wolfSSL v3.15.5 was released last week which features many new additions to the library. One of those options is the availability of a TLS 1.3 only build, which enables the wolfSSL embedded SSL/TLS library to built such that use of TLS 1.2 and prior protocols is effectively disabled.
The TLS 1.3 only build is useful when forward secrecy and extra security are desired in embedded systems or applications. This option will cause attempted connections with other clients or servers to fail during the handshake unless they support the use of TLS 1.3, which prevents insecure connections from even being formed in the first place. Additionally, this TLS 1.3 option also streamlines the library. By enabling just TLS 1.3, the portions of the library that provide functionality for prior TLS protocol versions are not included when building the library, reducing the build size.
The newest version of wolfSSL can be downloaded from the download page. To build the wolfSSL library in TLS 1.3 only mode once downloaded, it requires the following options be used when running the configure script:
--enable-tls13 --disable-tlsv12 --disable-oldtls
References
wolfSSL v3.15.5 release notes: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
Differences between SSL/TLS protocol versions: https://www.wolfssl.com/differences-between-ssl-and-tls-protocol-versions-3/
Please contact us at facts@wolfssl.com with questions about using TLS 1.3 with wolfSSL, or compiling the library for your platform.