wolfSSL is actively developing a new FIPS 140-3 certificate that incorporates NIST’s finalized post-quantum algorithms (FIPS 203, 204, 205), reflecting its ongoing commitment to long-term compliance, regulatory readiness, and early adoption of emerging cryptographic standards.

Initial PQC-enabled FIPS configurations are available for integration and evaluation, supporting CNSA 2.0-aligned use cases. The formal CMVP submission is in process, with customers able to include specific Operating Environments (OEs) in the base validation.

Regulatory Readiness and Long-Lifecycle Security

“Organizations building long-lifecycle systems are increasingly aware of risks described as Harvest Now, Decrypt Later and Trust Now, Forge Later,” said Todd Ousks, wolfSSL Inc. CTO. Furthermore, “To address these emerging threats, wolfSSL is building post-quantum algorithms on its FIPS 140-3 validated cryptographic foundation, giving customers a standards-based solution for long-term confidentiality and integrity.”

Supported Post-Quantum Algorithms (FIPS 203–205)

The new wolfCrypt FIPS 140-3 certificate incorporates post-quantum algorithms standardized by NIST to provide both key establishment and digital signature capabilities. For key establishment, wolfSSL supports ML-KEM as defined in FIPS 203, enabling quantum-resistant encryption of session keys. For digital signatures, the certificate includes both ML-DSA (FIPS 204) and SLH-DSA (FIPS 205), offering robust post-quantum signature verification for software, firmware, and device authentication.

In addition, wolfCrypt provides support for stateless hash-based signature verification using LMS and XMSS, ensuring long-term integrity in applications that require high-assurance signature verification. Together, these algorithms form a comprehensive post-quantum cryptographic foundation within a FIPS 140-3 validated environment.

Hybrid PQC and FIPS Migration Strategy

wolfSSL’s hybrid approach combines conventional FIPS-approved algorithms with post-quantum algorithms as supported by the publication of SP800-227, enabling incremental migration while maintaining interoperability and compliance during the transition.

Entropy and Compliance Foundation

A core requirement of any FIPS validation is a compliant entropy source.

wolfSSL’s FIPS submissions are supported by wolfEntropy, a software-based true random number generator, with an accompanying Entropy Source Validation (ESV) certificate. This ensures a consistent and compliant entropy foundation for current and future FIPS 140-3 submissions, including post-quantum configurations.

Availability, Maintenance, and Long-Term Support

wolfSSL provides ongoing updates and long-term support to ensure continued compliance throughout the certificate lifecycle. Its evergreen licensing model simplifies integration and reduces administrative overhead, while customers can include specific OEs in the base submission to ensure a smooth path for future post-quantum upgrades.

Positioning for the Post-Quantum Transition

wolfSSL is introducing a new FIPS 140-3 certificate with NIST-standardized post-quantum algorithms (FIPS 203–205), extending our validated cryptographic foundation to provide quantum-resistant key establishment and digital signatures.

This effort builds on wolfSSL’s extensive CMVP process experience in delivering FIPS 140-3 validations. For existing FIPS customers, the new certificate ensures continuity and a clear upgrade path to post-quantum security.

Learn more

For more information about wolfSSL’s post-quantum FIPS 140-3 validation effort, contact your existing wolfSSL representative or email fips@wolfssl.com.

Visit us at SmallSat Symposium 2026, Booth #44, and don’t miss our joint presentation with VORAGO Technologies on February 10th at 10 AM PT in Room Lovelace.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now