SharkSSL Embedded SSL/TLS Client and Server

SharkSSL is the smallest, fastest, and best performing embedded TLS v1.0/1.1/1.2 solution. With its array of compile-time options, the small and fast SharkSSL can be fine-tuned to a light footprint that occupies less than 20kB, while maintaining full x.509 authentication, using industry standard encryption.

Extreme Optimization

The ANSI C and Assembly-optimized big-integer libraries deliver maximum performance providing the best alternative for embedded devices. SharkSSL supports all industry leading processors and may be used with or without hardware-assisted encryption.

SharkSSL is used by manufacturers to secure their Internet of Things (IoT) solutions.


  • Enterprise Level Security
  • Optimized C & Assembly
  • RTOS, HLOS, or Bare Metal
  • Supports Hardware Encryption


  • Elliptic Curves & Suite B
  • Pre-Integrated Crypto Libraries
  • Websocket Client & Server
  • Demonstrations for IoT Security
  • Certificate Management & Creation

SharkSSL Architecture Diagram

Embedded SSL/TLS block diagram

Download SharkSSL

SharkSSL Benchmark Results for ARM Cortex-M3

Optimized to take advantage of encryption acceleration, SharkSSL achieves unmatched throughput on ColdFire, Kinetis K60, and all the Cortex-M3 and -M4 processors. Available as source code, SharkSSL code can be implemented on any processor off the shelf. The SharkSSL library has been successfully deployed on ARM, Freescale, and PowerPC-based FPGA architectures. Other processors and accelerators can be accommodated upon request.

SharkSSL can be compiled in less than 20kB and without having to resort to cumbersome methods such as using pre-shared keys. We provide full x.509 certificate authentication in less than 20kB ROM.

The figure to the right shows our bare metal SharkSSL reference platform is a mere 38Kb ROM and 13Kb RAM. The reference platform includes application (demo) code, SharkMQ, SharkSSL, the uIP TCP/IP stack, and drivers; all in tiny 38Kb. Also the complete RAM usage for the entire system is only 13Kb. As proof, we have made the linker's map file available for download.

SharkSSL Benchmark

Complete secure IoT solution in 38Kb

A complete reference platform in 38K ROM and 13K RAM.

The online benchmark above includes some of our ciphers. We also provide a complete benchmark list for all ciphers. The list also includes the awesome speed of our assembler optimized libraries. Please contact us and we will send you the benchmark results as a PDF file.

Bare-Metal or RTOS


Out-of-the-box operating system (OS) support includes INTEGRITY™, MQX™, SMX™, ThreadX™, embOS™, VxWorks™, QNX™, FreeRTOS™, uCLinux™, MDK-ARM™, Microchip, mbed™, Mediatek™, lwIP, uIP, Linux, and Windows™.


Out-of-the-box support for uIP and lwIP in event driven mode. All additional protocols and examples are ported to these two event driven TCP/IP stacks. SharkSSL's transport agnostic API makes it easy to port the SSL stack to any bare-metal and/or hybrid hardware/software network stack.

Additional Protocols and Software

The SharkSSL (standalone) package includes many helpful examples and demonstrations that focus on implementing practical protocol scenarios for memory constrained microcontroller environments. The below links provide more information for each example program.