diff --git a/FDBLibTLS/CMakeLists.txt b/FDBLibTLS/CMakeLists.txt
index 62ea4d5cad..2bf3016bc9 100644
--- a/FDBLibTLS/CMakeLists.txt
+++ b/FDBLibTLS/CMakeLists.txt
@@ -10,3 +10,4 @@ set(SRCS
 
 add_library(FDBLibTLS STATIC ${SRCS})
 target_link_libraries(FDBLibTLS PUBLIC OpenSSL::SSL boost_target PRIVATE flow)
+target_include_directories(FDBLibTLS INTERFACE OpenSSL::SSL boost_target PRIVATE flow)
diff --git a/FDBLibTLS/FDBLibTLSPolicy.cpp b/FDBLibTLS/FDBLibTLSPolicy.cpp
index 9eeb9df833..6f81f91335 100644
--- a/FDBLibTLS/FDBLibTLSPolicy.cpp
+++ b/FDBLibTLS/FDBLibTLSPolicy.cpp
@@ -22,6 +22,9 @@
 #include "FDBLibTLS/FDBLibTLSSession.h"
 #include "flow/Trace.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
diff --git a/FDBLibTLS/FDBLibTLSSession.cpp b/FDBLibTLS/FDBLibTLSSession.cpp
index a7193a61a4..754f3809e0 100644
--- a/FDBLibTLS/FDBLibTLSSession.cpp
+++ b/FDBLibTLS/FDBLibTLSSession.cpp
@@ -23,6 +23,9 @@
 #include "flow/flow.h"
 #include "flow/Trace.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
diff --git a/FDBLibTLS/FDBLibTLSVerify.cpp b/FDBLibTLS/FDBLibTLSVerify.cpp
index a885584a7b..216966f4c0 100644
--- a/FDBLibTLS/FDBLibTLSVerify.cpp
+++ b/FDBLibTLS/FDBLibTLSVerify.cpp
@@ -20,6 +20,9 @@
 
 #include "FDBLibTLS/FDBLibTLSVerify.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/objects.h>
 
 #include <algorithm>
diff --git a/FDBLibTLS/verify-test.cpp b/FDBLibTLS/verify-test.cpp
index 9932e88329..a894aafcb0 100644
--- a/FDBLibTLS/verify-test.cpp
+++ b/FDBLibTLS/verify-test.cpp
@@ -25,6 +25,9 @@
 #include <string.h>
 #include <boost/lexical_cast.hpp>
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/objects.h>
 
 #include "fdbrpc/ITLSPlugin.h"
diff --git a/cmake/FDBComponents.cmake b/cmake/FDBComponents.cmake
index 60fbe44a0d..998dfaf616 100644
--- a/cmake/FDBComponents.cmake
+++ b/cmake/FDBComponents.cmake
@@ -21,22 +21,39 @@ endif()
 include(CheckSymbolExists)
 
 set(DISABLE_TLS OFF CACHE BOOL "Don't try to find OpenSSL and always build without TLS support")
+set(USE_WOLFSSL OFF CACHE BOOL "Build against WolfSSL instead of OpenSSL")
+set(USE_OPENSSL ON CACHE BOOL "Build against OpenSSL")
 if(DISABLE_TLS)
   set(WITH_TLS OFF)
 else()
-  set(OPENSSL_USE_STATIC_LIBS TRUE)
-  if(WIN32)
-    set(OPENSSL_MSVC_STATIC_RT ON)
-  endif()
-  find_package(OpenSSL)
-  if(OPENSSL_FOUND)
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(WITH_TLS ON)
-    add_compile_options(-DHAVE_OPENSSL)
-  else()
-    message(STATUS "OpenSSL was not found - Will compile without TLS Support")
-    message(STATUS "You can set OPENSSL_ROOT_DIR to help cmake find it")
-    set(WITH_TLS OFF)
+  if(USE_WOLFSSL)
+    set(WOLFSSL_USE_STATIC_LIBS TRUE)
+    find_package(WolfSSL)
+    if(WOLFSSL_FOUND)
+      set(CMAKE_REQUIRED_INCLUDES ${WOLFSSL_INCLUDE_DIR})
+      set(WITH_TLS ON)
+      add_compile_options(-DHAVE_OPENSSL)
+      add_compile_options(-DHAVE_WOLFSSL)
+    else()
+      message(STATUS "WolfSSL was not found - Will compile without TLS Support")
+      message(STATUS "You can set WOLFSSL_ROOT_DIR to help cmake find it")
+      set(WITH_TLS OFF)
+    endif()
+  elseif(USE_OPENSSL)
+    set(OPENSSL_USE_STATIC_LIBS TRUE)
+    if(WIN32)
+      set(OPENSSL_MSVC_STATIC_RT ON)
+    endif()
+    find_package(OpenSSL)
+    if(OPENSSL_FOUND)
+      set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+      set(WITH_TLS ON)
+      add_compile_options(-DHAVE_OPENSSL)
+    else()
+      message(STATUS "OpenSSL was not found - Will compile without TLS Support")
+      message(STATUS "You can set OPENSSL_ROOT_DIR to help cmake find it")
+      set(WITH_TLS OFF)
+    endif()
   endif()
 endif()
 
diff --git a/cmake/FindWolfSSL.cmake b/cmake/FindWolfSSL.cmake
new file mode 100644
index 0000000000..79e2b98035
--- /dev/null
+++ b/cmake/FindWolfSSL.cmake
@@ -0,0 +1,63 @@
+# FindWolfSSL
+
+# Support preference of static libs by adjusting CMAKE_FIND_LIBRARY_SUFFIXES
+if(WOLFSSL_USE_STATIC_LIBS)
+  if(WIN32)
+    set(CMAKE_FIND_LIBRARY_SUFFIXES .lib .a ${CMAKE_FIND_LIBRARY_SUFFIXES})
+  else()
+    set(CMAKE_FIND_LIBRARY_SUFFIXES .a)
+  endif()
+endif()
+
+find_path(WOLFSSL_ROOT_DIR
+  NAMES
+    include/wolfssl/options.h
+)
+
+find_path(WOLFSSL_INCLUDE_DIR
+  NAMES
+    wolfssl/ssl.h
+  PATHS
+   ${WOLFSSL_ROOT_DIR}/include
+)
+
+find_library(WOLFSSL_LIBRARY
+  NAMES 
+    wolfssl
+  PATHS
+   ${WOLFSSL_ROOT_DIR}/lib
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(WolfSSL
+  REQUIRED_VARS
+    WOLFSSL_LIBRARY
+    WOLFSSL_INCLUDE_DIR
+  FAIL_MESSAGE
+    "Could NOT find WolfSSL"
+)
+
+mark_as_advanced(
+  WOLFSSL_ROOT_DIR
+  WOLFSSL_LIBRARY
+  WOLFSSL_INCLUDE_DIR
+)
+
+if(WOLFSSL_FOUND)
+  message(STATUS "Found wolfssl library: ${WOLFSSL_LIBRARY}")
+  message(STATUS "Found wolfssl includes: ${WOLFSSL_INCLUDE_DIR}")
+
+  set(WOLFSSL_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIR})
+  set(WOLFSSL_LIBRARIES ${WOLFSSL_LIBRARY})
+
+  add_library(WolfSSL UNKNOWN IMPORTED GLOBAL)
+  add_library(OpenSSL::SSL ALIAS WolfSSL)
+  add_library(OpenSSL::CRYPTO ALIAS WolfSSL)
+
+  target_include_directories(WolfSSL INTERFACE "${WOLFSSL_INCLUDE_DIR}")
+  target_link_libraries(WolfSSL INTERFACE "${WOLFSSL_TLS_LIBRARY}" "${WOLFSSL_SSL_LIBRARY}" "${WOLFSSL_CRYPTO_LIBRARY}")
+  set_target_properties(WolfSSL PROPERTIES
+    INTERFACE_INCLUDE_DIRECTORIES "${WOLFSSL_INCLUDE_DIR}"
+    IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+    IMPORTED_LOCATION "${WOLFSSL_LIBRARY}")
+endif()
diff --git a/fdbclient/S3BlobStore.actor.cpp b/fdbclient/S3BlobStore.actor.cpp
index 25e4a26ff5..ad859b47a4 100644
--- a/fdbclient/S3BlobStore.actor.cpp
+++ b/fdbclient/S3BlobStore.actor.cpp
@@ -25,9 +25,15 @@
 #include "fdbclient/sha1/SHA1.h"
 #include <time.h>
 #include <iomanip>
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#if defined(HAVE_WOLFSSL)
+#undef SHA1 // wolfSSL will will shadow FDB SHA1.h
+#endif
 #include <boost/algorithm/string/split.hpp>
 #include <boost/algorithm/string/classification.hpp>
 #include <boost/algorithm/string.hpp>
diff --git a/fdbclient/md5/md5.h b/fdbclient/md5/md5.h
index 6c290d1c28..71b1b0456b 100644
--- a/fdbclient/md5/md5.h
+++ b/fdbclient/md5/md5.h
@@ -24,6 +24,9 @@
  */
 
 #if defined(HAVE_OPENSSL) && !defined(TLS_DISABLED)
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/md5.h>
 #elif !defined(_MD5_H)
 #define _MD5_H
diff --git a/flow/BlobCipher.h b/flow/BlobCipher.h
index 7db574d60b..624762caaa 100644
--- a/flow/BlobCipher.h
+++ b/flow/BlobCipher.h
@@ -39,6 +39,9 @@
 #include "flow/flow.h"
 #include "flow/genericactors.actor.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/aes.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
diff --git a/flow/CMakeLists.txt b/flow/CMakeLists.txt
index 42e4f135ae..bf390d4b88 100644
--- a/flow/CMakeLists.txt
+++ b/flow/CMakeLists.txt
@@ -176,6 +176,10 @@ if(NOT WITH_TLS)
 else()
   target_link_libraries(flow PUBLIC OpenSSL::SSL)
   target_link_libraries(flow_sampling PUBLIC OpenSSL::SSL)
+  if(USE_WOLFSSL)
+    target_include_directories(flow SYSTEM BEFORE PUBLIC ${WOLFSSL_INCLUDE_DIR}/wolfssl)
+    target_include_directories(flow_sampling SYSTEM BEFORE PUBLIC ${WOLFSSL_INCLUDE_DIR}/wolfssl)
+  endif()
 endif()
 target_link_libraries(flow PUBLIC Threads::Threads ${CMAKE_DL_LIBS})
 target_link_libraries(flow_sampling PUBLIC Threads::Threads ${CMAKE_DL_LIBS})
diff --git a/flow/Net2.actor.cpp b/flow/Net2.actor.cpp
index 8c67f1b056..29785e1f39 100644
--- a/flow/Net2.actor.cpp
+++ b/flow/Net2.actor.cpp
@@ -29,6 +29,12 @@
 #define BOOST_DATE_TIME_NO_LIB
 #define BOOST_REGEX_NO_LIB
 #include <boost/asio.hpp>
+#ifndef TLS_DISABLED
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
+#include "boost/asio/ssl.hpp"
+#endif
 #include <boost/date_time/posix_time/posix_time_types.hpp>
 #include <boost/range.hpp>
 #include <boost/algorithm/string/join.hpp>
diff --git a/flow/StreamCipher.h b/flow/StreamCipher.h
index 98db51fe8d..3e1fe10fe0 100644
--- a/flow/StreamCipher.h
+++ b/flow/StreamCipher.h
@@ -32,6 +32,9 @@
 #include "flow/FastRef.h"
 #include "flow/flow.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/aes.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
diff --git a/flow/TLSConfig.actor.cpp b/flow/TLSConfig.actor.cpp
index 4f1d385b9a..c7cad7945d 100644
--- a/flow/TLSConfig.actor.cpp
+++ b/flow/TLSConfig.actor.cpp
@@ -38,6 +38,9 @@ void LoadedTLSConfig::print(FILE* fp) {
 #include <exception>
 #include <map>
 #include <set>
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/objects.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
diff --git a/flow/TLSConfig.actor.h b/flow/TLSConfig.actor.h
index 723424da00..ff3e670f49 100644
--- a/flow/TLSConfig.actor.h
+++ b/flow/TLSConfig.actor.h
@@ -39,6 +39,9 @@
 
 #ifndef TLS_DISABLED
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/x509.h>
 typedef int NID;
 
@@ -280,4 +283,4 @@ public:
 	"                 and format of CONSTRAINTS are plugin-specific.\n"
 
 #include "flow/unactorcompiler.h"
-#endif
\ No newline at end of file
+#endif
diff --git a/flow/network.h b/flow/network.h
index 2fdd7ab32d..5a64d93e17 100644
--- a/flow/network.h
+++ b/flow/network.h
@@ -30,9 +30,6 @@
 #include <variant>
 #include <atomic>
 #include "boost/asio.hpp"
-#ifndef TLS_DISABLED
-#include "boost/asio/ssl.hpp"
-#endif
 #include "flow/Arena.h"
 #include "flow/BooleanParam.h"
 #include "flow/IRandom.h"