wolfSSL Embedded TLS

A lightweight, configurable TLS and DTLS library for embedded, RTOS and resource-constrained environments, with protocol support up to TLS 1.3 and DTLS 1.3.

Discuss your requirements ↗ Explore capabilities ↓

TLS 1.3DTLS 1.3Client & serverCertificate validation

Secure channel establishment

InputsIdentity & trust storeNetwork / transport I/O

Engineering controlsHandshakeCertificate validationSession protection

OutputsAuthenticated peerConfidentialityIntegrity

TLS/DTLS transport-security layer for device-to-device, device-to-cloud and embedded network communication.

Protocol security depends on correct certificate validation, entropy, key protection, algorithm configuration, time handling and application use of the session.

wolfSSLEmbedded security

Core capabilities

Core engineering capabilities

Exact capabilities depend on the selected edition, release and deployment environment.

TLS and DTLS

Support protocol levels up to TLS 1.3 and DTLS 1.3 based on build and platform configuration.

Client and server roles

Implement endpoint roles appropriate to the device and communication topology.

Certificates and revocation

Use X.509, trust stores and supported OCSP or CRL workflows where required.

Custom I/O

Integrate protocol processing with platform-specific network, transport or non-socket I/O.

Cipher and footprint configuration

Select algorithms and features to balance interoperability, assurance, memory and performance.

Hardware integration

Use supported cryptographic acceleration, secure elements or platform capabilities through applicable interfaces.

Implementation workflow

From evaluation to deployment

Validate the technology in the real build, target and reporting environment before wider rollout.

01Define peers and threat model
02Select protocol and ciphers
03Design identity and trust store
04Integrate I/O and entropy
05Measure footprint and performance
06Test failure and lifecycle handling

Confirm the deployment fit

Compatibility depends on the actual toolchain, target environment, integration needs and assurance objectives.

TLS/DTLS versions and peer interoperability
Certificate or pre-shared-key architecture
RAM, flash and handshake latency
RTOS, sockets or custom transport
Entropy and private-key protection
Revocation, renewal and field lifecycle

Where the technology adds value

Well suited for

Embedded HTTPS and secure sockets
Device-to-cloud communication
UDP-based secure communication with DTLS
Resource-constrained client or server endpoints

Important considerations

Certificate provisioning, renewal and revocation require lifecycle processes.
TLS protects transport; application authorization and data handling remain separate.
Key and trust-anchor protection remains fundamental to protocol security.
Interoperability and failure handling should be tested with real peers.

Relevant engineering frameworks

TLS 1.3DTLS 1.3X.509 workflowsProduct-specific cybersecurity requirements

Related capabilities

Extend the software assurance workflow

Explore adjacent capabilities across requirements, verification, testing and embedded security.