<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
	<title type="html"><![CDATA[wolfSSL - Embedded SSL Library]]></title>
	<link rel="self" href="https://www.wolfssl.com/forums/feed-atom.xml" />
	<updated>2026-07-01T17:47:41Z</updated>
	<generator>PunBB</generator>
	<id>https://www.wolfssl.com/forums/</id>
		<entry>
			<title type="html"><![CDATA[wolfPKCS11 2.1.0 released]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2540-wolfpkcs11-210-released-new-posts.html" />
			<summary type="html"><![CDATA[<p>We are pleased to announce the release of wolfPKCS11 2.1.0, a significant update that brings post-quantum cryptography to our PKCS#11 implementation, adds a CMake build system and Doxygen API documentation, and closes a large number of PKCS#11 specification compliance gaps. It also delivers a thorough round of memory-safety hardening, and expands our CI and interoperability testing.</p><p><span class="bbu"><strong>Post-quantum cryptography</strong></span><br />The headline feature in 2.1.0 is post-quantum support. wolfPKCS11 now supports both <strong>ML-DSA</strong>, the FIPS 204 signature scheme formerly known as Dilithium, and <strong>ML-KEM</strong>, the FIPS 203 key encapsulation mechanism formerly known as Kyber. ML-DSA support includes CKA_SEED based private key import, and the mechanism and identifier naming has been finalised to match the standardised algorithms.</p><p>With these additions, applications using wolfPKCS11 as their PKCS#11 provider can begin moving signing and key-establishment workflows onto quantum-resistant algorithms through the same standard interface they already use, with no change to the underlying integration model.</p><p><span class="bbu"><strong>CMake build support and API documentation</strong></span><br />Building wolfPKCS11 is now easier to fit into modern toolchains. This release adds a full <strong>CMake build system</strong> alongside the existing Autotools setup, and ships the CMake package configuration in the Debian -dev package so downstream projects can consume it cleanly.</p><p>We have also added <strong>Doxygen API documentation</strong> covering the PKCS#11 interface, giving developers a browsable reference for the supported functions, mechanisms, and attributes.</p><p><span class="bbu"><strong>PKCS#11 specification compliance</strong></span><br />A large part of this release is dedicated to closing compliance gaps against the PKCS#11 specification, many of them surfaced through negative testing and static analysis. Highlights include correct handling of CKR_OPERATION_ACTIVE, enforcement of CKA_EXTRACTABLE when wrapping a key, fixes to the SHA-512 truncated forms (SHA-512/224 and SHA-512/256), and a correction to CK_ULONG length truncation in C_GenerateRandom and C_SeedRandom. Several attribute defaults were also corrected to match the specification, along with the related C_DeriveKey, C_CopyObject, C_DestroyObject, encapsulation, and C_Login enforcement behaviour.</p><p><span class="bbu"><strong>Upgrading from 2.0</strong></span><br />Because some of these corrections change default attribute values, applications and stored tokens created against 2.0 may see different behaviour after upgrading. The pre-2.1 behaviour can be restored at build time using the following defines:<br /></p><ul><li><p>WOLFPKCS11_LEGACY_COPYABLE_FALSE_DEFAULT restores the old behaviour where an unset CKA_COPYABLE reads back as CK_FALSE (the PKCS#11 default is CK_TRUE).</p></li></ul><ul><li><p>WOLFPKCS11_LEGACY_PRIVATE_FALSE_DEFAULT restores the old behaviour where an unset CKA_PRIVATE reads back as CK_FALSE for private and secret keys, and disables the matching login-state check on object creation (the PKCS#11 default is CK_TRUE).</p></li></ul><ul><li><p>WOLFPKCS11_LEGACY_WRAP_TRUE_DEFAULT restores the old behaviour where an unset CKA_WRAP or CKA_UNWRAP defaults to CK_TRUE (the PKCS#11 default is CK_FALSE).</p></li></ul><p>We recommend testing against the new, spec-compliant defaults where possible, and reserving the legacy defines for cases where existing tokens or applications depend on the old values.</p><p><span class="bbu"><strong>Memory safety and hardening</strong></span><br />This release resolves a broad set of compliance and static-analysis findings identified by Fenrir, our internal code-scanning tooling, along with fixes for resource leaks and secure buffer erasing, as well as a number of smaller correctness issues.</p><p><span class="bbu"><strong>Testing, CI, and interoperability</strong></span><br />To keep these improvements locked in, we have expanded the test and CI coverage considerably. New work includes negative testing and validation across the API, a multi-call HMAC regression test, a C_VerifyRecover test, an interoperability test against wolfSSL master, and a wolfBoot integration test to catch regressions early. CI now also covers C++ builds, applies per-job timeouts across all workflows, and has been updated to track upstream dependency changes.</p><p><span class="bbu"><strong>With thanks</strong></span><br />Our thanks go to Denis Mingulov for contributing the C_GenerateRandom and C_SeedRandom length-truncation fix, and for reporting several of the issues addressed in this release.</p><p><span class="bbu"><strong>Get the release</strong></span><br />wolfPKCS11 2.1.0 is available now. You can find the full changelog and download the release from the <a href="https://github.com/wolfSSL/wolfPKCS11/releases/tag/v2.1.0-stable">wolfPKCS11 GitHub releases page</a>, or clone the repository directly for source access and integration.</p><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call us at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-07-01T17:47:41Z</updated>
			<id>https://www.wolfssl.com/forums/topic2540-wolfpkcs11-210-released-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[Announcing wolfCOSE 1.0.0]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2539-announcing-wolfcose-100-new-posts.html" />
			<summary type="html"><![CDATA[<p>We are excited to announce the first stable release of <a href="https://github.com/wolfSSL/wolfCOSE">wolfCOSE 1.0.0</a>, a complete, zero-allocation C implementation of CBOR (RFC 8949) and COSE (RFC 9052/9053) built on top of wolfCrypt. wolfCOSE brings standards-based signing, encryption, and authentication of CBOR data to even the smallest embedded targets, with a tiny footprint, no dynamic memory, and a clear path to FIPS 140-3.</p><p><span class="bbu"><strong>What is COSE?</strong></span><br />COSE (CBOR Object Signing and Encryption) is the compact, binary counterpart to JOSE/JWT. Where JOSE secures JSON, COSE secures CBOR, the concise binary data format used across IoT, firmware update (SUIT), attestation (EAT), W3C WebAuthn, and digital credentials. COSE is the cryptographic message format of choice when every byte and every allocation counts, which makes it a natural fit for the constrained devices wolfSSL has always targeted.</p><p><span class="bbu"><strong>A complete COSE implementation</strong></span><br />wolfCOSE 1.0.0 implements all six COSE message types from RFC 9052, in both single-actor and multi-actor forms:<br /></p><ul><li><p>COSE_Sign1 / COSE_Sign: single-signer and multi-signer signatures</p></li></ul><ul><li><p>COSE_Encrypt0 / COSE_Encrypt: single-recipient and multi-recipient encryption</p></li></ul><ul><li><p>COSE_Mac0 / COSE_Mac: single-key and multi-recipient authentication</p></li></ul><p>It ships with its own dependency-free <strong>CBOR engine</strong> (RFC 8949) that enforces deterministic/preferred encoding and rejects non-preferred or trailing input on decode, plus full <strong>COSE_Key / COSE_KeySet</strong> serialization, including complete RFC 8230 RSA private keys.</p><p><span class="bbu"><strong>40 algorithms, including post-quantum</strong></span><br />wolfCOSE 1.0.0 supports 40 algorithms across signing, encryption, MAC, and key distribution (RFC 9053):<br /></p><ul><li><p><strong>Signing</strong>: ES256/384/512, EdDSA (Ed25519/Ed448), PS256/384/512</p></li></ul><ul><li><p><strong>Encryption</strong>: AES-GCM (128/192/256), AES-CCM variants, ChaCha20-Poly1305</p></li></ul><ul><li><p><strong>MAC</strong>: HMAC-SHA256/384/512, AES-MAC</p></li></ul><ul><li><p><strong>Key distribution</strong>: Direct, AES Key Wrap, ECDH-ES + HKDF</p></li></ul><ul><li><p><strong>Post-quantum</strong>: ML-DSA-44/65/87</p></li></ul><p>Of particular note is <strong>standardized post-quantum signing</strong>: wolfCOSE implements <strong>ML-DSA (FIPS 204)</strong> at all three security levels, conformant to <strong>RFC 9964</strong> (“ML-DSA for JOSE and COSE”), using the RFC 9964 AKP key type. This lets you sign and verify CBOR objects with quantum-resistant signatures today, using the canonical, standards-track encoding.</p><p><span class="bbu"><strong>Built for embedded: zero allocation, tiny footprint</strong></span><br />wolfCOSE was designed from the start for deeply embedded use:<br /></p><ul><li><p><strong>Zero dynamic allocation</strong>. Every operation uses caller-provided buffers, with no heap and no hidden .data or .bss. Memory use is deterministic, which matters for safety-critical and FIPS deployments.</p></li></ul><ul><li><p><strong>Tiny footprint</strong>. An ES256 COSE_Sign1 build is roughly 5.1 KB verify-only and 6.8 KB sign + verify for the wolfCOSE COSE + CBOR engine.</p></li></ul><ul><li><p><strong>Lean configuration layer</strong>. WOLFCOSE_LEAN, WOLFCOSE_HAVE_* feature gates, verify-only profiles, and a bounded-stack WOLFCOSE_MIN_BUFFERS mode let you compile in only what you need. Verify-only ECC images link cleanly against sign-disabled wolfCrypt.</p></li></ul><p><span class="bbu"><strong>Quality and standards</strong></span><br /></p><ul><li><p><strong>Path to FIPS 140-3</strong> through wolfCrypt FIPS Certificate #4718. wolfCrypt is wolfCOSE’s sole cryptographic dependency.</p></li></ul><ul><li><p><strong>MISRA C:2012 and C:2023</strong> checked.</p></li></ul><ul><li><p>Extensively tested: ~240 algorithm-combination round-trips, static analysis (cppcheck, Clang analyzer, GCC -fanalyzer, Coverity), CodeQL and Semgrep security scanning, ASan/UBSan sanitizers, and a wolfCOSE ? t_cose wire-interop conformance suite.</p></li></ul><ul><li><p><strong>Standards implemented</strong>: RFC 8949 (CBOR), RFC 9052/9053 (COSE), RFC 8230 (RSA keys for COSE), and RFC 9964 (ML-DSA for JOSE and COSE).</p></li></ul><p><span class="bbu"><strong>Getting wolfCOSE</strong></span><br />wolfCOSE requires <strong>wolfSSL 5.8.0 or later</strong> as its crypto backend (post-quantum ML-DSA requires wolfSSL <strong>5.9.2</strong> or later). It is a Makefile-only project whose only dependency is wolfCrypt. Run make, make test, and you are running.</p><p>Source: <a href="https://github.com/wolfSSL/wolfCOSE">https://github.com/wolfSSL/wolfCOSE</a><br />Release: <a href="https://github.com/wolfSSL/wolfCOSE/releases/tag/v1.0.0">https://github.com/wolfSSL/wolfCOSE/releases/tag/v1.0.0</a><br />Documentation: see the project <a href="https://github.com/wolfSSL/wolfCOSE">README</a> and <a href="https://github.com/wolfSSL/wolfCOSE/wiki">wiki</a></p><p>wolfCOSE is dual-licensed under GPLv3 and a commercial license. If you are building a product and need commercial licensing, FIPS, or support, please reach out.</p><p> Have questions, or want to tell us about your COSE use case? Contact us any time at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or <a href="mailto:support@wolfssl.com">support@wolfssl.com</a>, or call +1 425 245 8247. We would love to hear what you are building.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-07-01T17:23:52Z</updated>
			<id>https://www.wolfssl.com/forums/topic2539-announcing-wolfcose-100-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfSSL 5.9.2 release blog]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2534-wolfssl-592-release-blog-new-posts.html" />
			<summary type="html"><![CDATA[<p><a href="https://github.com/wolfSSL/wolfssl/releases/tag/v5.9.2-stable">wolfSSL 5.9.2</a> has been released with a broad range of new features and enhancements around Post-Quantum Cryptography, crypto callback support, our Rust wrapper, and embedded hardware support. Similar to <a href="https://www.wolfssl.com/wolfssl-5-9-1-release-blog/">wolfSSL 5.9.1</a>, a large number of CVEs are addressed in this release, along with general bug fixes. Additionally, there are some security hardening behavior changes we want to note.</p><p><span class="bbu"><strong>Vulnerabilities</strong></span><br />This release addressed 32 CVEs in total, which is in line with the <a href="https://www.wolfssl.com/why-is-wolfssl-reporting-so-many-cves/">previously discussed trend</a> of AI-driven CVE reporting. While this is an increase in absolute number over the previous release, it is important to note a few points:<br /></p><ul><li><p>The number of [High] and [Critical] CVEs actually decreased.</p></li></ul><ul><li><p>The time between releases 5.9.2 and 5.9.1 (~ 2 months) was larger than between 5.9.1 and 5.9.0 (&lt; 1 month).</p></li></ul><ul><li><p>The [High] CVEs this release were more narrow in scope, constrained mainly to specific OpenSSL compatibility API, or features that are disabled by default.</p></li></ul><p>Use cases that are affected by [High] severity CVEs are: X509 verification with –enable-opensslextra with the API X509_verify_cert(), DTLS 1.3, the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) with TLS 1.3, X509 chain validation with Raw Public Key support (HAVE_RPK), and the OpenSSL compatibility API PKCS7_verify().</p><p>We would like to thank the many researchers from teams at NVIDIA Project Vanessa, Anthropic, UC Berkeley Sky Lab, as well as all the many independent contributors who responsibly disclosed these vulnerabilities.</p><p>See our <a href="https://www.wolfssl.com/docs/security-vulnerabilities/">wolfSSL Vulnerability</a> page for the full list.</p><p><span class="bbu"><strong>New Features</strong></span><br /></p><ul><li><p><a href="https://github.com/wolfSSL/wolfssl/pull/10066">wolfCrypt SRAM PUF</a> (Physically Unclonable Function) support, deriving device-unique keys from SRAM power-on state using a BCH fuzzy extractor and HKDF (wc_PufInit, wc_PufEnroll, wc_PufReconstruct).</p></li></ul><ul><li><p><a href="https://github.com/wolfSSL/wolfssl/pull/10009">wolfCrypt SHE</a> (Secure Hardware Extension) support for the <a href="https://www.autosar.org/fileadmin/standards/R21-11/FO/AUTOSAR_TR_SecureHardwareExtensions.pdf">SHE key management standard</a>.</p></li></ul><p><span class="bbu"><strong>Security Hardening / Behavior changes</strong></span><br /></p><ul><li><p>FIPS 205 SLH-DSA: The SLH-DSA sign/verify hash APIs <a href="https://github.com/wolfSSL/wolfssl/pull/10450">now take a pre-hashed message digest</a> instead of a raw message (callers must now hash the message before invoking these APIs). This brings SLH-DSA’s behavior in line with ML-DSA’s wc_dilithium_{sign,verify}_ctx_hash API, as well as NIST’s ACVP signature interface.</p></li></ul><ul><li><p>FIPS 204 ML-DSA: We <a href="https://github.com/wolfSSL/wolfssl/pull/10436">renamed</a> the post-quantum signature implementation from its pre-standardization name Dilithium to its NIST-standardized name ML-DSA (mirroring the earlier Kyber to ML-KEM rename). The header wolfssl/wolfcrypt/dilithium.h remains for now as a temporary compatibility shim.</p></li></ul><ul><li><p>Our CmacVerify APIs <a href="https://github.com/wolfSSL/wolfssl/pull/10462">were hardened</a> to more closely conform to <a href="https://csrc.nist.gov/pubs/sp/800/38/b/upd1/final">NIST SP 800-38B</a> MAC length guidance, and these verify functions will now correctly enforce bounds on tag length checks.</p></li></ul><ul><li><p><a href="https://github.com/wolfSSL/wolfssl/pull/10595">RSA-PSS decoding was hardened</a> to better conform to RFC 8017 A.2.3 guidance on trailer bits.</p></li></ul><p><span class="bbu"><strong>Crypto Callbacks</strong></span><br /></p><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/9851">WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY</a> generic crypto callback utilities.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10351">wc_swdev</a>, a software CryptoCb device used by our test programs to exercise WOLF_CRYPTO_CB_ONLY_* builds.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10550">WOLF_CRYPTO_CB_ONLY_SHA512</a> support.</p></li></ul><ul><li><p>Added CryptoCb support for <a href="https://github.com/wolfSSL/wolfssl/pull/10466">SLH-DSA</a>.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10380">crypto callback support</a> for LMS and XMSS (crucial to their stateful management!).</p></li></ul><ul><li><p>Added support for <a href="https://github.com/wolfSSL/wolfssl/pull/10246">zeroizing AES session keys</a> in TLS 1.3 with WOLF_CRYPTO_CB_AES_SETKEY.</p></li></ul><p><span class="bbu"><strong>Post Quantum Cryptography</strong></span><br /></p><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/9843">SHA-512 DRBG and FIPS module-boundary wrappers</a> for ML-KEM, ML-DSA, LMS, XMSS, and SLH-DSA as part of the upcoming post-quantum FIPS submission.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10572">support for RFC 9802</a> LMSS / XMSS in X.509 certificate and CSR generation.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10077">ML-KEM support for PKCS11</a>.</p></li></ul><p><span class="bbu"><strong>Hardware and Embedded Ports</strong></span><br /></p><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10278">NXP LPC55S69 hardware crypto</a> support.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10361">STM32U3 hardware crypto</a> support.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10268">Zephyr 4.3 default TLS-socket</a> support.</p></li></ul><p><span class="bbu"><strong>Rust Wrapper</strong></span><br /></p><ul><li><p>Added Rust crate trait implementations for: <a href="https://github.com/wolfSSL/wolfssl/pull/10070">rand_core, aead, and cipher, digest and signature</a>, and <a href="https://github.com/wolfSSL/wolfssl/pull/10305">password-hash, kem, and mac</a>.</p></li></ul><ul><li><p>Added <a href="https://github.com/wolfSSL/wolfssl/pull/10556">scrypt KDF and RSA-OAEP</a>support.</p></li></ul><p><span class="bbu"><strong>Pruning / Cleanup</strong></span><br /></p><ul><li><p>The liboqs integrations for ML-KEM and ML-DSA <a href="https://github.com/wolfssl/wolfssl/pull/10293">were removed</a>.</p></li></ul><ul><li><p>The liboqs SPHINCS+ implementation <a href="https://github.com/wolfSSL/wolfssl/pull/10261">was replaced</a> with our own SLH-DSA.</p></li></ul><ul><li><p>The external liblms / libxmss integrations <a href="https://github.com/wolfSSL/wolfssl/pull/10292">were removed</a> (we’ve had our own <a href="https://www.wolfssl.com/wolfcrypt-implementations-of-lms-hss-and-xmss-xmssmt-signatures-build-options-and-benchmarks-intel-x86/">more performant</a> implementations for a while).</p></li></ul><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call us at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-06-29T21:12:42Z</updated>
			<id>https://www.wolfssl.com/forums/topic2534-wolfssl-592-release-blog-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[MQTT QoS 1 Message Duplication After Reconnect]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2532-mqtt-qos-1-message-duplication-after-reconnect-new-posts.html" />
			<summary type="html"><![CDATA[<p>Hi everyone,</p><p>I&#039;m testing wolfMQTT on an embedded device that uses a cellular connection. When the network drops briefly and the client reconnects, I occasionally receive duplicate MQTT messages that were originally published with QoS 1.</p><p>My application stores packet IDs and acknowledges messages correctly, but duplicates still appear after reconnection in some cases.</p><p>Does wolfMQTT provide any built-in mechanism or recommended approach for tracking and filtering duplicate QoS 1 messages across reconnect events, especially when using persistent sessions (clean session disabled)?</p><p>If anyone has implemented this successfully on resource-constrained devices, I&#039;d appreciate hearing about your experience.</p><p>Thanks!</p>]]></summary>
			<author>
				<name><![CDATA[LoganParkerp]]></name>
				<uri>https://www.wolfssl.com/forums/user8931.html</uri>
			</author>
			<updated>2026-06-25T06:39:27Z</updated>
			<id>https://www.wolfssl.com/forums/topic2532-mqtt-qos-1-message-duplication-after-reconnect-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfSSL with wolfIP]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2530-wolfssl-with-wolfip-new-posts.html" />
			<summary type="html"><![CDATA[<p>I&#039;m experimenting with using wolfSSL and wolfIP. When calling wolfSSL_connect() I get a failure with the log message &quot;Your IO Send callback is null, please set&quot;.</p><p>I can see this is something to do with wolfSSL_SetIOWriteCTX(), but I&#039;m not entirely sure what value to use - I&#039;m a novice with wolfSSL. </p><p>Are there specific values I should set to link the two components together?</p>]]></summary>
			<author>
				<name><![CDATA[ah346743]]></name>
				<uri>https://www.wolfssl.com/forums/user8832.html</uri>
			</author>
			<updated>2026-06-11T12:11:55Z</updated>
			<id>https://www.wolfssl.com/forums/topic2530-wolfssl-with-wolfip-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfCLU 0.2.0 release]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2523-wolfclu-020-release-new-posts.html" />
			<summary type="html"><![CDATA[<p><a href="https://www.wolfssl.com/products/wolfclu/">wolfCLU release 0.2.0</a> is now available. Major feature additions were added; dual-algorithm certificates, a full OCSP client/responder, a cross-platform test suite, and a large round of security hardening.</p><p><strong>Highlights:</strong><br /></p><ul><li><p>Chimera (dual-algorithm) certificates. wolfCLU can now generate Chimera certificates carrying both a conventional and a post-quantum signature on a single X.509 cert, so one certificate satisfies both classical and PQC-aware verifiers. (<a href="https://github.com/wolfSSL/wolfCLU/pull/182">PR 182</a>, @Yu-Ma28051503)</p></li></ul><ul><li><p>OCSP client and responder. New OCSP client and responder, both with HTTP and SCGI transports. SCGI lets the responder be fronted by nginx in production. (<a href="https://github.com/wolfSSL/wolfCLU/pull/200">PR 200</a>, @julek-wolfssl)</p></li></ul><ul><li><p>Cross-platform Python tests. The shell-based test suite was ported to Python (unittest), so it now runs on Windows in addition to Linux and macOS. (<a href="https://github.com/wolfSSL/wolfCLU/pull/215">PR 215</a>, @julek-wolfssl)</p></li></ul><ul><li><p>Explicit key files for enc. The enc command now accepts an explicit key file instead of deriving the key from a password. (<a href="https://github.com/wolfSSL/wolfCLU/pull/224">PR 224</a>, @embhorn)</p></li></ul><p><strong>Security Hardening:</strong><br />A large set of fixes from static analysis using wolfSSL internal Fenrir project: out-of-bounds writes in argv processing, a stack buffer overflow in encryption setup, a shell command injection, a use-after-free, a potential double-free, a heap buffer over-read, plus numerous null-pointer and sanity-check fixes across command and init paths. (PRs 202–223; @miyazakh, @aidangarske, @JacobBarthelmeh, @yosuke-wolfssl, and others)</p><p><strong>Other Changes:</strong><br />ML-DSA sign/verify now passes a context for OpenSSL interop (<a href="https://github.com/wolfSSL/wolfCLU/pull/195">PR 195</a>), the post-quantum groups list was updated to match the latest wolfSSL (<a href="https://github.com/wolfSSL/wolfCLU/pull/209">PR 209</a>), and there were assorted fixes to the enc, pkey, req, and ECC sign/verify paths along with expanded test coverage and README updates. See the full commit log for details.</p><p><a href="https://www.wolfssl.com/download/">Download</a> wolfCLU now and contact <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> for any questions.</p><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com ">facts@wolfssl.com </a>or call us at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-05-29T19:34:05Z</updated>
			<id>https://www.wolfssl.com/forums/topic2523-wolfclu-020-release-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfPSA 5.9.1: PSA Compatibility Powered by wolfCrypt]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2516-wolfpsa-591-psa-compatibility-powered-by-wolfcrypt-new-posts.html" />
			<summary type="html"><![CDATA[<p>wolfSSL is excited to announce the first official release of <strong>wolfPSA 5.9.1</strong>, a wolfCrypt-backed implementation of the Arm PSA interfaces for embedded and connected systems.</p><p><span class="bbu"><strong>What is PSA?</strong></span><br />PSA, or Platform Security Architecture, defines standard interfaces for security services used in embedded systems. In practice, PSA gives applications, RTOSes, secure firmware, and test frameworks a common way to request cryptography and attestation services without tying the application to one specific secure-world implementation.</p><p>wolfPSA provides this compatibility layer on top of wolfCrypt. It acts as a PSA Crypto engine interface for operations such as random generation, key management, hashing, MAC, cipher, AEAD, signatures, key agreement, and key derivation. It also exposes the PSA Initial Attestation interface expected by PSA-based systems, helping projects build against a standard API surface while relying on wolfSSL components underneath.</p><p><span class="bbu"><strong>What is included in wolfPSA 5.9.1?</strong></span><br />wolfPSA 5.9.1 is the initial public wolfPSA release and follows the wolfSSL 5.9.1 version numbering. This release includes:</p><ul><li><p>PSA Crypto API entry points implemented in C on top of wolfCrypt</p></li></ul><ul><li><p>Static and shared builds: libwolfpsa.a and libwolfpsa.so</p></li></ul><ul><li><p>PSA lifecycle, RNG, key management, persistent key storage, cipher, AEAD, hash, MAC, asymmetric crypto, key derivation, and TLS 1.3 PRF/HKDF support</p></li></ul><ul><li><p>Algorithm coverage including AES, ChaCha20, ChaCha20-Poly1305, SHA-1/SHA-2/SHA-3, HMAC, CMAC, RSA, ECC/ECDSA/ECDH, Curve25519/Curve448, Ed25519/Ed448, and configured compatibility options</p></li></ul><ul><li><p>Integration points for post-quantum and hash-based algorithms when enabled in wolfCrypt, including ML-KEM, ML-DSA, LMS, and XMSS</p></li></ul><ul><li><p>Standalone tests and demos, including PSA API calls, PSA-backed wolfCrypt benchmarking, and TLS examples using PSA-managed keys</p></li></ul><p><span class="bbu"><strong>First demo use case: wolfBoot secure domain + Zephyr</strong></span><br />One of the first application-side integration cases for wolfPSA is the <a href="https://www.wolfssl.com/replacing-tf-m-on-armv8-m-wolfboot-secure-domain-wolfpsa-now-integrated-with-zephyr-for-cra-compliance/">wolfBoot TrustZone-M secure domain work for Zephyr</a>.</p><p>In this model, wolfBoot runs in the ARMv8-M secure world and provides the secure boot, firmware update, and secure service boundary. wolfPSA is hosted inside that secure domain, while Zephyr runs in the non-secure world and calls PSA Crypto APIs through the wolfBoot-backed TEE/NSC interface.</p><p>This demonstrates wolfPSA as more than a standalone library: it becomes a compatibility layer for PSA-aware applications and RTOS environments, while allowing wolfBoot and wolfCrypt to anchor the cryptographic boundary in the secure domain.</p><p><span class="bbu"><strong>Availability</strong></span><br />wolfPSA 5.9.1 is available now. It is designed for teams building PSA-compatible embedded systems, Zephyr TrustZone designs, secure boot chains, and products that want wolfCrypt-backed cryptography behind a standard PSA-facing API.</p><p>For questions about wolfPSA, wolfBoot secure-domain integration, licensing, or commercial support, contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-05-01T18:05:52Z</updated>
			<id>https://www.wolfssl.com/forums/topic2516-wolfpsa-591-psa-compatibility-powered-by-wolfcrypt-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfCrypt JNI/JCE 1.10.0 Now Available]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2515-wolfcrypt-jnijce-1100-now-available-new-posts.html" />
			<summary type="html"><![CDATA[<p><a href="https://www.wolfssl.com/products/wolfcrypt-jni-jce/">wolfCrypt JNI/JCE 1.10.0</a> is now available for <a href="https://www.wolfssl.com/download/">download</a>! This release brings new JCE Cipher support for RSA OAEP padding schemes and RSA key wrapping (WRAP/UNWRAP modes), a PKIX CertPathBuilder implementation using native wolfSSL X.509 functionality, default FIPS error callback registration, new JNI utilities for hex string conversion and PEM-to-DER, enhanced WolfSSLX509StoreCtx methods, and two new system properties for flexible native library loading and OCSP/CRL timeouts. Along with these additions, 1.10.0 delivers extensive bug fixes, memory-safety improvements, FIPS compliance enhancements, and an expanded testing matrix.</p><p><strong>New JCE Functionality:</strong><br /></p><ul><li><p>Add Cipher RSA/ECB/OAEPWithSHA-256AndMGF1Padding support</p></li></ul><ul><li><p>Add Cipher RSA/ECB/OAEPWithSHA-1AndMGF1Padding support</p></li></ul><ul><li><p>Add Cipher WRAP_MODE and UNWRAP_MODE support for RSA-based key wrapping</p></li></ul><ul><li><p>Add PKIX CertPathBuilder implementation using native wolfSSL X509_STORE</p></li></ul><ul><li><p>Add jdk.certpath.disabledAlgorithms enforcement to CertPathBuilder and CertPathValidator</p></li></ul><ul><li><p>Register default FIPS error callback in WolfCryptProvider for FIPS error debugging</p></li></ul><ul><li><p>Enrich WolfCryptException with FIPS module status for FIPS_NOT_ALLOWED_E errors</p></li></ul><ul><li><p>Add Java 9+ module support (JPMS) for jlink compatibility</p></li></ul><p><strong>New JNI Functionality:</strong><br /></p><ul><li><p>Add hex string conversion via WolfCrypt.toHexString() and WolfCrypt.hexStringToByteArray()</p></li></ul><ul><li><p>Add PEM to DER conversion support for keys and certificates</p></li></ul><ul><li><p>Add setFlags() and setVerificationTime() methods to WolfSSLX509StoreCtx</p></li></ul><p><strong>New Property Support:</strong><br /></p><ul><li><p><strong>wolfssl.skipLibraryLoad System property</strong> – Skip automatic System.loadLibrary() calls for advanced embedding scenarios</p></li></ul><ul><li><p><strong>wolfjce.ioTimeout System property</strong> – Configure OCSP/CRL IO timeouts</p></li></ul><p><strong>Bug Fixes &amp; Reliability Improvements</strong><br />Beyond the new features, version 1.10.0 includes a substantial set of bug fixes and reliability improvements focused on FIPS error visibility, cryptographic correctness, input validation, and memory safety:</p><ul><li><p>Fixed FIPS error callback lifecycle (including proper deregistration in JNI_OnUnload)</p></li></ul><ul><li><p>Corrected Ed25519 signature length handling, RSA public-key flattening/export, unsigned return values, and pointer casts</p></li></ul><ul><li><p>Added HMAC/ByteBuffer/offset-length bounds validation, improved NULL checks, and missing releaseByteArray() calls across ECC, RSA, ChaCha, and AES-GCM</p></li></ul><ul><li><p>Implemented defensive copies of IV arrays, constant-time GMAC tag verification, secure zeroization of keys and buffers, and proper cleanup for AES-CTR/AES-OFB/GMAC</p></li></ul><ul><li><p>Fixed signed integer overflow risks in bounds checks, DH key export paths, ECC private-key import curve handling, and reduced unnecessary WC_RNG allocations</p></li></ul><ul><li><p>Expanded FIPS-compliant SecureRandom sanitization and fixed threaded MessageDigest hangs on FIPS errors</p></li></ul><p><strong>Expanded Testing &amp; CI Infrastructure</strong><br />CI coverage has been expanded with new workflows and modern platform support:</p><ul><li><p><strong>Java 24</strong> and <strong>25</strong> tests added to GitHub Actions workflows</p></li></ul><ul><li><p><strong>Linux 32-bit testing</strong> with Java 17 via GitHub workflow</p></li></ul><ul><li><p>UndefinedBehaviorSanitizer (<strong>UBSan</strong>) GitHub workflow</p></li></ul><ul><li><p><strong>SpotBugs</strong> static analysis target and dedicated GitHub Actions workflow</p></li></ul><ul><li><p><strong>Android FIPS Ready</strong> automated emulator testing via GitHub workflow</p></li></ul><ul><li><p><strong>Java 9+ module (JPMS)</strong> testing workflow</p></li></ul><ul><li><p>Improved JUnit test reliability for FIPS mode and CI environments</p></li></ul><p><strong>New Examples</strong><br /></p><ul><li><p>Added CertPathBuilder and CertPathValidator example demonstrating PKIX path building and validation with disabledAlgorithms enforcement</p></li></ul><ul><li><p>Updated Android example project: migrated from jcenter() to mavenCentral() and AndroidX, added Gradle wrapper with distributionSha256Sum, JKS-to-BKS KeyStore conversion script for testing, and CMakeLists.txt exclusion list updates</p></li></ul><p>wolfCrypt JNI/JCE 1.10.0 can be downloaded from the <a href="https://www.wolfssl.com/download/">wolfSSL download page</a>, and an updated version of the wolfCrypt JNI/JCE User Manual can be found <a href="https://www.wolfssl.com/download/">here</a>. Full details on this release can be seen in the <a href="https://github.com/wolfSSL/wolfcrypt-jni/blob/master/ChangeLog.md">ChangeLog.md</a> on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at <a href="mailto:support@wolfssl.com">support@wolfssl.com</a>.</p><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call us at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-04-28T23:05:51Z</updated>
			<id>https://www.wolfssl.com/forums/topic2515-wolfcrypt-jnijce-1100-now-available-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfSSL JNI/JSSE 1.17.0 Now Available]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2514-wolfssl-jnijsse-1170-now-available-new-posts.html" />
			<summary type="html"><![CDATA[<p><a href="https://www.wolfssl.com/products/wolfssl-jni-jsse/">wolfSSL JNI/JSSE 1.17.0</a> is now available for <a href="https://www.wolfssl.com/download/">download</a>! This release brings JSSE?level PSK support, Java Platform Module System (JPMS) compatibility, SSLEngine hardening, a large expansion of X.509 and CRL capabilities at the JNI layer, and two new properties for FIPS and native library loading. Along with the new functionality, 1.17.0 contains a substantial set of bug fixes, compatibility improvements, and stability changes driven by AI-facilitated analysis and test integrations with Spring Boot, Netty, and OkHttp.</p><p><strong>New JSSE Functionality</strong><br /></p><ul><li><p><strong>Pre-Shared Key (PSK) support</strong> – Full JSSE-level PSK via WolfSSLParameters for SSLSocket and SSLEngine (client and server).</p></li></ul><ul><li><p><strong>Java 9+ Module System (JPMS) support</strong> – Conditional module-info.java compilation for jlink compatibility.</p></li></ul><ul><li><p><strong>Trust and KeyStore enhancements</strong> — CertPathTrustManagerParameters and KeyStoreBuilderParameters now supported in WolfSSLTrustManager.</p></li></ul><p><strong>New JNI Functionality &amp; Certificate APIs</strong><br /></p><ul><li><p>Extract SNI directly from a raw ClientHello buffer with WolfSSL.getSNIFromBuffer()</p></li></ul><ul><li><p>RSA-PSS sign/verify and RSA sign-check PK callback support.</p></li></ul><ul><li><p>Basic Constraints pathLen parameter in WolfSSLCertificate / WolfSSLCertRequest.addExtension().</p></li></ul><ul><li><p>Full CRL generation and decode wrappers in WolfSSLCRL.</p></li></ul><ul><li><p>Extended X.509 support:<br /></p><ul><li><p>SKID, AKID, CRL Distribution Points, and Netscape Cert Type extensions.</p></li></ul><ul><li><p>Name Constraints via new WolfSSLNameConstraints / WolfSSLGeneralName classes.</p></li></ul><ul><li><p>Extended AIA interface for separate OCSP and CA Issuer URL retrieval.</p></li></ul><ul><li><p>WolfSSLAltName class with full SAN parsing (including otherName for MS AD UPN, iPAddress, and directoryName).</p></li></ul></li></ul><p><strong>New Configuration Properties</strong><br /></p><ul><li><p><strong>wolfjsse.skipFIPSCAST Security property</strong> – Skip automatic FIPS CAST execution during wolfJSSE initialization.</p></li></ul><ul><li><p><strong>wolfssl.skipLibraryLoad System property</strong> – Skip automatic System.loadLibrary() calls for advanced embedding scenarios.</p></li></ul><p><strong>Bug Fixes &amp; Reliability Improvements</strong><br />This release includes numerous stability and compatibility fixes, particularly for SSLEngine and SSLSocket:</p><ul><li><p>Improved SSLEngine buffer handling (BUFFER_UNDERFLOW/OVERFLOW), close/shutdown state transitions, and handshake status reporting.</p></li></ul><ul><li><p>Better SNI handling, session timeout behavior, and principal return types (X500Principal).</p></li></ul><ul><li><p>Spring Boot and Netty compatibility improvements (SSLHandshakeException on handshake errors, SSLEngine(host, -1) support).</p></li></ul><ul><li><p>Multiple null-pointer, memory-leak, and thread-safety fixes in native callbacks and FIPS error handling.</p></li></ul><ul><li><p>Cipher suite filtering aligned with jdk.tls.disabledAlgorithms and TLS version configuration.</p></li></ul><ul><li><p>Various edge-case fixes for PSK, certificate loading, and high file descriptor handling.</p></li></ul><p><strong>Expanded Testing &amp; CI Infrastructure</strong><br /></p><ul><li><p><strong>Static analysis</strong> – New SpotBugs build target and GitHub Actions workflow.</p></li></ul><ul><li><p><strong>Android FIPS Ready</strong> – Automated Android emulator testing via GitHub workflow.</p></li></ul><ul><li><p><strong>Sanitizers</strong> – UndefinedBehaviorSanitizer (UBSan) GitHub workflow.</p></li></ul><ul><li><p><strong>Linux 32-bit testing</strong> with Java 17 via GitHub workflow.</p></li></ul><ul><li><p>Expanded test matrix support for <strong>Java 24 and 25</strong>.</p></li></ul><ul><li><p><strong>Module system and build verification</strong> – JPMS (Java Module System) testing workflow.</p></li></ul><p><strong>New Examples &amp; Testing</strong><br /></p><ul><li><p>PSK client/server examples for both SSLSocket and SSLEngine.</p></li></ul><ul><li><p>DualProviderFIPSTest demonstrating wolfJSSE + wolfJCE dual-provider FIPS usage.</p></li></ul><ul><li><p>Updated Android example with TLS connection and FIPS error callback support.</p></li></ul><p>wolfSSL JNI/JSSE 1.17.0 can be downloaded from the <a href="https://www.wolfssl.com/download/">wolfSSL download page</a>, and an updated version of the wolfSSL JNI/JSSE User Manual can be found <a href="https://www.wolfssl.com/documentation/manuals/wolfssljni/">here</a>. Full details on this release can be seen in the <a href="https://github.com/wolfSSL/wolfssljni/blob/master/ChangeLog.md">ChangeLog.md</a> on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at <a href="mailto:support@wolfssl.com">support@wolfssl.com</a>.</p><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call us at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-04-27T23:25:01Z</updated>
			<id>https://www.wolfssl.com/forums/topic2514-wolfssl-jnijsse-1170-now-available-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[Announcing wolfTPM v4.0.0]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2513-announcing-wolftpm-v400-new-posts.html" />
			<summary type="html"><![CDATA[<p><a href="https://www.wolfssl.com/products/wolftpm/">wolfTPM v4.0.0</a> is our largest release to date. It delivers three headline capabilities:</p><ul><li><p><strong>Firmware TPM (fwTPM)</strong> – a portable TPM 2.0 built on wolfCrypt.</p></li></ul><ul><li><p><strong>SPDM Secured Transport</strong> – encrypted host-to-TPM communication.</p></li></ul><ul><li><p><strong>ST33 TPM 2.0 Firmware Update</strong> – new update tool for STMicro ST33KTPM2X.</p></li></ul><p>All three are powered by the same wolfCrypt engine trusted in FIPS 140-3 and DO-178C DAL A deployments.</p><p><span class="bbu"><strong>Feature 1: Firmware TPM (fwTPM)</strong></span><br />The fwTPM is a portable TPM 2.0 command processor. It is implemented entirely on top of wolfCrypt. It covers 105 of 113 commands in the TPM 2.0 v1.38 specification (93%). The full object, session, policy, attestation, PCR, and NV families are included.</p><p>Use it as a drop-in replacement for a discrete TPM chip. Or use it in CI as a replacement for external simulators like the Microsoft TPM simulator and IBM swTPM.</p><p><strong>Why It Matters</strong><br /></p><ul><li><p><strong>Reduce BOM and physical attack surface</strong>. Parts that never shipped with a TPM can now gain TPM services. No extra chip. No exposed bus.</p></li></ul><ul><li><p><strong>Portability</strong>. The same fwTPM runs on a Cortex-M in TrustZone, a dedicated RPU on an MPSoC, a hardened RISC-V core, or an FPGA soft core.</p></li></ul><ul><li><p><strong>Supply-chain integrity</strong>. Your TPM becomes part of your signed firmware image. No separate silicon vendor in the trust path.</p></li></ul><ul><li><p><strong>Same crypto you already trust</strong>. RSA, ECC, SHA-2/3, AES, and HMAC all come from the FIPS 140-3 wolfCrypt module, qualifiable to DO-178C DAL A for avionics.</p></li></ul><p><strong>Where fwTPM Runs</strong></p><p>fwTPM is designed to live in an isolated execution environment. Proven homes include:<br /></p><ul><li><p><strong>Microchip PolarFire SoC (MPFS250T)</strong> – Run in FPGA with Mi-V RISC-V soft-core or run in a dedicated core (E51 Monitor or U54)</p></li></ul><ul><li><p><strong>Arm TrustZone-M</strong>. Reference port on STMicro STM32H5 (NUCLEO-H563ZI). TrustZone-M gives isolated code, data, flash, and crypto peripherals.</p></li></ul><ul><li><p><strong>AMD/Xilinx Zynq UltraScale+ MPSoC and Versal Gen 1 / Gen 2</strong>. Multiple deployment options on the same part: Arm TrustZone on the APU, a dedicated Cortex-R5F (UltraScale+) or R52 (Versal Gen 2) on the RPU, or a MicroBlaze V (RISC-V) soft core.</p></li></ul><ul><li><p><strong>AMD Spartan UltraScale+</strong> (MicroBlaze V or Cortex-M1 soft core)</p></li></ul><ul><li><p><strong>Altera Agilex 5</strong> (Nios V soft core). TPM functionality entirely inside programmable logic.</p></li></ul><p><strong>Integration</strong><br /></p><ul><li><p><strong>Transports</strong>: Socket mssim or swtpm (auto detected), shared memory IO and register-level TIS for bare-metal SPI, I2C or UART.</p></li></ul><ul><li><p><strong>NV storage</strong>: File-backed on hosted systems. HAL callback for embedded flash. TLV journal format suits wear-levelled flash.</p></li></ul><ul><li><p><strong>Footprint knobs</strong>: Features can be disabled if not required to reduce code size. Attestation, Policy, NV, Credential, Dictionary Attack.</p></li></ul><p><span class="bbu"><strong>Feature 2: SPDM Secured Transport</strong></span><br />When a TPM speaks to its host over a PCB trace, that trace is attackable. SPDM closes the gap. Commands and responses ride over a vendor-defined TCG channel. The channel is encrypted with AES-256-GCM and integrity-checked on every packet.</p><p><strong>What’s New</strong><br /></p><ul><li><p><strong>Vendors</strong>: Nuvoton NPCT75x and Nations Technologies NS350. (More coming soon)</p></li></ul><ul><li><p><strong>Session modes</strong>:<br /></p><ul><li><p>Identity-key mode over ECDH P-384, on both NPCT75x and NS350.</p></li></ul><ul><li><p>PSK mode on NS350.</p></li></ul></li></ul><ul><li><p><strong>Auto-connect with SPDM-only lock-down</strong>. Once locked, wolfTPM establishes the encrypted session on every open. Plaintext commands are rejected.</p></li></ul><ul><li><p><strong>New spdm_ctrl utility</strong>. Full lifecycle: enable, disable, provision PSK, clear PSK, lock, unlock.</p></li></ul><p><strong>Why It Matters</strong><br />Anywhere the TPM is physically accessible – servers in colocation, defense platforms, medical devices, industrial controllers, in-vehicle ECUs – SPDM closes the last-inch attack surface.</p><p><span class="bbu"><strong>Feature 3: ST33 TPM 2.0 Firmware Update</strong></span><br />STMicro’s ST33KTPM2X introduced a new Generation 2 firmware format using LMS signing. wolfTPM v4.0.0 adds the st33_fw_update example tool for supporting firmware updates on older Gen 1 and newer Gen 2 firmware versions. See examples/firmware/README.md for usage.</p><p><span class="bbu"><strong>Other v4.0.0 Release Improvements</strong></span></p><p><strong>New HALs</strong><br /></p><ul><li><p>Raspberry Pi 4 hardware SPI</p></li></ul><ul><li><p>U-Boot (tpm_io_uboot.c)</p></li></ul><ul><li><p>Espressif ESP-IDF SPI</p></li></ul><ul><li><p>Linux auto-detection between /dev/tpmX and direct SPI</p></li></ul><p><strong>Hardening</strong><br /></p><ul><li><p>Fenrir and Coverity findings addressed across tpm2_wrap, tpm2_packet, tpm2_asn, NV, session auth, SPDM, and fwTPM paths.</p></li></ul><ul><li><p>ForceZero on every sensitive stack buffer.</p></li></ul><ul><li><p>Constant-time export for ECDH shared secrets and ECC signature r/s.</p></li></ul><ul><li><p>Short-circuit OR removed from all auth paths.</p></li></ul><ul><li><p>Bounds checks and NULL-deref guards across ASN.1, PCR, and key-load code.</p></li></ul><p><strong>CI</strong><br /></p><ul><li><p>ASan and UBSan sanitizer jobs.</p></li></ul><ul><li><p>Pedantic gcc and clang matrices.</p></li></ul><ul><li><p>macOS and Windows fwTPM builds.</p></li></ul><ul><li><p>Weekly libFuzzer plus per-PR smoke.</p></li></ul><p><span class="bbu"><strong>Coming Soon: TPM 2.0 v1.85 Post-Quantum</strong></span></p><p>Right behind this release. Post-quantum algorithms from TPM 2.0 v1.85 are landing in both the fwTPM server and the wolfTPM client library:<br /></p><ul><li><p><strong>ML-KEM (Kyber)</strong> for key encapsulation</p></li></ul><ul><li><p><strong>ML-DSA (Dilithium)</strong> for signatures</p></li></ul><p>Why now? Harvest-Now-Decrypt-Later (HNDL) mitigation for long-lived device identity keys. Deploy fwTPM today. Get a drop-in PQC upgrade path without respinning silicon.</p><p><span class="bbu"><strong>Getting Started</strong></span><br /></p><div class="codebox"><pre><code>git clone https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM
git checkout v4.0.0
./configure --enable-fwtpm
make &amp;&amp; make check</code></pre></div><ul><li><p>Source and tag: <a href="https://github.com/wolfSSL/wolfTPM">https://github.com/wolfSSL/wolfTPM</a> (tag v4.0.0)</p></li></ul><ul><li><p><a href="https://github.com/wolfSSL/wolfTPM/blob/master/ChangeLog.md">Changelog</a>: ChangeLog.md</p></li></ul><ul><li><p><a href="https://github.com/wolfSSL/wolfTPM/blob/master/src/fwtpm/README.md">fwTPM deep-dive</a>: src/fwtpm/README.md</p></li></ul><ul><li><p><a href="https://github.com/wolfSSL/wolfTPM/blob/master/src/spdm/README.md">SPDM deep-dive</a>: src/spdm/README.md</p></li></ul><ul><li><p><a href="https://github.com/wolfSSL/wolfTPM/blob/master/examples/firmware/README.md">ST33 firmware update</a>: examples/firmware/README.md</p></li></ul><p>For commercial licensing, FIPS 140-3 integration, DO-178C DAL A qualification kits, custom HAL ports, or early access to the v1.85 PQC branch, contact <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-04-24T16:54:56Z</updated>
			<id>https://www.wolfssl.com/forums/topic2513-announcing-wolftpm-v400-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfBoot 2.8.0 released]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2512-wolfboot-280-released-new-posts.html" />
			<summary type="html"><![CDATA[<p>We are pleased to announce the release of <a href="https://www.wolfssl.com/products/wolfboot/">wolfBoot 2.8.0</a>, a major update that expands platform support, strengthens PSA and TrustZone integration, and delivers another round of meaningful hardening across the secure boot and firmware update flow.</p><p>This release stands out for the breadth of hardware now supported. wolfBoot 2.8.0 adds or extends support for AMD/Xilinx Versal Gen 1 VMK180, Microchip PolarFire SoC MPFS250, NXP MCXN, MCXW71, S32K14x, LPC55S69, NXP T1040 RDB, refreshed T2080 configurations, and Nordic nRF54L15. For product teams working across multiple silicon families, wolfBoot continues to prove itself as a highly portable and consistent secure boot solution.</p><p>Version 2.8.0 also brings an important step forward for PSA-based designs. New support for wolfPSA secure storage, TrustZone-backed PSA services, PSA crypto, PSA attestation, and DICE-based attestation flows makes wolfBoot an even stronger foundation for modern embedded security architectures. With new Zephyr integration replacing the TEE layer through PSA-facing interfaces, this release opens up new options for developers building secure RTOS-based systems.</p><p>wolfBoot is now also available as <a href="https://www.wolfssl.com/replacing-tf-m-on-armv8-m-wolfboot-secure-domain-wolfpsa-now-integrated-with-zephyr-for-cra-compliance/">complete secure boot + TEE (PSA) replacement for TrustZone systems running Zephyr OS</a>.</p><p>On the product integration side, wolfBoot 2.8.0 adds a new generic hook framework for pre-init, post-init, and boot customization, along with custom encryption-key hooks, PKCS11-backed encrypted partitions, improved status and image-inspection tooling, monolithic self-update builds, and reproducible-build support. These improvements make it easier to adapt wolfBoot to real deployment requirements while keeping the codebase compact and focused.</p><p>Existing targets also benefit from substantial work in this release. Highlights include improved STM32H5 TrustZone and PKCS11 integration, external flash dual-bank updates on PSoC6, expanded AURIX TC3xx self-update and wolfHSM configurations, refreshed Renesas RA6M4 and RX projects, and better clang/LLVM support with dedicated CI coverage.</p><p>As always, security and reliability remain central. wolfBoot 2.8.0 strengthens image parsing, signing, and update flows with tighter checks and safer handling across signatures, TLVs, delta images, partition layouts, and storage I/O. It also expands constant-time operations and zeroization in sensitive paths, adds stricter rollback and flash-protection behavior, and fixes a range of regressions across supported architectures and simulator targets.</p><p><strong>Updated modules</strong><br /></p><ul><li><p>wolfSSL: latest stable</p></li></ul><ul><li><p>wolfTPM: latest</p></li></ul><ul><li><p>wolfPKCS11: latest stable</p></li></ul><ul><li><p>wolfHSM: latest</p></li></ul><p>With 2.8.0, wolfBoot continues to grow as a practical, production-ready secure bootloader for embedded systems that need strong authentication, reliable updates, and portability across a rapidly expanding hardware landscape.</p><p>To learn more about wolfBoot, or to discuss secure boot and firmware update strategies for your platform, contact us.</p><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call us at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-04-23T22:50:33Z</updated>
			<id>https://www.wolfssl.com/forums/topic2512-wolfboot-280-released-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfSSH v1.5.0 Release]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2511-wolfssh-v150-release-new-posts.html" />
			<summary type="html"><![CDATA[<p><a href="https://www.wolfssl.com/products/wolfssh/">wolfSSH v1.5.0</a> is now available! This release brings additional post-quantum hybrid key exchange algorithms, a broad hardening pass across the code base, and a large number of bug fixes. There is also one low-severity vulnerability fix in this release affecting wolfSSHd on Windows when handling an edge case in terminal resize messages received from an authenticated connection.</p><p>Please see the <a href="https://github.com/wolfSSL/wolfssh/blob/master/ChangeLog.md">ChangeLog.md</a> for full details.</p><p><strong>New Features</strong><br />The headline addition in v1.5.0 is post-quantum key exchange via ML-KEM hybrid algorithms — mlkem1024nistp384-sha384 and mlkem768x25519-sha256 — based on draft-ietf-sshm-mlkem-hybrid-kex, with interoperability testing against OpenSSH running in CI. This brings wolfSSH in line with the industry direction toward quantum-resistant SSH.</p><p>On the algorithm side, client-side rsa-sha2-512 signature support has been added. The key type is now separated from the signature type, so ssh-rsa keys can be used with ssh-rsa, rsa-sha2-256, or rsa-sha2-512 signatures, improving compatibility with modern SSH servers that have deprecated the older scheme.</p><p>Two handy SFTP client usability improvements also landed: lcd and lls commands for managing the local working directory without leaving an SFTP session.</p><p><strong>Improvements</strong><br />Several handlers that previously lacked proper callback validation have been tightened: host key acceptance, channel open requests, TCP/IP forwarding, and DH group exchange parameters are all now gated and validated. Additional defensive constant-time comparisons were also applied.</p><p>Beyond hardening, SFTP reliability saw meaningful attention – better non-blocking behavior, improved error path handling, and more robust multi-byte password support. CI coverage was expanded significantly with new sanitizer builds, multi-compiler testing, and automated Coverity scanning.</p><p><strong>Fixes</strong><br />This release contains a large number of bug fixes driven by static analysis and code review. Highlights include a non-blocking SFTP server hang on WS_WANT_WRITE, Windows authentication issues, missing hash cleanup in RSA/ECC paths, and a variety of null-dereference, bounds-check, and memory-leak fixes throughout the codebase.</p><p>Download wolfSSH v1.5.0 from our <a href="https://www.wolfssl.com/download/">download page</a>, or clone it from <a href="https://github.com/wolfSSL/wolfssh">GitHub</a>.</p><p>If you have questions about wolfSSH or any of our other products, feel free to reach out at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or <a href="mailto:support@wolfssl.com">support@wolfssl.com</a>, or give us a call at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-04-22T17:56:03Z</updated>
			<id>https://www.wolfssl.com/forums/topic2511-wolfssh-v150-release-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfSSL 5.9.1 release blog]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2509-wolfssl-591-release-blog-new-posts.html" />
			<summary type="html"><![CDATA[<p><a href="https://www.wolfssl.com/products/wolfssl/">wolfSSL 5.9.1</a> is available with new features, post-quantum cryptography improvements, broad bug fixes, and a number of vulnerability fixes. Users are always recommended to stay up to date with wolfSSL releases. In this release, use cases that are affected by high severity reports are: PKCS7 with ORI callback set or AuthEnvelopedData with AES-GCM (–enable-pkcs7), ECDSA certificate verification with EdDSA or ML-DSA enabled, URI nameConstraints enforcement with intermediate CAs, X.509 certificate conversion via CertFromX509 with AuthorityKeyIdentifier, DTLS 1.3 (–enable-dtls13), ECH (–enable-ech), ECCSI signature verification (–enable-eccsi), AES-EAX/CMAC with large messages, and ChaCha20-Poly1305 via EVP or X509_verify_cert via the OpenSSL compatibility layer (–enable-opensslextra).</p><p><strong>Security Vulnerabilities Addressed</strong><br />This release addresses 22 CVEs across critical, high, medium, and low severity levels. Notably, we have received many quality AI-assisted vulnerability reports this cycle. Thanks to all the researchers who responsibly disclosed issues, including teams from Anthropic, KENTECH, Calif.io, eWalker Consulting, and several independent contributors.</p><p>For the full list of vulnerabilities addressed, visit the <a href="https://www.wolfssl.com/docs/security-vulnerabilities/">wolfSSL Vulnerability Page</a>.</p><p><strong>Default Build Changes</strong><br /></p><ul><li><p><strong>ML-KEM (FIPS 203) enabled by default</strong> — Post-quantum key encapsulation is now on by default, making it easier than ever to adopt quantum-resistant cryptography.</p></li></ul><ul><li><p>ECC curve validation is now enabled unconditionally in default builds, removing the previous dependency on USE_ECC_B_PARAM.</p></li></ul><p><strong>New Features</strong><br /></p><ul><li><p><strong>Brainpool curve support</strong> added to wolfSSL_CTX_set1_sigalgs_list for broader European cryptographic standard compatibility.</p></li></ul><ul><li><p><strong>DTLS 1.3 / TLS 1.3 write-dup support</strong> — Duplicate SSL functionality allows read-side delegation of post-handshake tasks (KeyUpdate, ACK, post-handshake auth) to the write-side.</p></li></ul><p><strong>Post-Quantum Cryptography Updates</strong><br /></p><ul><li><p>The context-aware FIPS 204 ML-DSA (Dilithium) API is now the default, with the legacy non-context API gated behind WOLFSSL_DILITHIUM_NO_CTX.</p></li></ul><ul><li><p>Sensitive memory buffers in the ML-DSA implementation are now zeroized to prevent leakage of cryptographic material.</p></li></ul><ul><li><p>Private key validation checks added for Ed25519, Ed448, ML-DSA, and ML-KEM operations.</p></li></ul><ul><li><p>Buffer size and callback validation added to wc_LmsKey_Sign.</p></li></ul><ul><li><p>Fixed out-of-bounds shift and undefined behavior issues in ML-DSA and SLH-DSA implementations.</p></li></ul><p><strong>TLS and DTLS Improvements</strong><br /></p><ul><li><p>Fixed DTLS 1.3 ServerHello to comply with the specification by not echoing legacy_session_id.</p></li></ul><ul><li><p>Fixed TLS 1.3 server to correctly reject mismatched ciphersuites in second ClientHello after HelloRetryRequest.</p></li></ul><ul><li><p>Resolved multiple correctness issues in DTLS 1.3 and TLS 1.3 including missing bounds checks, PSK identity buffer overreads, and resource leaks.</p></li></ul><ul><li><p>HPKE implementation fixes and refactoring with tests for all 24 algorithm combination variants.</p></li></ul><p><strong>Hardware and Embedded Ports</strong><br /></p><ul><li><p>SE050 hardware security module integration fixes for RSA-PSS and persistent key slot management.</p></li></ul><ul><li><p>Broad correctness improvements across Espressif, Renesas, Silicon Labs, NXP, STM32, TI, Xilinx, and other hardware targets.</p></li></ul><ul><li><p>Fixed buffer overflows, key material exposure, mutex leaks, and logic errors across hardware crypto backends.</p></li></ul><p><strong>Rust Wrapper</strong><br /></p><ul><li><p>Released version 1.2.0 of the wolfssl-wolfcrypt Rust crate.</p></li></ul><ul><li><p>Updated build script to support cross-compiling and bare-metal targets including RISC-V architectures.</p></li></ul><p><strong>Get the Update</strong><br />We recommend all wolfSSL users update to version 5.9.1. Dive into the full <a href="https://github.com/wolfSSL/wolfssl">ChangeLog</a> for a complete list of changes.</p><p><strong><a href="https://www.wolfssl.com/download/">Download</a> wolfSSL 5.9.1</strong></p><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call us at +1 425 245 8247.</p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-04-21T23:15:40Z</updated>
			<id>https://www.wolfssl.com/forums/topic2509-wolfssl-591-release-blog-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[Hybrid TLS 1.3 (PQC) support in wolfSSL JNI (Java)]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2508-hybrid-tls-13-pqc-support-in-wolfssl-jni-java-new-posts.html" />
			<summary type="html"><![CDATA[<p>Hello,</p><p>I’ve been reviewing the wolfSSL documentation and have tested the hybrid TLS 1.3 examples in C. On the native side, I was able to successfully compile wolfSSL with PQC_Hybrids and run the client/server examples using hybrid TLS 1.3 without any issues.</p><p>I’m new to this area, and I would like to achieve the same from Java using wolfSSL JNI. However, when checking the JSSE provider documentation, I only see references to classical algorithms, although there is also mention of the QSH (quantum-safe handshake) extension.</p><p>My questions are:<br />Is wolfSSL_PQC_Hybrids currently supported through wolfssl-jni-jsse?<br />Is the QSH extension compatible with TLS 1.3 from Java?<br />If not, are there any plans to expose hybrid key exchange groups in the JNI wrapper?</p><p>Any guidance would be greatly appreciated.</p>]]></summary>
			<author>
				<name><![CDATA[Pro_Orq]]></name>
				<uri>https://www.wolfssl.com/forums/user8565.html</uri>
			</author>
			<updated>2026-04-21T16:20:34Z</updated>
			<id>https://www.wolfssl.com/forums/topic2508-hybrid-tls-13-pqc-support-in-wolfssl-jni-java-new-posts.html</id>
		</entry>
		<entry>
			<title type="html"><![CDATA[wolfIP 1.0.0 Released: Deterministic TCP/IP for Embedded and Safety-Cr]]></title>
			<link rel="alternate" href="https://www.wolfssl.com/forums/topic2502-wolfip-100-released-deterministic-tcpip-for-embedded-and-safetycr-new-posts.html" />
			<summary type="html"><![CDATA[<p>We are excited to announce the release of <a href="https://www.wolfssl.com/products/wolfip/">wolfIP 1.0.0</a>, the first public release of wolfSSL’s lightweight TCP/IP stack for embedded, real-time, and safety-critical systems. wolfIP is built around a simple idea: networking behavior should be defined before runtime, not discovered during it. With no dynamic memory allocation, fixed socket tables, pre-allocated packet buffers, and a deterministic execution model, wolfIP gives developers a compact and analyzable network stack for systems where predictability matters. Version 1.0.0 is listed on the official wolfIP product page and changelog dated March 31, 2026.</p><p><strong>Why wolfIP</strong><br />Traditional TCP/IP stacks often bring in dynamic allocation, background processing, and broader feature sets than many embedded endpoints actually need. That flexibility can be useful in general-purpose systems, but it also makes worst-case timing, memory usage, and verification harder to bound. wolfIP takes a different approach. It is designed as a tiny, deterministic stack with compile-time configured resources, a fixed socket count, static RX/TX packet buffers, and no hidden runtime allocation. That makes it a strong fit for constrained devices, controlled deployments, and projects with demanding review, testing, or certification workflows.</p><p><strong>What is included in 1.0.0</strong><br />The 1.0.0 release delivers a solid IPv4 networking foundation for embedded endpoints. Core support includes Ethernet II, ARP, IPv4, ICMP, UDP, TCP, DHCP client, and DNS client, along with modern TCP capabilities such as MSS, timestamps, PAWS, window scaling, retransmission timeout handling, SACK, slow start, congestion avoidance, and fast retransmit. wolfIP 1.0.0 also includes HTTP/HTTPS server support, IPsec ESP transport mode, IP filtering with wolfSentry integration, native wolfGuard support, and optional IPv4 forwarding for multi-interface builds.</p><p>That combination is important because it gives developers more than just a packet pipe. wolfIP 1.0 starts with the network services many connected devices actually need, then adds security-focused integration points across the wolfSSL ecosystem. Developers can combine wolfIP with <a href="https://www.wolfssl.com/products/wolfssl/">wolfSSL</a> for TLS 1.3-protected applications, <a href="https://www.wolfssl.com/products/wolfsentry/">wolfSentry</a> for filtering and policy enforcement, and <a href="https://www.wolfssl.com/products/wolfguard/">wolfGuard</a> where a tightly integrated secure tunnel model is needed. For teams building secure connected products, that means a more cohesive networking and security story from a single vendor and codebase family.</p><p><strong>Small footprint, practical deployment model</strong><br />wolfIP is positioned as a small embedded-first stack, and the official product material describes the core as roughly <strong>4× smaller than lwIP’s core.</strong> Just as important, wolfIP’s architecture is intentionally narrow and easier to analyze: deterministic memory usage by default, fixed compile-time resources, and an endpoint-focused design rather than a broad general-purpose routing stack. For organizations thinking about code review effort, qualification scope, or long-term maintenance, reducing moving parts matters.</p><p><strong>From POSIX testing to embedded targets</strong><br />One of the most useful aspects of wolfIP 1.0 is its portability across development and deployment environments. The release includes integration layers for <a href="https://www.wolfssl.com/products/wolfssl/">wolfSSL</a>, <a href="https://www.wolfssl.com/products/wolfssh/">wolfSSH</a>, <a href="https://www.wolfssl.com/products/wolfmqtt/">wolfMQTT</a>, a POSIX LD_PRELOAD socket interception path via libwolfip.so, and a FreeRTOS BSD socket wrapper. The repo also documents host-side testing through TAP-style interfaces and lists host link driver support for Linux TAP/TUN, Darwin utun, FreeBSD TAP, and VDE2, alongside embedded ports for targets including STM32H753ZI, STM32H563, STM32N6, VA416xx, and Raspberry Pi Pico USB networking demos. That is a practical release story: developers can exercise the stack on desktop-class environments, then carry the same architecture into embedded deployment.</p><p><strong>Built to Work Naturally with wolfSSL</strong><br />wolfIP is especially compelling when paired with the rest of the wolfSSL portfolio. The product page highlights seamless TLS 1.3 integration with wolfSSL, and the repository documents HTTPS server support with wolfSSL TLS backing. For engineering teams that already trust wolfSSL in embedded and RTOS environments, wolfIP extends that same design philosophy down into the transport layer: compact code, explicit resource control, and predictable behavior. Instead of stitching together unrelated networking and crypto components, developers can build on a tightly aligned stack designed for constrained and security-conscious systems.</p><p><strong>Available Now</strong><br /><a href="https://www.wolfssl.com/products/wolfip/">wolfIP 1.0.0</a> is available now under the GPLv3 open source license. If you are building connected embedded devices and need a TCP/IP stack with bounded memory usage, deterministic behavior, and straightforward integration with wolfSSL security products, wolfIP is well worth a look. Download the latest release, review the changelog, and contact us to discuss commercial licensing, support, or how wolfIP fits into your next embedded networking design.</p><p>If you have questions about any of the above, please contact us at <a href="mailto:facts@wolfssl.com">facts@wolfssl.com</a> or call us at +1 425 245 8247.</p><p><strong><a href="https://www.wolfssl.com/download/">Download </a>wolfSSL Now</strong></p>]]></summary>
			<author>
				<name><![CDATA[shizuka]]></name>
				<uri>https://www.wolfssl.com/forums/user5631.html</uri>
			</author>
			<updated>2026-04-14T21:03:46Z</updated>
			<id>https://www.wolfssl.com/forums/topic2502-wolfip-100-released-deterministic-tcpip-for-embedded-and-safetycr-new-posts.html</id>
		</entry>
</feed>
