diff --git a/examples/protocols/openssl_client/main/openssl_client_example_main.c b/examples/protocols/openssl_client/main/openssl_client_example_main.c
index dbeed1d7..4d216d8b 100644
--- a/examples/protocols/openssl_client/main/openssl_client_example_main.c
+++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c
@@ -22,6 +22,10 @@
 #include <sys/socket.h>
 #include <netdb.h>
 
+#if CONFIG_SSL_USING_WOLFSSL
+#include "lwip/apps/sntp.h"
+#endif
+
 #include "openssl/ssl.h"
 
 #define OPENSSL_CLIENT_THREAD_NAME "openssl_client"
@@ -59,6 +63,40 @@ static int send_bytes = sizeof(send_data);
 
 static char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN];
 
+#if CONFIG_SSL_USING_WOLFSSL
+static void get_time()
+{
+    struct timeval now;
+    int sntp_retry_cnt = 0;
+    int sntp_retry_time = 0;
+
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, "pool.ntp.org");
+    sntp_init();
+
+    while (1) {
+        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
+            vTaskDelay(100 / portTICK_RATE_MS);
+            gettimeofday(&now, NULL);
+        }
+
+        if (now.tv_sec < 1525952900) {
+            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
+
+            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
+                sntp_retry_cnt ++;
+            }
+
+            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
+            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
+        } else {
+            printf("SNTP get time success\n");
+            break;
+        }
+    }
+}
+#endif
+
 static void openssl_client_thread(void* p)
 {
     int ret;
@@ -73,6 +111,11 @@ static void openssl_client_thread(void* p)
 
     printf("OpenSSL client thread start...\n");
 
+#if CONFIG_SSL_USING_WOLFSSL
+    /* CA date verification need system time */
+    get_time();
+#endif
+
     /*get addr info for hostname*/
     do {
         entry = gethostbyname(CONFIG_TARGET_DOMAIN);
@@ -90,10 +133,9 @@ static void openssl_client_thread(void* p)
     printf("OK\n");
 
     printf("load ca crt ......");
-    X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
+    ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);
 
-    if (cacrt) {
-        SSL_CTX_add_client_CA(ctx, cacrt);
+    if (ret) {
         printf("OK\n");
     } else {
         printf("failed\n");
@@ -123,17 +165,6 @@ static void openssl_client_thread(void* p)
     printf("set verify mode verify peer\n");
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
 
-    printf("set SSL context read buffer size ......");
-    SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_CLIENT_FRAGMENT_SIZE);
-    ret = 0;
-
-    if (ret) {
-        printf("failed, return %d\n", ret);
-        goto failed2;
-    }
-
-    printf("OK\n");
-
     printf("create socket ......");
     socket = socket(AF_INET, SOCK_STREAM, 0);
 
diff --git a/examples/protocols/openssl_demo/main/Kconfig.projbuild b/examples/protocols/openssl_demo/main/Kconfig.projbuild
new file mode 100644
index 00000000..92a75195
--- /dev/null
+++ b/examples/protocols/openssl_demo/main/Kconfig.projbuild
@@ -0,0 +1,17 @@
+menu "Example Configuration"
+
+config WIFI_SSID
+    string "WiFi SSID"
+    default "myssid"
+    help
+        SSID (network name) for the example to connect to.
+
+config WIFI_PASSWORD
+    string "WiFi Password"
+    default "mypassword"
+    help
+        WiFi password (WPA or WPA2) for the example to use.
+
+        Can be left blank if the network has no security set.
+
+endmenu
diff --git a/examples/protocols/openssl_demo/main/openssl_demo.c b/examples/protocols/openssl_demo/main/openssl_demo_example_main.c
similarity index 84%
rename from examples/protocols/openssl_demo/main/openssl_demo.c
rename to examples/protocols/openssl_demo/main/openssl_demo_example_main.c
index 20798a98..1bc82209 100644
--- a/examples/protocols/openssl_demo/main/openssl_demo.c
+++ b/examples/protocols/openssl_demo/main/openssl_demo_example_main.c
@@ -11,32 +11,30 @@
 #include <string.h>
 #include <strings.h>
 
+#include "sdkconfig.h"
+
+#include "esp_misc.h"
 #include "esp_sta.h"
 #include "esp_system.h"
-#include "esp_wifi.h"
-
-#include "openssl/ssl.h"
 
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
 
-#include "lwip/sockets.h"
-#include "lwip/api.h"
+#include <sys/socket.h>
+#include <netdb.h>
 
-#include "user_config.h"
+#include "openssl/ssl.h"
 
 #define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
 #define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
 #define OPENSSL_DEMO_THREAD_PRORIOTY 6
 
-#define OPENSSL_DEMO_FRAGMENT_SIZE 8192
-
-#define OPENSSL_DEMO_LOCAL_TCP_PORT 1000
+#define OPENSSL_DEMO_LOCAL_TCP_PORT 9999
 
 #define OPENSSL_DEMO_TARGET_NAME "www.baidu.com"
 #define OPENSSL_DEMO_TARGET_TCP_PORT 443
 
-#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
+#define OPENSSL_DEMO_REQUEST "GET / HTTP/1.1\r\n\r\n"
 
 #define OPENSSL_DEMO_RECV_BUF_LEN 1024
 
@@ -56,21 +54,22 @@ static void openssl_demo_thread(void* p)
 
     int socket;
     struct sockaddr_in sock_addr;
-
-    ip_addr_t target_ip;
+    struct hostent* entry = NULL;
 
     int recv_bytes = 0;
 
     printf("OpenSSL demo thread start...\n");
 
+    /*get addr info for hostname*/
     do {
-        ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip);
-    } while (ret);
+        entry = gethostbyname(OPENSSL_DEMO_TARGET_NAME);
+        vTaskDelay(500 / portTICK_RATE_MS);
+    } while (entry == NULL);
 
-    printf("get target IP is %d.%d.%d.%d\n", (unsigned char)((target_ip.u_addr.ip4.addr & 0x000000ff) >> 0),
-           (unsigned char)((target_ip.u_addr.ip4.addr & 0x0000ff00) >> 8),
-           (unsigned char)((target_ip.u_addr.ip4.addr & 0x00ff0000) >> 16),
-           (unsigned char)((target_ip.u_addr.ip4.addr & 0xff000000) >> 24));
+    printf("get target IP is %d.%d.%d.%d\n", (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x000000ff) >> 0),
+           (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x0000ff00) >> 8),
+           (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0x00ff0000) >> 16),
+           (unsigned char)((((struct in_addr*)(entry->h_addr))->s_addr & 0xff000000) >> 24));
 
     printf("create SSL context ......");
     ctx = SSL_CTX_new(TLSv1_1_client_method());
@@ -82,23 +81,16 @@ static void openssl_demo_thread(void* p)
 
     printf("OK\n");
 
-    printf("set SSL context read buffer size ......");
-    SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE);
-    ret = 0;
-
-    if (ret) {
-        printf("failed, return %d\n", ret);
-        goto failed2;
-    }
-
-    printf("OK\n");
+    // The client will verify the certificate received from the server during the handshake.
+    // This is turned on by default in wolfSSL.
+    SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
 
     printf("create socket ......");
     socket = socket(AF_INET, SOCK_STREAM, 0);
 
     if (socket < 0) {
         printf("failed\n");
-        goto failed3;
+        goto failed2;
     }
 
     printf("OK\n");
@@ -112,7 +104,7 @@ static void openssl_demo_thread(void* p)
 
     if (ret) {
         printf("failed\n");
-        goto failed4;
+        goto failed3;
     }
 
     printf("OK\n");
@@ -120,13 +112,13 @@ static void openssl_demo_thread(void* p)
     printf("socket connect to remote ......");
     memset(&sock_addr, 0, sizeof(sock_addr));
     sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = target_ip.u_addr.ip4.addr;
+    sock_addr.sin_addr.s_addr = ((struct in_addr*)(entry->h_addr))->s_addr;
     sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);
     ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
 
     if (ret) {
         printf("failed\n");
-        goto failed5;
+        goto failed4;
     }
 
     printf("OK\n");
@@ -136,7 +128,7 @@ static void openssl_demo_thread(void* p)
 
     if (!ssl) {
         printf("failed\n");
-        goto failed6;
+        goto failed5;
     }
 
     printf("OK\n");
@@ -148,7 +140,7 @@ static void openssl_demo_thread(void* p)
 
     if (!ret) {
         printf("failed, return [-0x%x]\n", -ret);
-        goto failed7;
+        goto failed6;
     }
 
     printf("OK\n");
@@ -158,7 +150,7 @@ static void openssl_demo_thread(void* p)
 
     if (ret <= 0) {
         printf("failed, return [-0x%x]\n", -ret);
-        goto failed8;
+        goto failed7;
     }
 
     printf("OK\n\n");
@@ -176,15 +168,14 @@ static void openssl_demo_thread(void* p)
 
     printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME);
 
-failed8:
-    SSL_shutdown(ssl);
 failed7:
-    SSL_free(ssl);
+    SSL_shutdown(ssl);
 failed6:
+    SSL_free(ssl);
 failed5:
 failed4:
-    close(socket);
 failed3:
+    close(socket);
 failed2:
     SSL_CTX_free(ctx);
 failed1:
@@ -296,8 +287,8 @@ void user_init(void)
         // set AP parameter
         struct station_config config;
         bzero(&config, sizeof(struct station_config));
-        sprintf((char*)config.ssid, SSID);
-        sprintf((char*)config.password, PASSWORD);
+        sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
+        sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
         wifi_station_set_config(&config);
     }
 
diff --git a/examples/protocols/openssl_demo/main/user_config.h b/examples/protocols/openssl_demo/main/user_config.h
deleted file mode 100644
index 9e426a9c..00000000
--- a/examples/protocols/openssl_demo/main/user_config.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-   This example code is in the Public Domain (or CC0 licensed, at your option.)
-
-   Unless required by applicable law or agreed to in writing, this
-   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-   CONDITIONS OF ANY KIND, either express or implied.
-*/
-
-#ifndef __USER_CONFIG_H__
-#define __USER_CONFIG_H__
-
-#define SSID "UTT-750"
-#define PASSWORD "espressif"
-
-#endif
-
diff --git a/examples/protocols/openssl_demo/sdkconfig.defaults b/examples/protocols/openssl_demo/sdkconfig.defaults
new file mode 100644
index 00000000..7c66c1c1
--- /dev/null
+++ b/examples/protocols/openssl_demo/sdkconfig.defaults
@@ -0,0 +1,5 @@
+#
+# Override some defaults so wolfSSL is enabled
+# by default in this example
+#
+CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=8192
diff --git a/examples/protocols/openssl_server/main/openssl_server_example_main.c b/examples/protocols/openssl_server/main/openssl_server_example_main.c
index 947c242c..9e526592 100644
--- a/examples/protocols/openssl_server/main/openssl_server_example_main.c
+++ b/examples/protocols/openssl_server/main/openssl_server_example_main.c
@@ -22,6 +22,10 @@
 
 #include <sys/socket.h>
 
+#if CONFIG_SSL_USING_WOLFSSL
+#include "lwip/apps/sntp.h"
+#endif
+
 #include "openssl/ssl.h"
 
 #define OPENSSL_SERVER_THREAD_NAME "openssl_server"
@@ -59,6 +63,40 @@ static int send_bytes = sizeof(send_data);
 
 static char recv_buf[OPENSSL_SERVER_RECV_BUF_LEN];
 
+#if CONFIG_SSL_USING_WOLFSSL
+static void get_time()
+{
+    struct timeval now;
+    int sntp_retry_cnt = 0;
+    int sntp_retry_time = 0;
+
+    sntp_setoperatingmode(0);
+    sntp_setservername(0, "pool.ntp.org");
+    sntp_init();
+
+    while (1) {
+        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
+            vTaskDelay(100 / portTICK_RATE_MS);
+            gettimeofday(&now, NULL);
+        }
+
+        if (now.tv_sec < 1525952900) {
+            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
+
+            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
+                sntp_retry_cnt ++;
+            }
+
+            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
+            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
+        } else {
+            printf("SNTP get time success\n");
+            break;
+        }
+    }
+}
+#endif
+
 static void openssl_server_thread(void* p)
 {
     int ret;
@@ -73,6 +111,11 @@ static void openssl_server_thread(void* p)
 
     printf("OpenSSL server thread start...\n");
 
+#if CONFIG_SSL_USING_WOLFSSL
+    /* CA date verification need system time */
+    get_time();
+#endif
+
     printf("create SSL context ......");
     ctx = SSL_CTX_new(TLSv1_2_server_method());
 
@@ -84,10 +127,9 @@ static void openssl_server_thread(void* p)
     printf("OK\n");
 
     printf("load ca crt ......");
-    X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
+    ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);
 
-    if (cacrt) {
-        SSL_CTX_add_client_CA(ctx, cacrt);
+    if (ret) {
         printf("OK\n");
     } else {
         printf("failed\n");
@@ -117,9 +159,6 @@ static void openssl_server_thread(void* p)
     printf("set verify mode verify peer\n");
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
 
-    printf("set SSL context read buffer size ......OK\n");
-    SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_SERVER_FRAGMENT_SIZE);
-
     printf("create socket ......");
     sockfd = socket(AF_INET, SOCK_STREAM, 0);