WOLFSSL VERSUS OPENSSL
Many people are curious about how wolfSSL compares to OpenSSL and what benefits there are to using an SSL/TLS library that has been designed for the elite software designer. OpenSSL is free and presents no initial costs to begin using, but wolfSSL provides you with more flexibility, an easier integration of SSL/TLS into your existing platform, current standards support, consistent and regular bug fixes, and much more – all provided under a very easy-to-use license model. We’ve designed wolfSSL to maximum flexibility to allow you the best trade-offs to minimize footprint, minimize memory usage and maximize performance.
wolfSSL has multiple ways you can migrate from OpenSSL to wolfSSL
- OpenSSL Compatibility Layer - The wolfSSL OpenSSL compatibility layer is a means to switch applications designed for OpenSSL over to use wolfSSL. The compatibility layer is a series of commonly used and essential API that users can utilize to transition from OpenSSL to wolfSSL.
- wolfEngine - wolfEngine is a FIPS-certified crypto module (wolfCrypt) with an OpenSSL Engine shim layer above it which allow it to override the cryptographic implementation in OpenSSL 1.x.y legacy releases.
- wolfProvider - similar to wolfEngine, wolfProvider is an OpenSSL 3.x.y and 4.x.y provider, allowing you to use the latest version of OpenSSL backed by our FIPS-certified wolfCrypt library.
All of these solutions are an excellent pathway for users looking to get FIPS compliance fast without modifying their code, as they are all backed by wolfCrypt, a cryptographic software API library.
The outline below highlights the key differences between wolfSSL and OpenSSL.
Memory Usage
With a possible 20-100kB build size and runtime memory usage of around 36kB, wolfSSL can be orders of magnitude smaller than OpenSSL. In an environment where footprint size is critical or a large cloud environment where memory usage per connection makes a big impact on the performance and success of a project, wolfSSL is an optimal SSL and cryptography solution. As we like to say, wolfSSL operates on the full spectrum between Big Iron and Bare Metal.
Standards Support
wolfSSL is up-to-date with the most recent standards: TLS 1.3 and DTLS 1.3. With security issues in older versions becoming more and more prominent, it becomes evident that the most recent versions of TLS and DTLS should be used - both of which wolfSSL fully supports on both the client and server side. The wolfSSL team is dedicated to supporting new standards as they become available in the future, keeping wolfSSL always up-to-date. This includes the move to Post-Quantum Cryptography which will not be coming to the older versions of (D)TLS.
Progressive Ciphers
wolfSSL is progressive with support for new secure and high-performance ciphers, including ChaCha20, Poly1305, Curve25519, Ed25519, Curve448, Ed448 , Post-Quantum Cryptography, SHA-3, ASCON and the SHANG-MI ciphers. wolfSSL’s underlying cryptography library is called wolfCrypt. wolfSSL has also completed the integration of the NiST standardized Post-Quantum algorithms and has even completed FIPS 140-3 CAVP certification of them! Email us at facts@wolfssl.com for our most current status on the integration!
Company-Backed
wolfSSL is backed by an outstanding company who cares about its users and about their security, and who actively works to support, improve and expand the library. The wolfSSL team is based in Bozeman, Portland, and Seattle, but with members across every time zone, we are always willing to help.
Ease of Use
OpenSSL is burdened with truckloads of legacy code that are difficult to maintain and keep up to date. It also has a hard requirement for a POSIX API. wolfSSL was written from the beginning with modularity and maintenance in mind. Because of this mindset, wolfSSL has been developed with a simple and documented API, standard C89 compliant code and easy-to-use abstraction layers for OS, Custom I/O, hardware accelerated crypto engines along with clear usage examples.
Portability
wolfSSL is the leading SSL/TLS library for real-time, mobile, embedded, and enterprise systems, by virtue of its breadth of platform support and successful implementations. With a long list of supported platforms out of the box, your time to market can be decreased dramatically by using wolfSSL. OpenSSL’s hard requirement for an underlying POSIX API makes porting to most platforms untenable.
License
wolfSSL is dual licensed under both the GPLv3 as well as a commercial license, where OpenSSL is available under unvetted licenses depending on the release branch you are using. Dealing with this can cause a headache for your legal department. If you need special licensing terms, let us know and we can get you what you need when licensing wolfSSL.
wolfSSL is powered by the wolfCrypt library. wolfSSL is currently the leader in embedded FIPS certificates. The wolfCrypt module holds the world’s first SP800-140Br1-compliant FIPS 140-3 Validation Certificate. We also maintain ongoing support for two historical FIPS 140-2 certificates for the wolfCrypt Cryptographic Module: #2425 and #3389 (services for products in the field are on-going). Certificate #3389 includes algorithm support required for TLS 1.3 and can be used in conjunction with the wolfSSL embedded SSL/TLS library for full TLS 1.3 client and server support. Additionally, wolfSSL has obtained FIPS 140-3 Validated Certificate #4718 and #5041 and ACVP certification for our Post-Quantum Cryptographic algorithms (ML-KEM, ML-DSA, SLH-DSA, and LMS (verification-only). For additional information, visit our FIPS FAQ page or contact fips@wolfssl.com
Support
wolfSSL was written from the ground up and is maintained and developed by the original developers. Available directly by phone, email, github issue tracker, or the wolfSSL product support forums, your questions are answered quickly and accurately to help you make progress on your project as quickly as possible.
General Questions
General product questions, FIPS, porting, etc.
Email: facts@wolfssl.com
Phone: +1 (425) 245-8247
Licensing Questions
Open source or Commercial license questions or inquiries.
Email: licensing@wolfssl.com