Depths of wolfSSL: Crafting Lightway’s Cryptography

Published Categorized as Innovation

Digital Security Unveiled | 5 Minutes Read | September 9, 2021

In the realm of VPN innovation, Lightway emerges as a testament to our commitment to security and privacy. Our journey led us to integrate wolfSSL, a venerable open-source cryptography library, rigorously scrutinized against the FIPS 140-2 standard by independent third parties.

WolfSSL: A Cryptographic Symphony

Unraveling the Enigma

Discover the wolfSSL-embedded TLS library, a featherweight, C-language SSL/TLS powerhouse tailored for IoT, embedded, and RTOS environments. It seamlessly navigates desktops, enterprises, and the cloud, boasting size efficiency, speed, and a robust feature set. wolfSSL, smaller by up to 20 times compared to OpenSSL, pledges a simple API, compatibility with OpenSSL, OCSP and CRL support, all backed by the stalwart wolfCrypt cryptography library.

Beyond Boundaries

Excitement ensued as wolfSSL contributed to Lightway, aligning with our fervor for open-source endeavors. Lightway, heralded as the “modern VPN,” inherits not only speed, performance, and best-tested security but also maintains a graceful lightweight mobility.

Genesis of wolfSSL


Conceived by Larry Stefonic and Todd Ouska, wolfSSL originated from a void in the open-source, dual-licensed, embedded SSL library landscape. Fueled by the demand for portability, reduced size, speed, and clean API, wolfSSL, with an OpenSSL compatibility layer, emerged as the solution.

wolfSSL in Action

Pioneering Users

wolfSSL’s SSL library found its initial prowess with MySQL, the world’s premier open-source database. Extensive bundling with eminent open-source projects, including MySQL, OpenWRT, Mongoose, cURL, and Ubuntu, catapulted wolfSSL to secure over 2 billion connections. Noteworthy users span Microsoft Azure, Intel, Volkswagen, and General Motors.

The wolfSSL Advantage

Unparalleled Flexibility

wolfSSL’s edge lies in flexibility, seamless SSL/TLS integration, adherence to current standards, and more—all packaged under an accessible license model. Its nimbleness, reduced size, speed, clean API, and robust developer support set it apart.

Certifications and Future Endeavors

FIPS Leadership

wolfSSL dominates the embedded FIPS certificates arena, maintaining two FIPS 140-2 certificates for the wolfCrypt Cryptographic Module (#2425 and #3389). With a relentless pursuit, wolfSSL aims to be the first cryptography library validated under FIPS 140-3.

DO 178 Certification

Supporting complete RTCA DO-178C level A certification, wolfSSL offers DO-178 wolfCrypt as a commercial off-the-shelf solution, fortifying connected avionics applications.

The Quantum Leap: Post-Quantum Computing

Navigating the Quantum Landscape

wolfSSL anticipates the impact of Post-Quantum Computing cryptographic algorithms, supporting round 3 finalist KEM algorithms for TLS 1.3. The imminent threat of “harvest and decrypt” propels the hybridization of quantum-safe KEMs with standard NIST-defined ECDSA curves, aligning with FIPS Mode compatibility.

Wisdom for the Security Architects

Guiding Principles

Advice echoes for those venturing into security app development or secure networking processes:

  1. Embrace TLS 1.3, widely supported by 47.8% of leading websites and major browsers.
  2. Leverage well-known algorithms—AES-GCM, SHA-2, (EC)DH, RSA, and ECDSA.
  3. Adopt secure protocols: TLS 1.2, TLS 1.3, and DTLS 1.2.
  4. Anticipate shifts to new PQC secure algorithms, preparing for the age of quantum computing.
  5. Dual signatures, combining existing algorithms with new PQC secure ones, fortify against evolving threats.
  6. Safeguard private keys, preferably in hardware.

Vpn all countries free

Enhance your Online Security with ForestVPN