diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index b32d5ab6c..3d264e774 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -53,7 +53,7 @@ config WOLFSSL_HAS_ECC25519
 
 config WOLFSSL_HAS_OPENVPN
 	bool "Include OpenVPN support"
-	default n
+	default y
 
 config WOLFSSL_ALT_NAMES
 	bool "Include SAN (Subject Alternative Name) support"
@@ -62,13 +62,25 @@ config WOLFSSL_ALT_NAMES
 config WOLFSSL_HAS_DEVCRYPTO
 	bool
 
+config WOLFSSL_ASM_CAPABLE
+	bool
+	default x86_64 || (aarch64 && !TARGET_bcm27xx)
+
 choice
 	prompt "Hardware Acceleration"
+	default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE
 	default WOLFSSL_HAS_NO_HW
 
 	config WOLFSSL_HAS_NO_HW
 		bool "None"
 
+	config WOLFSSL_HAS_CPU_CRYPTO
+		bool "Use CPU crypto instructions"
+		depends on WOLFSSL_ASM_CAPABLE
+		help
+		This will use Intel AESNI insturctions or armv8 Crypto Extensions.
+		Either of them should easily outperform hardware crypto in WolfSSL.
+
 	config WOLFSSL_HAS_AFALG
 		bool "AF_ALG"
 
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 0aa56fb26..3edd52636 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -25,16 +25,28 @@ PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
 PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
 
 PKG_CONFIG_DEPENDS:=\
-	CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \
-	CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
-	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \
-	CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
-	CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
-	CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
-	CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
-	CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES
+	CONFIG_WOLFSSL_HAS_AES_CCM \
+	CONFIG_WOLFSSL_HAS_ARC4 \
+	CONFIG_WOLFSSL_HAS_CERTGEN \
+	CONFIG_WOLFSSL_HAS_CHACHA_POLY \
+	CONFIG_WOLFSSL_HAS_DH \
+	CONFIG_WOLFSSL_HAS_DTLS \
+	CONFIG_WOLFSSL_HAS_ECC25519 \
+	CONFIG_WOLFSSL_HAS_OCSP \
+	CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \
+	CONFIG_WOLFSSL_HAS_SESSION_TICKET \
+	CONFIG_WOLFSSL_HAS_TLSV10 \
+	CONFIG_WOLFSSL_HAS_TLSV13 \
+	CONFIG_WOLFSSL_HAS_WPAS
 
-PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
+PKG_ABI_VERSION:=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
+
+PKG_CONFIG_DEPENDS+=\
+	CONFIG_WOLFSSL_HAS_AFALG \
+	CONFIG_WOLFSSL_HAS_CPU_CRYPTO \
+	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
+	CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \
+	CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -123,15 +135,13 @@ CONFIGURE_ARGS += \
 	--enable-wpas --enable-fortress --enable-fastmath
 endif
 
-WOLFSSL_AARCH64_NO_CRYPTO = \
-	$(CONFIG_TARGET_bcm27xx)
-
-ifneq ($(CONFIG_aarch64),$(strip $(WOLFSSL_AARCH64_NO_CRYPTO)))
+ifdef CONFIG_WOLFSSL_HAS_CPU_CRYPTO
+    ifdef CONFIG_aarch64
 	CONFIGURE_ARGS += --enable-armasm
 	TARGET_CFLAGS:=$(TARGET_CFLAGS:-mcpu%=-mcpu%+crypto)
-	STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_armasm
-else ifeq ($(CONFIG_TARGET_x86_64),y)
+    else ifdef CONFIG_TARGET_x86_64
 	CONFIGURE_ARGS += --enable-intelasm
+    endif
 endif
 
 define Build/InstallDev