wolfSSL Embedded TLS Library

wolfSSL (formerly CyaSSL) is a free and open-source lightweight TLS library targeted at embedded and IoT environments, providing SSL/TLS and cryptography for resource-constrained devices. Developed by wolfSSL Inc. (formerly yaSSL, founded in 2004 by Larry Stefonic and Todd Ouska, headquartered in Bozeman, Montana), wolfSSL is written in C and designed for maximum portability, performance, and a small footprint. Key features: small footprint: wolfSSL compiles to as little as 30-100 KB of code space and 1-2 KB of RAM, making it suitable for microcontrollers (ARM Cortex-M, ESP32, AVR, PIC) and deeply embedded systems with limited resources. The footprint is configurable through compile-time options. TLS protocol: supports TLS 1.0, 1.1, 1.2, and 1.3 (RFC 8446). DTLS 1.2 and 1.3 for UDP-based secure communication. TLS 1.3 was added in version 4.0.0 (2019), making wolfSSL one of the first libraries to support TLS 1.3. Cryptographic algorithms: AES (CBC, GCM, CCM, CFB, OFB, ECB), ChaCha20-Poly1305, Camellia, RSA, DSA, ECDSA (NIST curves, Curve25519/Ed25519, Brainpool curves), Diffie-Hellman and ECDH, SHA-1/256/384/512, SHA-3/SHAKE, BLAKE2b, HKDF, HMAC, PBKDF2, and Argon2. Hardware acceleration: hardware crypto support for ARM Cortex-M (STM32, NXP, Microchip), Intel AES-NI, AVX1/AVX2, SPARC, and RISC-V vector crypto. FIPS 140-2 and 140-3 certified (Certificate #2425 for the wolfCrypt FIPS module), meeting US government cryptographic requirements. OpenSSL compatibility: provides a compatibility layer (wolfssl/openssl/ssl.h) that maps OpenSSL API calls to wolfSSL equivalents, easing migration. PKI: X.509 certificate generation, parsing, and verification. CRL and OCSP support. TLS extensions: SNI, ALPN, session resumption (session ID and tickets), and Server Name Indication. RTOS support: FreeRTOS, ThreadX, VxWorks, Zephyr, MQX. Cross-platform. GPLv2 (open source) / commercial license.