diff --git a/pkgs/development/libraries/wolfssl/default.nix b/pkgs/development/libraries/wolfssl/default.nix
index ceb5bf0303b86..49c82d9f3fe21 100644
--- a/pkgs/development/libraries/wolfssl/default.nix
+++ b/pkgs/development/libraries/wolfssl/default.nix
@@ -54,10 +54,13 @@ stdenv.mkDerivation (finalAttrs: {
     # Increase TLS session cache from 33 sessions to 20k.
     "--enable-bigcache"
 
+  ] ++ lib.optionals (stdenv.hostPlatform.isx86_64) [
     # Use WolfSSL's Single Precision Math with timing-resistant cryptography.
     "--enable-sp=yes${lib.optionalString (stdenv.hostPlatform.isx86_64 || stdenv.hostPlatform.isAarch) ",asm"}"
     "--enable-sp-math-all"
+  ] ++ [
     "--enable-harden"
+
   ] ++ lib.optionals (stdenv.hostPlatform.isx86_64) [
     # Enable AVX/AVX2/AES-NI instructions, gated by runtime detection via CPUID.
     "--enable-intelasm"