SharkSSL Embedded SSL/TLS Client and Server

SharkSSL is a high-performance embedded TLS solution that is known for its small size, fast performance, and strong security features. With a range of compile-time options, SharkSSL can be customized to have a very small footprint of less than 20kB, while still providing full x.509 authentication and industry-standard encryption. As a TLS 1.3 and 1.2 stack, SharkSSL only includes the strongest perfect forward secrecy ciphers, making it an excellent choice for secure communication in a variety of applications. Whether you're working on a small project with limited resources or need a fast and reliable TLS solution for a larger deployment, SharkSSL is a great choice.

Extreme Optimization

The ANSI C and Assembly-optimized big-integer libraries deliver maximum performance providing the best alternative for embedded devices. SharkSSL supports all industry leading processors and may be used with or without hardware-assisted encryption.


  • TLS 1.3 & 1.2 Enterprise Level Security
  • Optimized C & Assembly
  • RTOS, HLOS, or Bare Metal
  • Supports Hardware Encryption


  • Elliptic Curves & Suite B
  • Pre-Integrated Crypto Libraries
  • Websocket Client & Server
  • Includes IoT & Security Tutorials
  • Certificate Management & Creation

How to TLS enable an embedded web server:

Are you planning on TLS enabling your web server product? If so, make sure to check out which ciphers to use for Embedded Web Servers.

Secure IoT & Web Protocols

The SharkSSL standalone package includes an Embedded Web Server and many other secure IoT protocols. The protocols are included at no additional cost.

SharkSSL Benchmark Results for ARM Cortex-M3

Complete secure IoT solution in 38Kb

A complete reference platform in
38K ROM and 13K RAM.

Optimized to take advantage of encryption acceleration, SharkSSL achieves unmatched throughput on ColdFire, Kinetis K60, and all the Cortex-M3 and -M4 processors. Available as source code, SharkSSL code can be implemented on any processor off the shelf. The SharkSSL library has been successfully deployed on ARM, Freescale, and PowerPC-based FPGA architectures. Other processors and accelerators can be accommodated upon request.

SharkSSL can be compiled in less than 20kB and without having to resort to cumbersome methods such as using pre-shared keys. We provide full x.509 certificate authentication in less than 20kB ROM.

The figure to the right shows our bare metal SharkSSL reference platform is a mere 38Kb ROM and 13Kb RAM. The reference platform includes application (demo) code, SharkMQ, SharkSSL, the uIP TCP/IP stack, and drivers, all in tiny 38Kb. Also, the complete RAM usage for the entire system is only 13Kb. As proof, we have made the linker's map file available for download. You may also download the reference material for the demo.

SharkSSL Benchmark

The online benchmark above includes some of our ciphers. We also provide a complete benchmark list for all ciphers. The list also includes the awesome speed of our assembler-optimized libraries. Please contact us, and we will send you the benchmark results as a PDF file.

SharkSSL Pricing

A SharkSSL source code evaluation version can be downloaded from our GitHub repository.

Bare-Metal or RTOS


Out-of-the-box operating system (OS) support includes INTEGRITY, MQX, SMX, Azure RTOS, embOS, VxWorks, QNX, FreeRTOS, uCLinux, MDK-ARM, Microchip, mbed, Mediatek, lwIP, uIP, Linux, and Windows.


Out-of-the-box support for uIP and lwIP in event-driven mode. All additional protocols and examples are ported to these two event-driven TCP/IP stacks. SharkSSL's transport agnostic API makes it easy to port the SSL stack to any bare-metal and/or hybrid hardware/software network stack.

Ciphers to use for Secure Embedded Web Servers

You may have heard of symmetric ciphers such as AES-126 and AES-256, but is the performance of these symmetric ciphers important when TLS enabling your embedded web server?

AES is a so-called symmetric cipher, and symmetric ciphers are much faster than asymmetric ciphers, but is this important? The answer is a definitive YES since a TLS-enabled web server ends up spending a considerable amount of time dealing with asymmetric encryption due to how the HTTP protocol works. Virtually no chip vendor provides hardware-accelerated asymmetric encryption, and this is why we have created the best-performing big number library to perform the asymmetric calculations. The library is particularly fast on Cortex type CPUs, in which we provide an assembler-optimized library.

As the word "web server" implies, it "serves", and therefore it is not in a position to control what modern web browsers demand. We have helped many companies that have initially failed at TLS enabling their embedded web server, as well as helped companies with other already TLS-enabled servers that have been too slow. A fast big number library is a big plus; however, it is more important to re-consider how an embedded web server should operate. To further help you as a developer, we created the Minnow Server with an included reference example that shows how to successfully design a secure and fast device management application for resource-constrained devices. See the following for details:

Are you planning on using an Embedded Web Server in a device?

If so, consider reading the following tutorials carefully as they may save you from serious problems down the road:

A few hours reading our tutorials may save you months of frustration.

AES Crypt Compatible

SharkSSL includes an AES crypt compatible decrypter plugin. AES crypt, together with the SharkSSL decrypted, enables tamper-resistant firmware distribution for embedded systems.