As the demand for secure embedded connectivity grows, the need for robust, lightweight protocols on bare-metal systems becomes critical. wolfSSL is proud to announce that wolfIP now includes comprehensive secure communication support for the STM32H563 (NUCLEO-H563ZI) board, bringing modern security standards to your bare-metal applications.
This update introduces full integration with wolfSSL, wolfSSH, and wolfMQTT, enabling a suite of secure features including TLS 1.3, an interactive SSH shell, and secure IoT messaging.
TLS 1.3: Secure Connectivity Foundation The transition to secure networking requires modern encryption standards. The STM32H563 port now supports TLS 1.3 client and server capabilities backed by wolfSSL’s FIPS-ready cryptography:
- TLS Echo Server: Operates on port 8443, demonstrating secure inbound connections.
- TLS Client: Capable of outbound connections, including connectivity tests to external services (e.g., Google).
- Cipher Suites: robust support for ECC P-256 with ChaCha20-Poly1305 and AES-GCM.
SSH & HTTPS: Secure Remote Management For secure device management and monitoring, wolfIP now implements fully functional SSH and HTTPS servers optimized for the STM32H5 memory constraints:
- Interactive SSH Shell: Running on port 22, this feature provides a remote command-line interface with password authentication (default: admin/wolfip). Built-in commands include help, info, uptime, and exit.
- HTTPS Web Server: A minimal footprint status page on port 443 that displays real-time device info, IP address, and system uptime.
MQTT: IoT Messaging For Industrial IoT (IIoT) applications, we have added a non-blocking MQTT client:
- Secure Broker Connection: Connects securely to MQTT brokers on port 8883 using TLS 1.3.
- State Machine Architecture: Implements a non-blocking design (IDLE ? CONNECTING ? TLS ? MQTT_CONNECT ? CONNECTED) perfect for main-loop integration.
- Status Publishing: Automatically publishes device status to the wolfip/status topic.
Optimized for Embedded constraints To support these features on bare-metal hardware, we have integrated new I/O glue layers and memory optimizations. This includes reduced window sizes (4KB for SSH) and optimized buffer usage to fit comfortably within the STM32H563’s 640KB SRAM.
Getting Started To explore these new features, you can build the project with specific flags to enable the protocols you need. The new build system supports modular compilation:
Bash make ENABLE_TLS=1 # TLS only make ENABLE_TLS=1 ENABLE_SSH=1 # TLS + SSH Server make ENABLE_TLS=1 ENABLE_MQTT=1 # TLS + MQTT Client make ENABLE_TLS=1 ENABLE_HTTPS=1 # TLS + HTTPS Server
You can find the new implementation files in the source code to help guide your integration:
- tls_server.c / tls_client.c
- ssh_server.c
- mqtt_client.c
For more details and full documentation, view the Pull Request #14 on GitHub.
Interested in a commercial license or consulting for your embedded security project? Contact us at facts@wolfssl.com or call +1 425 245 8247.
Download wolfSSL Now