Wolfssl Alternatives

wolfssl reviews and mentions

• I can't pay rent because devs just don't care
  1 project | news.ycombinator.com | 29 Apr 2025

  You may be talking about that, but I'm not. I was talking about the task-specific memory footprint. I didn't say anything at all about the rest of the computer.

  And even that wasn't meant to be taken literally. I kind of thought that was obvious[1].

  But in the end, OK, you're right. You probably could fit the banking app logic in 64K, but you'd have to rely on the OS to provide things like crypto, the network stack, and the I/O. So the machine as a whole would need more than that to get the job done. And the UI would be pretty bad if you stuffed even the app part into 64k.

  No problem fitting it all into megabytes, though. Definitely no need for it to be gigabytes. I challenge you to explain what needs to be there that would make the entire system, OS, app, and all, need even one gigabyte of RAM to run even a very pretty, featureful banking app. Or even a quarter of a gigabyte.

  By the way, you can put TLS itself in less than 64k (see for example https://github.com/wolfSSL/wolfssl). But you have to profile it way down, maybe to the point of leaving out X.509, so you don't really have "full on" TLS. On the other hand, a lot of the footprint is because the TLS protocol itself is bloated and overcomplicated, and no, that bloat doesn't improve the security.

  [1]: ... and I mean, if we're going to get pedantic like that, nobody can write an SSL implementation with modern ciphers for any computer, because modern ciphers weren't introduced into the protocol until after it was renamed TLS. Actual SSL isn't something anybody should be using now. Even TLS 1.1 isn't.

• Embedded TLS Library for Applications, Devices, and the Cloud
  1 project | news.ycombinator.com | 29 Dec 2024
• “Purchasing an arm”
  2 projects | /r/Firearms | 27 Nov 2022

  Or something a bit more lightweight - https://github.com/wolfSSL/wolfssl

• WolfSSL
  1 project | news.ycombinator.com | 2 Nov 2022
• Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173)
  2 projects | /r/openwrt | 6 Oct 2022
• Getting started with wolfssl
  1 project | dev.to | 23 Sep 2022
• Ask HN: Can a TCP connection be MitM attacked if already established?
  1 project | news.ycombinator.com | 17 Sep 2022

  > I have no room for TLS on micro computer

  How micro is your micro? There are embedded TLS stacks such as wolfSSL[1]. If you carefully select the cipher suite and certificate requirements, and perhaps limit TLS payload sizes, you may be able to fit on a lot more systems than you initially suspect. x.509 is expensive in code space though, if that's the constraint, you may do better with an application specific certificate replacement of some sort.

  [1] https://www.wolfssl.com/

• The project with a single 11,000-line code file
  15 projects | news.ycombinator.com | 3 Apr 2022
• Information and learning resources for cryptography newcomers
  11 projects | /r/cryptography | 31 Jan 2022
• CryptoLyzer: A comprehensive cryptographic settings analyzer
  11 projects | dev.to | 18 Jan 2022

  There are many notable open-source projects (SSLyze, CipherScan, testssl.sh, tls-scan, …) and several SaaS solutions (CryptCheck, CypherCraft, Hardenize, ImmuniWeb, Mozilla Observatory, SSL Labs, …) to do a security setting analysis, especially when we are talking about TLS, which is the most common and popular cryptographic protocol. However, most of these tools heavily depend on one or more versions of one or more cryptographic protocol libraries, like GnuTLS, OpenSSL, or wolfSSL. But why is this such a problem?

• A note from our sponsor - SaaSHub
  www.saashub.com | 16 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →