Skip to content


Chris Conlon edited this page Dec 18, 2015 · 10 revisions

CyaSSL Embedded SSL Library

What is it?

The CyaSSL embedded SSL library is a lightweight SSL/TLS library written in ANSI standard C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty free pricing and cross platform support. CyaSSL supports industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL.

Ease of Use

wolfSSL is built for maximum portability and is generally very easy to compile on new platforms. Several abstraction layers (including operating system, Custom I/O, and Standard C library), a simple API, and an OpenSSL compatibility layer make it easier than ever to get working in your environment or on your platform.

Language Support

wolfSSL supports the C programming language as a primary interface. It also supports several other host languages, including Java, C#, PHP, Perl, and Python (through a swig interface). If you have interest in using wolfSSL in another programming language that it does not currently support, please contact wolfSSL.

For Java users, the wolfSSL JNI package has been designed to be used specifically with wolfSSL. This provides a JNI wrapper around wolfSSL to save Java developers time and effort.


  • SSL 3.0, TLS 1.0, 1.1 and 1.2 support (client and server)
  • DTLS 1.0 and 1.2 support (client and server)
  • Minimum size of 20-100 kB, depending on build options and operating environment
  • Runtime memory usage between 1-36 kB (depending on I/O buffer sizes, public key algorithm, and key size)
  • OpenSSL compatibility layer
  • OCSP and CRL support
  • Multiple Hashing Functions
    • MD2, MD4, MD5, SHA-1, SHA-2, SHA-256, SHA-384, SHA-512, BLAKE2b, RIPEMD-160, Poly1305
  • Block and Stream Ciphers
    • AES (CBC, CTR, GCM, CCM), Camellia, DES, 3DES, ARC4, RABBIT, HC-128, ChaCha20, IDEA
  • Public Key Options
  • Password-based Key Derivation
    • HMAC, PBKDF2, PKCS#5
  • ECC Support
  • RSA Key Generation
  • Client authentication support
  • PSK Pre-Shared Keys
  • Simple API
  • Persistent session and certificate cache
  • zlib compression support
  • Interchangeable crypto and certificate libraries
  • PEM and DER certificate support
  • X.509 v3 RSA and ECC Signed Certificate Generation
  • PKCS #7 - Cryptographic Message Syntax (CMS)
  • PKCS #10 - Certificate Signing Request (CSR)
  • PKCS #8, #5, #12 Private Key Encryption
  • Supported TLS Extensions
    • SNI (Server Name Indication)
    • Maximum Fragment Length
    • Truncated HMAC
    • Supported Elliptic Curves
    • ALPN
  • Certificate Manager
  • QSH (Quantum-Safe Handshake) Extension
  • SRP (Secure Remote Password)
  • Hardware Cryptography Support
    • Intel AES-NI support, AVX1/2
    • STM32F2/F4 hardware crypto support
    • Cavium NITROX support
    • Freescale CAU / mmCAU / SEC support
    • Microchip PIC32MZ hardware crypto support
  • SSL Sniffer (SSL Inspection)
  • IPv4 and IPv6 support
  • Abstraction Layers / User Callbacks
    • C Standard Library, Custom I/O, Memory hooks, Logging callbacks, User Atomic Record Layer Processing, Public Key
  • MySQL integration
  • Lighttpd, GoAhead, Mongoose web server support
  • stunnel support
  • OpenSSH support

Supported Operating Systems

Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, ARC MQX, TI-RTOS


wolfSSL Website:
wolfSSL Manual:
wolfSSL API Reference:

Something went wrong with that request. Please try again.