SharkSSL Embedded SSL/TLS Client and Server

SharkSSL is the smallest, fastest, and best performing embedded TLS v1.0/1.1/1.2 solution. With its array of compile-time options, the small and fast SharkSSL can be fine-tuned to a light footprint that occupies less than 20kB, while maintaining full x.509 authentication, using industry standard encryption.

Extreme Optimization

The ANSI C and Assembly-optimized big-integer libraries deliver maximum performance providing the best alternative for embedded devices. SharkSSL supports all industry leading processors and may be used with or without hardware-assisted encryption.

SharkSSL is used by manufacturers to secure their Internet of Things (IoT) solutions.


  • Enterprise Level Security
  • Optimized C & Assembly
  • RTOS, HLOS, or Bare Metal
  • Supports Hardware Encryption


  • Elliptic Curves & Suite B
  • Pre-Integrated Crypto Libraries
  • Websocket Client & Server
  • Demonstrations for IoT Security
  • Certificate Management & Creation

SharkSSL Architecture Diagram

Embedded SSL/TLS block diagram

How to TLS enable an embedded web server:

Are you planning on TLS enabling your web server product? If so, make sure to check out which ciphers to use for Embedded Web Servers.

SharkSSL Benchmark Results for ARM Cortex-M3

Complete secure IoT solution in 38Kb

A complete reference platform in
38K ROM and 13K RAM.

Optimized to take advantage of encryption acceleration, SharkSSL achieves unmatched throughput on ColdFire, Kinetis K60, and all the Cortex-M3 and -M4 processors. Available as source code, SharkSSL code can be implemented on any processor off the shelf. The SharkSSL library has been successfully deployed on ARM, Freescale, and PowerPC-based FPGA architectures. Other processors and accelerators can be accommodated upon request.

SharkSSL can be compiled in less than 20kB and without having to resort to cumbersome methods such as using pre-shared keys. We provide full x.509 certificate authentication in less than 20kB ROM.

The figure to the right shows our bare metal SharkSSL reference platform is a mere 38Kb ROM and 13Kb RAM. The reference platform includes application (demo) code, SharkMQ, SharkSSL, the uIP TCP/IP stack, and drivers; all in tiny 38Kb. Also the complete RAM usage for the entire system is only 13Kb. As proof, we have made the linker's map file available for download. You may also download the reference material for the demo.

SharkSSL Benchmark

The online benchmark above includes some of our ciphers. We also provide a complete benchmark list for all ciphers. The list also includes the awesome speed of our assembler optimized libraries. Please contact us and we will send you the benchmark results as a PDF file.

SharkSSL Pricing

Bare-Metal or RTOS


Out-of-the-box operating system (OS) support includes INTEGRITY™, MQX™, SMX™, ThreadX™, embOS™, VxWorks™, QNX™, FreeRTOS™, uCLinux™, MDK-ARM™, Microchip, mbed™, Mediatek™, lwIP, uIP, Linux, and Windows™.


Out-of-the-box support for uIP and lwIP in event driven mode. All additional protocols and examples are ported to these two event driven TCP/IP stacks. SharkSSL's transport agnostic API makes it easy to port the SSL stack to any bare-metal and/or hybrid hardware/software network stack.

Secure (IoT) Protocols

The SharkSSL (standalone) package includes an Embedded Web Server and many other secure IoT protocols. The protocols are included at no additional cost.

Ciphers to use for Secure Embedded Web Servers

You may have heard of symmetric ciphers such as AES-126 and AES-256, but is the performance of these symmetric ciphers important when TLS enabling your embedded web server?

AES is a so called symmetric cipher, and symmetric ciphers are much faster than asymmetric ciphers, but is this important? The answer is a definitive YES since a TLS enabled web server ends up spending a considerable amount of time dealing with asymmetric encryption due to how the HTTP protocol works. Virtually no chip vendor provides hardware accelerated asymmetric encryption, and this is why we have created the best performing big number library to perform the asymmetric calculations. The library is particularly fast on Cortex type CPUs, in which we provide an assembler optimized library.

As the word "web server" implies, it "serves", and therefore it is not in a position to control what modern web browsers demand. We have helped many companies that have initially failed at TLS enabling their embedded web server, as well as helped companies with other already TLS enabled servers that have been too slow. A fast big number library is a big plus, however it is more important to re-consider how an embedded web server should operate. To further help you as a developer, we created the Minnow Server with an included reference example that shows how to successfully design a secure and fast device management application for resource constrained devices. See the following for details:

Are you planning on using an Embedded Web Server in a device?

If so, consider reading the following tutorials carefully as they may save you from serious problems down the road:

A few hours reading our tutorials may save you months of frustration.


Download and try our
ESP8266 SharkSSL FreeRTOS/lwIP IDE.

The ESP8266 is a low cost WiFi SoC built around a Tensilica Xtensa LX3 processor. The SharkSSL FreeRTOS/lwIP ESP8266 IDE provides an easy to use development environment for compiling SharkSSL IoT examples and for uploading these examples to an ESP8266. The IDE provides a complete development environment with no other tools required!

AES Crypt Compatible

SharkSSL includes an AES crypt compatible decrypter plugin. AES crypt together with the SharkSSL decrypter enables tamper resistant firmware distribution for embedded systems.