TLS 1.3 Sniffer Support in wolfSSL Release 4.8.0

wolfSSL has announced TLS 1.3 support for sniffer users, downloadable from the latest version of wolfSSL 4.8.0.

July 20, 2021

3 Min Read



wolfSSL has announced TLS 1.3 support for sniffer users. The wolfSSL sniffer can be used to passively sniff SSL/TLS traffic including https traffic. wolfSSL supports industry standards up to the current TLS 1.3, for which we were the first commercial implementation. Our sniffer users benefit from this compatibility with the latest TLS protocol. Users can download wolfSSL 4.8.0 to access TLS 1.3 sniffer support:

For TLS v1.3, all cipher suites use a new ephemeral key for each new session. Only Perfect Forward Secrecy (PFS) ciphers are allowed, whereas typically a static RSA ciphersuite would be used. In order to solve this, we added a “static ephemeral” feature, which allows setting a known key that is used for deriving a shared secret. The key can be rolled periodically and synchronized for internal or test environments. We’ve also created a Key Manager for secure distribution of ephemeral keys based on the ETSI TS 103 523-3 specification.

The wolfSSL sniffer can be integrated into any application using the existing sniffer API. Only five calls are required making it easy to integrate into any project. As a proof of concept, we added this support to Apache httpd to demonstrate real-time decryption of web traffic. Email us at [email protected] for access to the Apache httpd branch with sniffer and FIPS ready support.

Some of the main advantages of switching to TLS 1.3 from earlier versions of the protocol include quicker connection times due to reduced roundtrips during the handshake, reduced latency, improved session resumption, and more secure crypto by default. wolfSSL supports TLS 1.3 on both client and server side. To learn more about the advantages of TLS 1.3, visit our reference page:

For additional information on wolfSSL’s TLS 1.3 sniffer, visit and download wolfSSL version 4.8.0:

For licensing questions, contact [email protected], or meet wolfSSL on the ground at Black Hat USA! For a list of upcoming events to connect virtually or in-person, check out our events page:

ABOUT WOLFSSL wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL/TLS products and crypto library, wolfSSL is supporting high security designs in automotive, avionics and other industries. In avionics, wolfSSL supports complete RTCA DO-178C level A certification. In automotive, we support MISRA-C capabilities. For government consumers, wolfSSL has a strong history in FIPS 140-2, with upcoming FIPS 140-3. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, 24x7 support and much more. Our products are open source, giving customers the freedom to look under the hood.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights