RECENT BLOG NEWS
wolfSSL 5.8.2 Now Available
wolfSSL 5.8.2 is now available! We are excited to announce the release of wolfSSL 5.8.2, packed with significant enhancements, introducing new functionalities, and refining existing features!
Important Notes for this Release
- GPLv3 Licensing: wolfSSL has transitioned from GPLv2 to GPLv3.
- Deprecated Feature: `–enable-heapmath` is now deprecated.
- MD5 Disabled by Default: For enhanced security, MD5 is now disabled by default.
Key Highlights of wolfSSL 5.8.2
Vulnerability Mitigations:
- ECC and Ed25519 Fault Injection Mitigation (Low): (Thanks to Kevin from Fraunhofer AISEC)
- Apple Native Cert Validation Override (High – CVE-2025-7395): (Thanks to Thomas Leong from ExpressVPN)
- Predictable `RAND_bytes()` after `fork()` (Medium – CVE-2025-7394): (Thanks to Per Allansson from Appgate)
- Curve25519 Blinding Enabled by Default (Low – CVE-2025-7396): (Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris)
New Features:
- Sniffer Enhancements: Support for multiple sessions and a new `ssl_RemoveSession()` API for cleanup.
- New ASN.1 X509 API: `wc_GetSubjectPubKeyInfoDerFromCert` for retrieving public key information.
- PKCS#12 Improvements: `wc_PKCS12_create()` now supports PBE_AES(256|128)_CBC key and certificate encryptions.
- PKCS#7 Decoding: Added `wc_PKCS7_DecodeEncryptedKeyPackage()` for decoding encrypted key packages.
- Linux Kernel Module Expansion: All AES, SHA, and HMAC functionality now implemented within the Linux Kernel Module.
- OpenSSL Compatibility Layer Additions: New APIs for X.509 extensions and RSA PSS: `i2d_PrivateKey_bio`, `BN_ucmp`, and `X509v3_get_ext_by_NID`.
- Platform Support: Added support for STM32N6.
- Assembly Optimizations: Implemented SHA-256 for PPC 32 assembly.
Improvements & Optimizations:
This release includes a wide range of improvements across various categories, including:
- Extensive Linux Kernel Module (LinuxKM) Enhancements: Numerous minor fixes, registrations, and optimizations for cryptography operations within the Linux Kernel Module.
- Post-Quantum Cryptography (PQC) & Asymmetric Algorithms: Updates to Kyber, backward compatibility for ML_KEM IDs, fixes for LMS building and parameters, and OpenSSL format support for ML-DSA/Dilithium.
- Build System & Portability: General build configuration fixes, improvements for older GCC versions, new CMakePresets, and default MD5 disabling.
- Testing & Debugging: Enhanced debugging output, additional unit tests for increased code coverage, and improved benchmark help options.
- Certificates & ASN.1: Improved handling of X509 extensions, fixed printing of empty names, and better error handling.
- TLS/DTLS & Handshake: Corrected group handling, improved DTLS record processing, and refined TLS 1.3 key derivation.
- Memory Management & Optimizations: Stack refactors, improved stack size with MLKEM and Dilithium, and heap math improvements.
- Cryptography & Hash Functions: Added options to disable assembly optimizations for SipHash and SHA3, and improved Aarch64 XFENCE.
- Platform-Specific & Hardware Integration: Explicit support for ESP32P4, public `wc_tsip_*` APIs, and enhanced PlatformIO certificate bundle support.
- General Improvements & Refactoring: Updated libspdm, fixed PEM key formatting, and improved API accessibility for certificate failure callbacks.
wolfSSL 5.8.2 also includes some nice bug fixes, addressing issues across various modules, ensuring greater stability and reliability. For a complete and detailed list of all changes, please refer to the full release notes.
We encourage all users to upgrade to wolfSSL 5.8.2 to take advantage of these important security updates, new features, and performance enhancements. Download the latest release.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 Enabled Linux Network Infrastructure with GnuTLS-wolfSSL
wolfSSL is thrilled to announce that core network infrastructure applications can now achieve FIPS 140-3 compliance through our GnuTLS-wolfSSL integration. This breakthrough comes from our ongoing work integrating wolfSSL’s FIPS 140-3 certified cryptography (wolfCrypt) into GnuTLS, enabling a true drop-in solution for Linux applications.
For developers and system administrators in government, defense, finance, healthcare, and other regulated industries, this eliminates a critical barrier to deploying secure network infrastructure that must meet federal compliance standards.
What We’ve Built
Unlike traditional approaches requiring extensive rewrites, our solution operates entirely behind the scenes. By patching GnuTLS at the library level with wolfCrypt’s certified cryptographic operations, applications can gain FIPS 140-3 compliance without changing a single line of their code. Simply rebuild with our patched GnuTLS library, and your entire networking stack achieves FIPS compliance.
We’re continuously validating this integration through CI/CD testing against 17 applications, testing target versions, latest releases, and master branches to ensure rock-solid compatibility. Our fork is now debianized, making deployment as simple as installing a standard Debian package.
Network Applications Now FIPS-Ready
chrony – The widely-deployed NTP implementation for time synchronization across Linux systems, critical for distributed infrastructure and audit logging.
NetworkManager – The standard Linux network connection manager that handles everything from WiFi to VPN connections in modern distributions.
libnice – Implements ICE protocol for NAT traversal, essential for WebRTC and real-time communication applications.
curl & wget – The ubiquitous data transfer utilities now gain a clear path to FIPS compliance for secure communications.
How We Enable FIPS Compliance
These applications rely on GnuTLS for TLS connections, certificate handling, and cryptographic operations. By integrating wolfSSL’s FIPS 140-3 certified wolfCrypt module into GnuTLS, we deliver a true drop-in solution. Depending on the algorithms your application uses, you may need no code changes at all, just rebuild with our patched library and achieve FIPS compliance across your network infrastructure.
The debianized package makes deployment straightforward: install our GnuTLS-wolfSSL package on your Debian-based system, and your network applications automatically benefit from FIPS-certified cryptography.
Questions?
Take a more in-depth look at our integration on the wolfSSL GitHub, if you need support we are more than happy to help you out, you can email us at support@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 Enabled Linux Desktop & Media Applications with GnuTLS-wolfSSL
wolfSSL is thrilled to announce that desktop, development, and media applications can now achieve FIPS 140-3 compliance through our GnuTLS-wolfSSL integration. This breakthrough comes from our ongoing work integrating wolfSSL’s FIPS 140-3 certified cryptography (wolfCrypt) into GnuTLS, enabling a true drop-in solution for Linux applications.
For developers and organizations in government, defense, finance, healthcare, and other regulated industries, this eliminates barriers to deploying user-facing applications and specialized libraries that must meet federal compliance standards.
What We’ve Built
Unlike traditional approaches requiring extensive rewrites, our solution operates entirely behind the scenes. By patching GnuTLS at the library level with wolfCrypt’s certified cryptographic operations, applications gain FIPS 140-3 compliance without changing a single line of their code. Simply rebuild with our patched GnuTLS library, and your entire application stack achieves FIPS compliance.
We’re continuously validating this integration through CI/CD testing against 17 applications, testing target versions, latest releases, and master branches to ensure rock-solid compatibility. Our fork is now debianized, making deployment as simple as installing a standard Debian package.
Desktop & Media Applications Now FIPS-Ready
glib-networking – The GNOME network stack that provides TLS support for countless GTK-based applications across Linux desktops.
libvnc – Enables VNC client and server functionality for remote desktop access and support tools.
libvte – The terminal emulator widget library used by GNOME Terminal and other popular Linux terminal applications.
libcups – The Common Unix Printing System library that handles secure printing operations across networks.
libcamera – Modern camera support library for Linux systems, handling secure camera data streams.
QPDF – PDF manipulation library for viewing, editing, and transforming PDF documents securely.
libjcat – Archive verification library used by fwupd and other tools for validating signed package integrity.
RTMP – Real-Time Messaging Protocol implementation for secure streaming media applications.
How We Enable FIPS Compliance
These applications rely on GnuTLS for TLS connections, certificate handling, secure communications, and cryptographic operations. By integrating wolfSSL’s FIPS 140-3 certified wolfCrypt module into GnuTLS, we deliver a true drop-in solution. Depending on the algorithms your application uses, you may need no code changes at all, just rebuild with our patched library and achieve FIPS compliance across your desktop and media applications.
The debianized package makes deployment straightforward: install our GnuTLS-wolfSSL package on your Debian-based system, and your applications automatically benefit from FIPS-certified cryptography.
Questions?
Take a more in-depth look at our integration on the wolfSSL GitHub, if you need support we are more than happy to help you out, you can email us at support@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.
Download wolfSSL Now
New Keystores and Secure Elements Added to wolfSSL (5.8.2)
wolfSSL continues to expand its hardware security ecosystem with significant new additions over the past year. Here are the latest keystores and secure elements now supported by our cryptographic library:
New Secure Element Support
TROPIC01 Secure Element
wolfSSL now includes dedicated crypto callback functions for the TROPIC01 secure element, providing seamless hardware-backed cryptographic operations for enhanced security applications.
Enhanced STM32 Hardware Security
STM32MP135F Platform
Complete hardware acceleration suite featuring:
- STM32CubeIDE integration
- Hardware Abstraction Layer (HAL) support for SHA-2 and SHA-3
- AES hardware acceleration
- Hardware RNG integration
- ECC cryptographic operations
Additional STM32 Variants
- STM32H5 – Advanced performance microcontroller with enhanced security features
- STM32WBA – Wireless connectivity focused platform for IoT security
- STM32G4 – General purpose microcontroller series with crypto acceleration
- STM32U575xx – Ultra-low-power microcontroller boards for battery-powered secure devices
- STM32 Cube Expansion Pack – Enhanced development environment support
Expanded Renesas Security Solutions
Renesas TSIP v1.15
Enhanced support for RX65N and RX72N platforms including:
- RSA Public Encrypt and Private Decrypt operations
- AES-CTR mode hardware acceleration
- Improved cryptographic performance
Renesas SCE Integration
New crypto-only RSA support providing dedicated hardware acceleration without requiring full TLS integration.
Development Board and Platform Support
Raspberry Pi Enhanced Support
- RP2350 – Latest generation with enhanced RNG optimizations
- RP2040 – Improved support with performance-optimized random number generation
RISC-V Platform
- SiFive HiFive Unleashed Board – Complete RISC-V development board support for hardware-accelerated cryptography
Operating System and Bootloader Integration
Zephyr Project RTOS
Full integration with the Zephyr real-time operating system, including:
- TPM usage examples
- Hardware security integration
- Real-time cryptographic operations
U-Boot Bootloader
Secure boot integration supporting:
- TPM-based measured boot
- Hardware security module validation
- Boot integrity verification
Microchip Harmony (MPLABX)
Complete development ecosystem support including:
- SPI HAL integration
- Benchmarking tools
- Development environment optimization
Advanced Infineon Security Features
Infineon TriCore (TC2XX/TC3XX)
Hardware security module support with comprehensive TPM integration using the WOLFTPM_INFINEON_TRICORE macro.
Infineon SLB9672/SLB9673
Advanced TPM modules featuring:
- Secure firmware update capabilities
- Enhanced I2C communication
- Industrial-grade security certification
Infineon Development Tools
- Modus Toolbox – Integrated development environment
- CyHal I2C/SPI – Hardware abstraction layer support
Additional TPM Hardware
Nations NS350
New TPM 2.0 module support expanding our certified hardware ecosystem for secure applications.
Memory Mapped I/O (MMIO) TPMs
Direct memory access support for TPM modules, enabling:
- Faster cryptographic operations
- Reduced system overhead
- Simplified hardware integration
Development Environment Enhancements
Espressif IDE Support
Complete integration with Espressif’s development environment for ESP32 and related platforms.
Windows Visual Studio
New project templates and GitHub Actions testing for Windows development environments.
Advanced Security Features
Pre-provisioned Device Identity Keys
Support for manufacturer-provisioned security credentials, enabling:
- Zero-touch device provisioning
- Factory-sealed security credentials
- Simplified device authentication
Secure Firmware Update
Advanced firmware update capabilities for supported TPM modules with cryptographic verification and rollback protection.
Getting Started
These new hardware security features are available in wolfSSL version 5.7.0 and later, with wolfTPM version 3.0.0 and later. To enable support for your specific platform, consult our documentation or contact our technical support team.
The expanded hardware support demonstrates wolfSSL’s commitment to providing comprehensive security solutions across embedded systems, IoT devices, and enterprise applications.
Questions?
If you have questions about any of the above, please contact us at facts@wolfssl.com, call us at +1 425 245 8247, or visit our FAQ page for more information.
Download wolfSSL Now
Live webinar: Clarinox Wi-Fi and Bluetooth Integration with wolfSSL
Unlock secure, reliable wireless communication for your embedded devices.
In this webinar, wolfSSL and Clarinox will show how developers can integrate lightweight TLS 1.3 security with embedded wireless stacks to build safer, standards-compliant devices. You’ll learn how Clarinox Wireless Stacks leverage wolfSSL for FIPS 140-3 validated cryptography and post-quantum support. You’ll also learn how ClarinoxBlue and ClarinoxWiFi streamline Bluetooth® LE and Wi-Fi integration, followed by a demo that brings it all together.
Register now: Clarinox Wi-Fi and Bluetooth Integration with wolfSSL
Date: October 16th | 8 AM PT
This webinar will cover:
- Secure Wireless Foundations: How wolfSSL TLS 1.3 and Clarinox stacks protect embedded devices
- WPA Supplicant with wolfSSL: Strengthening Wi-Fi authentication with FIPS 140-3 validated cryptography
- Bluetooth® LE & Wi-Fi Connectivity: Portable, scalable, and standards-compliant integration with ClarinoxBlue and ClarinoxWiFi
- Demo & Code Insights: Real-world examples running WPA supplicant and Clarinox stacks with wolfSSL
Register now to learn how to build secure, connected systems with wolfSSL and Clarinox, and see these technologies in action.
As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.
Download wolfSSL Now
New Docker containers for Python FIPS 140-3 integration
For developers seeking to implement FIPS 140-3 compliance in their secure Python applications, wolfSSL has already been offering effective solutions:
- wolfProvider enables the use of wolfCrypt as the underlying crypto provider for OpenSSL.
- The wolfSSL Python ports let you completely replace OpenSSL with wolfSSL in Python’s ssl module.
However, we understand that the initial setup – compiling wolfSSL with the right flags and correctly configuring the Python environment – can introduce friction, especially when you need to get a project off the ground quickly.
The wolfSSL Python containers
To streamline your development workflow, we’ve launched a new set of wolfSSL Docker containers which provide a ready-to-use Python environment pre-configured to use FIPS 140-3 validated wolfSSL technology.
We provide three different Dockerfiles. Which one you should choose depends on your needs:
- Dockerfile.provider: uses wolfProvider to register wolfSSL as the default OpenSSL provider in the container. This results in a Python runtime that still uses OpenSSL, but with FIPS certified wolfSSL crypto underneath.
- Dockerfile.provider-min: a simpler Dockerfile that achieves the same result as above. Instead of building Python on top of an Alpine base image, it directly uses the official Python Alpine image, making it easier to update to new Python versions.
- Dockerfile.osp: uses the wolfSSL Python ports, resulting in a Python runtime that uses wolfSSL only. The Dockerfile also deletes traces of OpenSSL from the system to prevent OpenSSL usage, which may cause some non-Python applications to stop working. This solution is useful in strict FIPS scenarios where OpenSSL must be entirely excluded.
Getting started
Setting up these containers requires an active wolfCrypt FIPS license. Feel free to contact fips@wolfssl.com for more information.
Once you have the appropriate 7z archive password, building and running the containers is as simple as cloning the GitHub repository, writing your password to a password.txt file and executing make run-provider, make run-provider-min or make run-osp. Further information is available in the README.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 Enabled WebKit2GTK with wolfSSL
wolfSSL is thrilled to announce that it is now possible to build FIPS 140-3 compliant applications using WebKit2GTK. This achievement comes from our recent porting efforts, integrating wolfSSL’s FIPS 140-3 certified cryptography (wolfCrypt) into core cryptographic libraries: GnuTLS, OpenSSL, and Gcrypt.
For developers in government, defense, finance, healthcare, and other regulated industries, this eliminates a key hurdle to deploying modern, secure Linux applications that must meet federal standards.
What is WebKitGTK?
- WebKitGTK is the engine that renders web content inside most Linux applications, bringing browser-like capabilities to custom software.
- WebKit: The open-source core rendering engine used in Apple’s Safari browser. It’s responsible for parsing HTML, CSS, and JavaScript, then rendering to display webpages.
- GTK: A widely used toolkit for crafting graphical user interfaces (GUIs) on Linux, handling elements like windows, buttons, menus, and user interactions.
- WebKitGTK: The integration layer that lets developers embed WebKit’s rendering power directly into GTK-based apps. This is ideal for building kiosks, secure browsers, information dashboards, or any app that needs to display web content without relying on a standalone browser.
How We Enable FIPS Compliance
WebKitGTK relies on cryptographic libraries for secure operations, including establishing TLS connections (e.g., HTTPS via GnuTLS in libsoup), certificate handling, and data encryption (usually via OpenSSL or libgcrypt). By porting wolfSSL’s FIPS 140-3 certified wolfCrypt module into these libraries, we’ve delivered a true drop-in solution. Depending on the algorithms your application uses, you may need no code changes at all, just rebuild with our patched libraries and your entire stack achieves FIPS compliance.
Question?
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
CRA Compliant curl
As the Cyber Resilience Act (CRA) is getting closer and companies wanting to sell digital services in goods within the EU need to step up, tighten their procedures, improve their documentation and get control over their dependencies I feel it could be timely to remind everyone:
We of course offer full support and fully CRA compliant curl versions to support customers.
curl is not a manufacturer as per the legislation’s terminology so we as a project don’t have those requirements, but we always have our ducks in order and we will gladly assist and help manufacturers to comply.
We have done internet transfers for the world for decades. Fast, securely, standards compliant, feature packed and rock solid. We make curl to empower the world’s digital infrastructure.
You can rely on us.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
Live Webinar: WolfGuard: FIPS 140-3 Enabled WireGuard
WireGuard is known for its simplicity, speed, and modern cryptography, but what if your deployment requires FIPS 140-3 validated security? That’s where WolfGuard comes in.
Join wolfSSL Software Engineer Lealem Amedie as he introduces WolfGuard, a FIPS 140-3 enabled WireGuard solution optimized for speed and cryptographic agility. Built on the FIPS-certified wolfCrypt library, WolfGuard delivers all of WireGuard’s functionality with the assurance of FIPS-approved algorithms.
Register Now: WolfGuard: FIPS 140-3 Enabled WireGuard
Date: October 8 | 9 AM PT
This webinar will cover:
- WireGuard fundamentals and implementations (Linux, GO, BoringTun)
- How WireGuard secures tunnels and encrypts data
- FIPS 140-3, FedRAMP, and CMMC 2.0 compliance needs
- How WolfGuard integrates FIPS into WireGuard with zero architectural changes
- Real-world use cases + live demo with WolfGuard Go
If you need WireGuard with FIPS 140-3 compliance and zero complexity trade-offs, WolfGuard is your solution.
Register now to see WolfGuard in action and achieve compliance in your VPN deployments.
As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
Every hardware cryptography scheme wolfSSL has ever enabled
At wolfSSL we support hardware cryptography for a wide range of platforms. The benefits of hardware cryptography include reduced code footprint size, improved security, acceleration of cryptographic operations, and utilization of . For example, this allows everything from wolfBoot to TLS cipher suites to enjoy acceleration of cryptographic operations.
Furthermore, we have deep partnerships with industry leaders such as Intel, NXP, and Renesas. We support standard Intel instruction extensions such as AES-NI, AVX, and ADX and BMI2, and have recently published a joint whitepaper on using wolfBoot with 11th Gen Intel Core processors. We also support NXP’s Cryptographic Accelerator and Assurance Module (CAAM), and have leveraged this for hardware acceleration on a number of NXP i.MX series processors. Other examples include Espressif and Analog Devices, to name but a few.
If you’re curious for a list of every hardware cryptography scheme and platform we have enabled, then read on:
- AES-NI: Intel 64 and IA-32 Xeon and Core, and AMD Zen processor families.
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit References:
- AVX1/AVX2: Intel and AMD x86.
SHA3, SHA2 SHA-256, SHA-384, SHA-512 AES–GCM 128, 192, 256 bits ChaCha20-Poly1305 256 bit AEAD stream cipher Poly1305 References:
- Intel ADX and BMI2: Intel and AMD x86.
RSA Curve25519 256 bit Ed25519 256 bit References:
- RDRAND/RDSEED: Intel 64 and IA-32, and AMD Zen processor families.
RNG References:
- Platform Security Architecture (PSA) Crypto API:
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit SHA2 SHA-224, SHA-256 SHA1 ECC 256 bit (NIST-P256) RNG References:
- NXP Coldfire SEC: (MCF547X and MCF548X family of processors)
AES–CBC 128, 192, 256 bit 3DES–CBC 192 bit DES–CBC 64 bit References:
- NXP Coldfire CAU/mmCAU: (NXP Coldfire and Kinetis)
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit 3DES–CTR SHA2 SHA-256 SHA1 HMAC SHA1, SHA2 MD5 References:
- STMicroeletronics: STM32MP135
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CTR 128, 192, 256 bit AES–CBC 128, 192, 256 bit DES/3DES–CBC 64 bit / 192 bit SHA2 SHA-224, SHA-256, SHA-384, SHA-512 SHA3 RNG References:
- STMicroeletronics: STM32H753ZI, STM32H573I, STM32F437, STM32F777, STM32L4A6Z, STM32L562E, STM32U585
AES–CCM 128, 192, 256 bit AES–GCM 128, 192, 256 bit AES–CTR 128, 192, 256 bit AES–CBC 128, 192, 256 bit DES/3DES–CBC 64 bit / 192 bit SHA2 SHA-224, SHA-256 RNG References:
- STMicroeletronics: STM32WBA52, STM32WB55, STM32WL55
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CTR 128, 192, 256 bit AES–CBC 128, 192, 256 bit SHA2 SHA-256 ECC 256 bit (NIST-P256) RNG References:
- Marvell (Cavium) Nitrox V and III:
AES–GCM 128 bit AES–CBC 128, 192, 256 bit RSA 2048 bit ECC ECDSA RNG References:
- Marvell (Cavium) Octeon II/III:
AES–GCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit 3DES–CBC References:
- Microchip PIC32 MX/MZ:
AES–CTR 128, 192, 256 bit AES–CBC 128, 192, 256 bit DES/3DES–CBC 64 bit / 192 bit SHA2 SHA-256 SHA1 HMAC SHA1, SHA2 MD5 References:
- Texas Instruments Crypto Connected Launchpad: (TI TM4C series boards)
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit DES–CBC 64 bit 3DES–CBC 192 bit SHA2 SHA-224, SHA-256 SHA1 MD5 References:
- Nordic NRF5x:
AES–ECB 128 bit RNG References:
- Microchip/Atmel ATECC508A/ATECC608A:
ECC 256 bit (NIST-P256) References:
- Espressif ESP32: ESP32, ESP32-C3, ESP32-C6, ESP32-S2, ESP32-S3
AES–GCM 128, 192, 256 bits AES–CBC 128, 192, 256 bits RSA Up to 4096 bits SHA2 SHA-224, SHA-256, SHA-384, SHA-512 SHA1 RNG Note: Support for all AES/RSA bit sizes and truncated SHA2 acceleration will vary across devices. E.g. no AES-192 HW on the S2, S3, and no SHA-384, SHA-512 HW support on C3, C6. Consult the user_settings.h in reference 3 for more info.
References:
- ARMV8:
AES–GCM 128, 192, 256 bits AES–CCM 128, 192, 256 bits AES–CBC 128, 192, 256 bits SHA256 Referenece:
- Arm® TrustZone® CryptoCell-310: nRF52840
RSA 2048 bits AES–CBC 128, 192, 256 bit ECC 256 bit ECDSA 256 bit SHA256 SRNG Reference:
- Intel QuickAssist Technology:
RSA 2048 bits AES–GCM 128, 192, 256 bits AES–CBC 128, 192, 256 bits 3DES SHA2 SHA-256, SHA-384, SHA-512 SHA1 HMAC SHA1, SHA2 MD5 Reference:
- NXP LTC (KSDK):
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit DES/3DES ECC 256 bit ECDSA 256 bit Curve25519 256 bit Ed25519 256 bit SHA2 SHA-256, SHA-384, SHA-512 SHA1 HMAC SHA1, SHA2 MD5 Reference:
- CAAM: NXP i.MX 6, i.MX 7, and i.MX 8
AES–GCM 128, 192, 256 bits AES–CCM 128, 192, 256 bits AES–CTR 128, 192, 256 bits AES–XTS 128, 192, 256 bits ECC Curve25519 256 bit SHA2 SHA-256, SHA-384, SHA-512 SHA1 HMAC SHA1, SHA2 Reference:
- Silicon Labs EFR32:
AES–GDM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit SHA2 SHA-224, SHA-256 SHA1 ECC 256 bit ECDSA 256 bit RNG Reference:
- Renesas RX65N and RX72N:
AES–GCM 128, 256 bit AES–CBC 128, 256 bit SHA2 SHA-256, SHA-512 SHA1 HMAC SHA1, SHA2 RNG Reference:
- Renesas Synergy DK-S7G2:
RSA 2048 bits AES–CBC 128 bit SHA2 SHA-256 SHA1 HMAC SHA1, SHA2 ECC 256 bit ECDSA 256 bit Reference:
- Cypress PSoC6 (32-bit Arm Cortex M4):
SHA2 SHA-256, SHA-512 ECC Supports up to NIST P-521 - Xilinx Versal:
AES–GCM 256 bit RSA 2048 bit ECC NIST P-384, P-521 SHA3 SHA-384 RNG Reference:
- Xilinx Zynq UltraScale+ MPSoC:tr>RNGSHA-384
AES–GCM 256 bit RSA 256 bit ECC NIST P-384, P-521 SHA3 SHA-384 Reference:
- Xilinx Zynq UltraScale+ MPSoC
AES–GCM 256 bit RSA 2048, 4096 bits SHA3 SHA-384 Reference:
- MAXQ1065 and MAXQ1080:
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit ECC NIST-P256 ECC SHA2 SHA-256 Reference:
- MAX32665 and MAX32665:
AES– >128, 192, 256 bit AES–GCM/td> >128, 192, 256 bit RSA/td> ECC/td> NIST-P256 SHA2/td> SHA-256 Reference:
- a href=”https://www.wolfssl.com/max32666-and-max32665-hardware-acceleration-added-to-wolfssl/”>https://www.wolfssl.com/max32666-and-max32665-hardware-acceleration-added-to-wolfssl/
Do you have a platform requiring hardware cryptographic support that isn’t on our list? Or are you curious about benchmarking? Reach out to us at facts@wolfssl.com with the details of your platform and we will be glad to help you! Also, check out our wolfSSL and wolfCrypt benchmark page.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now
wolfSSL Summer 2026 Internship Program – Bozeman, MT
wolfSSL is now accepting applications for our Summer 2026 Internship Program in Bozeman, MT! We offer students real-world experience in cybersecurity and embedded systems, within a fast-growing tech company.
Software Engineering Internship
Overview:
Interns who participate in this program gain valuable knowledge in SSL/TLS and the security industry as well as C programming experience on Linux and embedded systems. Throughout the summer, interns play a role in improving wolfSSL products – working on testing, documentation, examples, porting, marketing, and interacting with wolfSSL’s community.
This program is a great opportunity to be part of the Open Source project, learn how real-world software is created and maintained, gain work experience in the field of Computer Science, and work towards a potential future career with the wolfSSL team.
Requirements:
- Currently pursuing a Bachelor’s or higher in Computer Science, Computer Engineering, or a related technical field
- Experience and familiarity with C programming
- Experience and familiarity with git and GitHub
- Experience with embedded systems / microcontrollers, network programming, or Linux/Unix are a plus, but not a hard requirement for application.
Location:
The 2026 internship will be held in-person at the wolfSSL Bozeman, MT office. wolfSSL does not provide housing reimbursement, and interns must be able to relocate to Bozeman and find suitable housing for the summer.
Pay: $35/hour
Application Materials:
- Resume and Cover Letter
- C Programming Sample – A C application which best demonstrates your C programming ability. There are no requirements on the category or length of the application. Sample applications should be able to be compiled and run by wolfSSL recruiters.
- Technical Writing Sample – A writing sample which best demonstrates your writing ability. There is no requirement of topic or length of this sample.
Apply Today
This internship offers valuable real-world experience and the opportunity to contribute to wolfSSL’s mission of securing billions of Internet connections. Interested candidates should send a resume, cover letter, and supporting materials to internships@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- October 2025 (12)
- September 2025 (22)
- August 2025 (23)
- July 2025 (27)
- June 2025 (22)
- May 2025 (25)
- April 2025 (24)
- March 2025 (22)
- February 2025 (21)
- January 2025 (23)
- December 2024 (22)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)