Road to embedded world '23: Bozeman, Montana, wolfSSL

By Chad Cox

Production Editor

Embedded Computing Design

February 06, 2023


Road to embedded world '23: Bozeman, Montana, wolfSSL

wolfSSL will be arriving at embedded world 2023 showcasing its embedded TLS library, a portable, C-language-based SSL/TLS library for applications in the areas of IoT, embedded, and RTOS environments. While attending ew '23, stop by booth 4-610 and say hello to wolfSSL.

The Industry standards TLS 1.3 and DTLS 1.3 are supported by wolfSSL, along with, OpenSSL compatibility layer, wolfCrypt cryptography library, OCSP/CRL support, and a simple API. The solution cohabitates with desktop, enterprise, and cloud environments.

Highlights of the Embedded SSL/TLS Library:

  • Up to TLS 1.3 and DTLS 1.3
  • Full client and server support
  • Progressive list of supported ciphers
  • Key and Certificate generation
  • OCSP, CRL support
  • Commercially supported
  • Small size: 20-100kB
  • Runtime memory: 1-36kB
  • 20x smaller than OpenSSL
  • Abstraction Layers (OS, Custom I/O, Standard C library, and more)
  • Simple API
  • OpenSSL Compatibility Layer


  • SSL version 3.0 and TLS versions 1.0, 1.1, 1.2, and 1.3 (client and server)
  • DTLS versions 1.0, 1.2, and 1.3 (client and server)
  • Minimum footprint size of 20-100 kB, depending on build options and operating environment
  • Runtime memory usage between 1-36 kB (depending on I/O buffer sizes, public key algorithm, and key size)
  • OpenSSL compatibility layer
  • Simple API
  • QUIC support
  • OCSP, OCSP Stapling, and CRL support
  • Hybrid Public Key Encryption (HPKE) and Encrypted Client Hello (ECH)
  • Hash Functions:
  • MD2, MD4, MD5, SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA-3, RIPEMD-160, Poly1305
  • Block, Stream, and Authenticated Ciphers:
  • AES (CBC, CTR, OFB, XTS, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, ARC4, ChaCha20, XChaCha20
  • Public Key Algorithms:
  • Password-based Key Derivation: HMAC, PBKDF2
  • Curve25519 and Ed25519
  • ECC and RSA Key Generation
  • ECC curve types:
  • ECC key lengths:
  • 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521
  • Post Quantum Cryptography support, including:
  • Dilithium and FALCON Signature Schemes, SPHINCS+, Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
  • X.509v3 RSA and ECC Signed Certificate Generation
  • PEM and DER certificate support
  • Hash-based PRNG (Hash_DRBG)
  • Mutual authentication support (client/server)
  • PSK (Pre-Shared Keys)
  • Persistent session and certificate cache
  • zlib compression support
  • Interchangeable crypto and certificate libraries
  • Modular cryptography library (wolfCrypt)
  • Supported TLS Extensions:
  • SNI (Server Name Indication), Maximum Fragment Length, Truncated HMAC, Supported Elliptic Curves, ALPN (Application Layer Protocol Negotiation), Extended Master Secret
  • Standalone Certificate Manager
  • SRP (Secure Remote Password)
  • Asynchronous crypto support: Intel QuickAssist, Cavium Nitrox
  • Hardware Cryptography Support:
  • Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, Freescale/NXP (CAU, mmCAU, SEC, LTC), Microchip PIC32MZ, ARMv8, Renesas TSIP, ARM CryptoCell, PSA Crypto API, and more!
  • SSL Sniffer (SSL Inspection) Support
  • IPv4 and IPv6 support
  • Abstraction Layers / User Callbacks:
  • C Standard Library, Custom I/O, Memory hooks, Logging callbacks, User Atomic Record Layer Processing, Public Key
  • Open Source Project Integrations:
  • MySQL, OpenSSH, Apache httpd, nginx, wpa_supplicant, Open vSwitch, stunnel, Lighttpd, GoAhead, Mongoose, and more!
  • PKCS#1 (RSA Cryptography Standard) support
  • PKCS#3 (Diffie-Hellman Key Agreement Standard) support
  • PKCS#5 (Password-Based Encryption Standard) support
  • PKCS#7 (Cryptographic Message Syntax - CMS) support
  • PKCS#8 (Private-Key Information Syntax Standard) support
  • PKCS#9 (Selected Attribute Types) support
  • PKCS#10 (Certificate Signing Request - CSR) support
  • PKCS#11 (Cryptographic Token Interface) support
  • PKCS#12 (Certificate/Personal Information Exchange Syntax Standard) support

For more information, visit

Chad Cox. Production Editor, Embedded Computing Design, has responsibilities that include handling the news cycle, newsletters, social media, and advertising. Chad graduated from the University of Cincinnati with a B.A. in Cultural and Analytical Literature.

More from Chad