL TLS 1.3 and Clarinox stacks protect embedded devices
  • WPA Supplicant with wolfSSL: Strengthening Wi-Fi authentication with FIPS 140-3 validated cryptography
  • Bluetooth® LE & Wi-Fi Connectivity: Portable, scalable, and standards-compliant integration with ClarinoxBlue and ClarinoxWiFi
  • Demo & Code Insights: Real-world examples running WPA supplicant and Clarinox stacks with wolfSSL

Register now to learn how to build secure, connected systems with wolfSSL and Clarinox, and see these technologies in action.

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.

Download wolfSSL Now

New Docker containers for Python FIPS 140-3 integration

For developers seeking to implement FIPS 140-3 compliance in their secure Python applications, wolfSSL has already been offering effective solutions:

  • wolfProvider enables the use of wolfCrypt as the underlying crypto provider for OpenSSL.
  • The wolfSSL Python ports let you completely replace OpenSSL with wolfSSL in Python’s ssl module.

However, we understand that the initial setup – compiling wolfSSL with the right flags and correctly configuring the Python environment – can introduce friction, especially when you need to get a project off the ground quickly.

The wolfSSL Python containers

To streamline your development workflow, we’ve launched a new set of wolfSSL Docker containers which provide a ready-to-use Python environment pre-configured to use FIPS 140-3 validated wolfSSL technology.
We provide three different Dockerfiles. Which one you should choose depends on your needs:

  • Dockerfile.provider: uses wolfProvider to register wolfSSL as the default OpenSSL provider in the container. This results in a Python runtime that still uses OpenSSL, but with FIPS certified wolfSSL crypto underneath.
  • Dockerfile.provider-min: a simpler Dockerfile that achieves the same result as above. Instead of building Python on top of an Alpine base image, it directly uses the official Python Alpine image, making it easier to update to new Python versions.
  • Dockerfile.osp: uses the wolfSSL Python ports, resulting in a Python runtime that uses wolfSSL only. The Dockerfile also deletes traces of OpenSSL from the system to prevent OpenSSL usage, which may cause some non-Python applications to stop working. This solution is useful in strict FIPS scenarios where OpenSSL must be entirely excluded.

Getting started

Setting up these containers requires an active wolfCrypt FIPS license. Feel free to contact fips@wolfssl.com for more information.
Once you have the appropriate 7z archive password, building and running the containers is as simple as cloning the GitHub repository, writing your password to a password.txt file and executing make run-provider, make run-provider-min or make run-osp. Further information is available in the README.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

FIPS 140-3 Enabled WebKit2GTK with wolfSSL

wolfSSL is thrilled to announce that it is now possible to build FIPS 140-3 compliant applications using WebKit2GTK. This achievement comes from our recent porting efforts, integrating wolfSSL’s FIPS 140-3 certified cryptography (wolfCrypt) into core cryptographic libraries: GnuTLS, OpenSSL, and Gcrypt.
For developers in government, defense, finance, healthcare, and other regulated industries, this eliminates a key hurdle to deploying modern, secure Linux applications that must meet federal standards.

What is WebKitGTK?

  • WebKitGTK is the engine that renders web content inside most Linux applications, bringing browser-like capabilities to custom software.
  • WebKit: The open-source core rendering engine used in Apple’s Safari browser. It’s responsible for parsing HTML, CSS, and JavaScript, then rendering to display webpages.
  • GTK: A widely used toolkit for crafting graphical user interfaces (GUIs) on Linux, handling elements like windows, buttons, menus, and user interactions.
  • WebKitGTK: The integration layer that lets developers embed WebKit’s rendering power directly into GTK-based apps. This is ideal for building kiosks, secure browsers, information dashboards, or any app that needs to display web content without relying on a standalone browser.

How We Enable FIPS Compliance

WebKitGTK relies on cryptographic libraries for secure operations, including establishing TLS connections (e.g., HTTPS via GnuTLS in libsoup), certificate handling, and data encryption (usually via OpenSSL or libgcrypt). By porting wolfSSL’s FIPS 140-3 certified wolfCrypt module into these libraries, we’ve delivered a true drop-in solution. Depending on the algorithms your application uses, you may need no code changes at all, just rebuild with our patched libraries and your entire stack achieves FIPS compliance.

Question?

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

CRA Compliant curl

As the Cyber Resilience Act (CRA) is getting closer and companies wanting to sell digital services in goods within the EU need to step up, tighten their procedures, improve their documentation and get control over their dependencies I feel it could be timely to remind everyone:

We of course offer full support and fully CRA compliant curl versions to support customers.

curl is not a manufacturer as per the legislation’s terminology so we as a project don’t have those requirements, but we always have our ducks in order and we will gladly assist and help manufacturers to comply.

We have done internet transfers for the world for decades. Fast, securely, standards compliant, feature packed and rock solid. We make curl to empower the world’s digital infrastructure.

You can rely on us.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

Live Webinar: WolfGuard: FIPS 140-3 Enabled WireGuard

WireGuard is known for its simplicity, speed, and modern cryptography, but what if your deployment requires FIPS 140-3 validated security? That’s where WolfGuard comes in.

Join wolfSSL Software Engineer Lealem Amedie as he introduces WolfGuard, a FIPS 140-3 enabled WireGuard solution optimized for speed and cryptographic agility. Built on the FIPS-certified wolfCrypt library, WolfGuard delivers all of WireGuard’s functionality with the assurance of FIPS-approved algorithms.

Register Now: WolfGuard: FIPS 140-3 Enabled WireGuard
Date: October 8 | 9 AM PT

This webinar will cover:

  • WireGuard fundamentals and implementations (Linux, GO, BoringTun)
  • How WireGuard secures tunnels and encrypts data
  • FIPS 140-3, FedRAMP, and CMMC 2.0 compliance needs
  • How WolfGuard integrates FIPS into WireGuard with zero architectural changes
  • Real-world use cases + live demo with WolfGuard Go

If you need WireGuard with FIPS 140-3 compliance and zero complexity trade-offs, WolfGuard is your solution.

Register now to see WolfGuard in action and achieve compliance in your VPN deployments.

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

Every hardware cryptography scheme wolfSSL has ever enabled

At wolfSSL we support hardware cryptography for a wide range of platforms. The benefits of hardware cryptography include reduced code footprint size, improved security, acceleration of cryptographic operations, and utilization of . For example, this allows everything from wolfBoot to TLS cipher suites to enjoy acceleration of cryptographic operations.

Furthermore, we have deep partnerships with industry leaders such as Intel, NXP, and Renesas. We support standard Intel instruction extensions such as AES-NI, AVX, and ADX and BMI2, and have recently published a joint whitepaper on using wolfBoot with 11th Gen Intel Core processors. We also support NXP’s Cryptographic Accelerator and Assurance Module (CAAM), and have leveraged this for hardware acceleration on a number of NXP i.MX series processors. Other examples include Espressif and Analog Devices, to name but a few.

If you’re curious for a list of every hardware cryptography scheme and platform we have enabled, then read on:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • MAX32665 and MAX32665:
    AES >128, 192, 256 bit
    AESGCM/td> >128, 192, 256 bit
    RSA/td>
    ECC/td> NIST-P256
    SHA2/td> SHA-256

    Reference:

    1. a href=”https://www.wolfssl.com/max32666-and-max32665-hardware-acceleration-added-to-wolfssl/”>https://www.wolfssl.com/max32666-and-max32665-hardware-acceleration-added-to-wolfssl/

Do you have a platform requiring hardware cryptographic support that isn’t on our list? Or are you curious about benchmarking? Reach out to us at facts@wolfssl.com with the details of your platform and we will be glad to help you! Also, check out our wolfSSL and wolfCrypt benchmark page.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

wolfSSL Summer 2026 Internship Program – Bozeman, MT

wolfSSL is now accepting applications for our Summer 2026 Internship Program in Bozeman, MT! We offer students real-world experience in cybersecurity and embedded systems, within a fast-growing tech company.

Software Engineering Internship

Overview:
Interns who participate in this program gain valuable knowledge in SSL/TLS and the security industry as well as C programming experience on Linux and embedded systems. Throughout the summer, interns play a role in improving wolfSSL products – working on testing, documentation, examples, porting, marketing, and interacting with wolfSSL’s community.
This program is a great opportunity to be part of the Open Source project, learn how real-world software is created and maintained, gain work experience in the field of Computer Science, and work towards a potential future career with the wolfSSL team.

Requirements:

  • Currently pursuing a Bachelor’s or higher in Computer Science, Computer Engineering, or a related technical field
  • Experience and familiarity with C programming
  • Experience and familiarity with git and GitHub
  • Experience with embedded systems / microcontrollers, network programming, or Linux/Unix are a plus, but not a hard requirement for application.

Location:
The 2026 internship will be held in-person at the wolfSSL Bozeman, MT office. wolfSSL does not provide housing reimbursement, and interns must be able to relocate to Bozeman and find suitable housing for the summer.

Pay: $35/hour

Application Materials:

  • Resume and Cover Letter
  • C Programming Sample – A C application which best demonstrates your C programming ability. There are no requirements on the category or length of the application. Sample applications should be able to be compiled and run by wolfSSL recruiters.
  • Technical Writing Sample – A writing sample which best demonstrates your writing ability. There is no requirement of topic or length of this sample.

Apply Today

This internship offers valuable real-world experience and the opportunity to contribute to wolfSSL’s mission of securing billions of Internet connections. Interested candidates should send a resume, cover letter, and supporting materials to internships@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 211 212 213

Weekly updates

Archives