Skip navigation

emSSL—Secure Sockets Layer

emSSL enables you to create secure connections between a client and a server, typically over the Internet, using TCP/IP. Don't leave your communications open, secure them with emSSL!

  • Secures your connection
  • Compatible with any modern server
  • Easy to understand source code
  • Simple to integrate into your IoT environment
  • No additional hardware required
  • No royalties



Why should I use emSSL?

  • emSSL offers all features for current TLS and includes its latest protocol versions.
  • emSSL is a high quality product designed to be used easily but without any cutbacks.
  • emSSL is not covered by an open-source or required-attribution license and can be integrated in any free, commercial, or proprietary product without the obligation to disclose the combined source.
  • emSSL is provided as source code and offers transparency for all included modules, allowing inspection by auditors.
  • emSSL is portable. The complete software is written in ANSI C and is compiler as well as target independent. It can be implemented in PC applications and in embedded software.
  • emSSL is configurable. It is created for high performance and a low memory footprint. The library can be configured to fit any speed or size requirements. Unused features can be excluded, additional features can easily be added.
Security Icon by SEGGER


emSSL's cryptographic algorithms are tuned for speed and security and are validated by NIST. A plug-in cryptography interface delivers more performance from a wide range of cryptographic accelerators.

embOS Resource Usage


emSSL is designed for embedded systems and has a minimal RAM and ROM footprint. Because emSSL is modular, you only pay for what you use.

embOS Ports list


As emSSL is portable, it's possible to run on virtually any core and any compiler, and emSSL runs on Windows and Linux with ease. SEGGER can provide preconfigured support for a wide range of targets.


Time to market

emSSL is easy to use and easy to port delivering a fast time to market.  With first-class support and outstanding documentation, emSSL is a solid investment.

Getting Started

Live Demonstration

emSSL can be used even on small microcontrollers to serve websites on the internet:

The site is running on an emPower Board, featuring a Kinetis K60 Cortex-M4 microcontroller. It is powered by SEGGER software only.



emSSL Sample Applications

emSSL is shipped with a number of examples that demonstrate TLS capability and how to integrate emSSL into your application:

  • Browser—a minimal text-based web browser using HTTPS to retrieve web content
  • WebServer—a minimal web server using HTTPS
  • ROT13Server—A server that provides a ROT13 service.
  • ROT13Client—A client that uses the ROT13 service.

Browsing Websites with emSSL

Open a command line window on Windows and navigate to the Browser directory that contains the Browser.exe application. Once there, run Browser.exe and you should see something similar to this:

C:> browser
Connecting to

...Redirecting to index.html
Connecting to

  * Home

  * RTOS and Middleware
  * J-Link Debug Probes
  * Production Programmers
  * Evaluate our software!
  * Downloads
  * Distributors
  * Customers
  * Partners
  * Pricing
  * Forum
  * About us

The browser opened a secure connection to the website on port 443 (the HTTPS port) and retrieved the HTML associated with the home page. It then processed the HTML markup to format the output nicely. The browser will work on any website that can support an HTTPS connection, but graphic-rich websites have a poor textual browsing experience.

Serving Webpages with emSSL

Now open up a second command line window, navigate to the WebServer directory and run the WebServer.exe application. It is likely that you will see a dialog asking you to grant the web server application access to the network, which you should do. You should now see something like:

C:> webserver

(c) 2014-2015 SEGGER Microcontroller GmbH & Co. KG
emSSL Simple Secure Web Server V1.02 compiled May 13 2015 09:38:20

Awaiting connection...

The web server application is waiting for somebody to connect to it such that it can serve its small web page. Now we will connect emSSL to emSSL over a TLS connection — we are going to browse the website served by the WebServer application by using the Browser application. Back in the first window, type "browser", the IP address of the local web server and the port it will serve on, and you will see:

C:> webserver

(c) 2014-2015 SEGGER Microcontroller GmbH & Co. KG
emSSL Simple Secure Web Server V1.02 compiled May 13 2015 09:38:20

Awaiting connection...

Here you will see the web page served by the emSSL web server. And in the web server window you will see:

C:> webserver

(c) 2014-2015 SEGGER Microcontroller GmbH & Co. KG
emSSL Simple Secure Web Server V1.02 compiled May 13 2015 09:38:20

Awaiting connection...
Connection made, attempting to upgrade to secure...
Session is now secured by RSA-AES-256-GCM-WITH-SHA-384.
Socket closed by server.
Awaiting connection...

This shows that both sides of the TLS connection are working correctly and the cipher suite that was agreed between them, RSA-AES-256-GCM-WITH-SHA-384 in this case, is the same on both sides.

To prove that this is no accident, you can point a standard web browser, such as Firefox or Chrome, to the local web server. Open your web browser and enter the URL "" into the address bar. You should now be greeted by a notification from the browser that the certificate presented is invalid — and it is, according to the browser, because you are browsing your own PC using a self-signed certificate rather than a fully-authenticated certificate for a website on the Internet. Accept the certificate or click "Advanced" and "Proceed to" and you should be greeted with a short web page served by emSSL on your PC.

Internet Explorer has some difficulties with locally-hosted websites serving what it thinks are invalid certificates, so it is better to use Chrome or Firefox in this case.

Buyer's Guide

The emSSL Package

emSSL is a complete software package, designed for embedded systems and comes with everything which is needed to secure communication.

It includes all modules which implement the required functionality to use SSL. They are provided in source code, to allow complete control of the code that is used in the product and create transparency to avoid worries about possible back doors or weakness in code, which cannot be checked in precompiled libraries. emSSL comes with a simple, yet powerful API to make using emSSL in your product as easy as possible.

It also includes sample applications in binary and source code, which demonstrate how and when emSSL can be used in real life scenarios. For a list of included applications, see the chapters below.

Included Applications

emSSL includes sample utilities and tools to show how to use emSSL. 
The sample applications are available as executables for evaluation upon request.

Application nameDescription
SimpleWebClientGet a webpage via HTTPS and print it to the console.
SimpleWebServerA minimal web server using HTTPS
PrintCertRead an X.509 SSL certificate and print its information to the console.
ScanScan a server for its supported cipher suites.
ROT13ServerA server that provides a ROT13 service
ROT13ClientA client that uses the ROT13 service

Example Application

This application opens a connection to the SEGGER web site and retrieves the HTML index document over a fully secured connection. As you can see, emSSL makes working with secure sockets a breeze!

int main(int argc, char * const argv[]) {
  SSL_SESSION Session;
  unsigned    Socket;
  int         Status;
  // Kick off networking and start TLS.
  // Open a plain socket to on the default
  // HTTPS port, 443.
  Socket = SYS_IP_Open("", 443);
  if (Socket < 0) {
    printf("Cannot open!\n");
    return 100;
  // Upgrade the connection to secure by negotiating a
  // session using TLS.
  SSL_Prepare(&Session, Socket, &TLS_IP_Transport);
  if (SSL_Connect(&Session, 0, "") < 0) {
    printf("Cannot negotiate a secure connection to!\n");
    return 100;
  // We have established a secure connection, so ask the server
  // for some data.  This sends an HTTP GET request to retrieve
  // the default index page.
  SSL_SendStr(&Session, "GET /index.html HTTP/1.0\r\n");
  SSL_SendStr(&Session, "Host:\r\n");
  SSL_SendStr(&Session, "\r\n");
  // Now read the response.  We requested HTTP 1.0 which causes
  // the underlying socket to be closed once the reply is complete,
  // so we have no need to decode the headers.
  for (;;) {
    char acBuf[256];
    Status = SSL_Receive(&Session, acBuf, sizeof(acBuf)-1);
    if (Status < 0) {
    acBuf[Status] = 0;
    printf("%s", acBuf);
  // Close the TLS connection.
  // Finish up.
  return 0;


The following table explains the abbrevations used in the cipher suite names.

3DES-EDETriple data encryption standard algorithm in encrypt-decrypt-encrypt mode.
AES-128/AES-256Advanced encryption standard algorithms.
CBCCipher block chaining mode for AES stream ciphers.
DHEEphemeral diffie-hellman key exchange algorithm.
ECDHElliptic curves diffie-hellman key exchange algorithm.
ECDHEEphemeral elliptic curves diffie-hellman key exchange algorithm.
ECDSAElliptic curves digital signature algorithm.
GCMGalois/Counter-mode for AES stream ciphers.
MD5Message-digest algorithm 5.
RC4RC4 stream cipher algorithm.
RSARivest, Shamir, Adleman crypto system algorithm.
SHASecure hash algorithm V1.
SHA-256/SHA-384Secure hash algorithms (V2).


Can I use emSSL with my product?

A: Yes. emSSL can be included in nearly every product, independent from the used target, as well as in native computer applications.

Does emSSL support TLS?

A: Yes. emSSL supports TLS 1.0, 1.1 and 1.2.

I want to connect to a specific server with only one cipher suite. Do I have to include the complete emSSL in my project?

A: No. emSSL allows to select which cipher suites will be included. Unused modules can be removed from the project or may not be linked into the application, reducing the size to a minimum.

I want to connect to a server on the internet. Which cipher suites will I need?

 A: This depends on the server you want to connect to. emSSL includes an application to scan a server for its available cipher suites. If the server configuration does not change, only one of the available cipher suites needs to be included.

Is emSSL vulnerable to the ROBOT Attack?

A: No. emSSL implements the countermeasures described in the TLS 1.2 protocol. No update is required.


My question is not listed here. What can I do?

A: If you have any further questions about emSSL, feel free to contact us at