emSSL — Transport Layer Security
emSSL enables the creation of secure connections between a client and a server, typically over the Internet, using TCP/IP on the transport layer. The Secure Sockets Layer (SSL) is now referred to as Transport Layer Security (TLS).
Overview
emSSL offers all features for current TLS and includes its latest protocol versions. It is not covered by an open-source or required-attribution license and can be integrated in any free, commercial, or proprietary product without the obligation to disclose the combined source. emSSL is provided as source code and offers transparency for all included modules, allowing inspection by auditors.
The complete software is written in ANSI C and is compiler as well as target independent. It can be implemented in PC applications and in embedded software. emSSL is configurable. It is created for high performance and a low memory footprint. The library can be configured to fit any speed or size requirements. Unused features can be excluded, additional features can easily be added.
Key features
- Provides a secures connection
- Compatible with any modern server
- Source code is easy to understand
- Simple integration into an IoT environment
- No additional hardware required
- No royalties
Security
emSSL's cryptographic algorithms are tuned for speed and security and are validated by NIST. A plug-in cryptography interface delivers more performance from a wide range of cryptographic accelerators.
Efficiency
emSSL is designed for embedded systems and has a minimal RAM and ROM footprint. Because emSSL is modular, you only pay for what you use.
Availability
As emSSL is portable, it's possible to run on virtually any core and any compiler, and emSSL runs on Windows and Linux with ease. SEGGER can provide preconfigured support for a wide range of targets.
Time to market
emSSL is easy to use and easy to port delivering a fast time to market. With first-class support and outstanding documentation, emSSL is a solid investment.
Supported cipher suites
emSSL includes the most commonly used cipher suites, which allows connection to nearly every TLS-supporting server.
Performance
emSSL is built for high performance with target independent code. It is completely written in ANSI C and can be used in any embedded application, as well as in PC applications.
Memory footprint
That will depend entirely on the features that you select and the choices you make for the underlying implementation. Our hash functions and block ciphers are configurable to tune RAM, ROM, and performance to customer needs. You can choose a fast implementation and burn flash with precomputed lookup tables, or a lean implementation and run a little slower, using less RAM and ROM.
emCrypt
The foundation of all SEGGER security products - emSSL, emSSH, emSecure-RSA, and emSecure-ECDSA - is a cryptographic algorithm library toolkit.
Buyer’s guide
emSSL is a complete software package, designed for embedded systems and comes with everything which is needed to secure communication.
It includes all modules which implement the required functionality to use SSL. They are provided in source code, to allow complete control of the code that is used in the product and create transparency to avoid worries about possible back doors or weakness in code, which cannot be checked in precompiled libraries. emSSL comes with a simple, yet powerful API to make using emSSL in your product as easy as possible.
It also includes sample applications in binary and source code, which demonstrate how and when emSSL can be used in real life scenarios.
emSSL includes sample utilities and tools to show how to use emSSL.
The sample applications are available as executables for evaluation upon request.
| Application name | Description |
|---|---|
| SimpleWebClient | Get a webpage via HTTPS and print it to the console. |
| SimpleWebServer | A minimal web server using HTTPS |
| PrintCert | Read an X.509 SSL certificate and print its information to the console. |
| Scan | Scan a server for its supported cipher suites. |
| ROT13Server | A server that provides a ROT13 service |
| ROT13Client | A client that uses the ROT13 service |
Getting started
emSSL can be used even on small microcontrollers to serve websites on the Internet. The site https://license.segger.com is running on an emPower Board, featuring a Kinetis K60 Cortex-M4 microcontroller. It is powered by SEGGER software only.
emSSL is shipped with a number of examples that demonstrate TLS capability and how to integrate emSSL into your application.
- Browser—a minimal text-based web browser using HTTPS to retrieve web content
- WebServer—a minimal web server using HTTPS
- ROT13Server—A server that provides a ROT13 service.
- ROT13Client—A client that uses the ROT13 service.
Browsing websites with emSSL
Open a command line window on Windows and navigate to the Browser directory that contains the Browser.exe application. Once there, run Browser.exe and you should see something similar to this:
C:> browser
Connecting to www.segger.com...
...Redirecting to index.html
Connecting to www.segger.com...
* Home
* RTOS and Middleware
* J-Link Debug Probes
* Production Programmers
* Evaluate our software!
* Downloads
* Distributors
* Customers
* Partners
* Pricing
* Forum
* About us
...The browser opened a secure connection to the www.segger.com website on port 443 (the HTTPS port) and retrieved the HTML associated with the home page. It then processed the HTML markup to format the output nicely. The browser will work on any website that can support an HTTPS connection, but graphic-rich websites have a poor textual browsing experience.
Serving webpages with emSSL
Now open up a second command line window, navigate to the WebServer directory and run the WebServer.exe application. It is likely that you will see a dialog asking you to grant the web server application access to the network, which you should do. You should now see something like:
C:> webserver
(c) 2014-2015 SEGGER Microcontroller GmbH & Co. KG
www.segger.com
emSSL Simple Secure Web Server V1.02 compiled May 13 2015 09:38:20
Awaiting connection...The web server application is waiting for somebody to connect to it such that it can serve its small web page. Now we will connect emSSL to emSSL over a TLS connection — we are going to browse the website served by the WebServer application by using the Browser application. Back in the first window, type "browser 127.0.0.1:1234", the IP address of the local web server and the port it will serve on, and you will see:
C:> webserver
(c) 2014-2015 SEGGER Microcontroller GmbH & Co. KG
www.segger.com
emSSL Simple Secure Web Server V1.02 compiled May 13 2015 09:38:20
Awaiting connection...Here you will see the web page served by the emSSL web server. And in the web server window you will see:
C:> webserver
(c) 2014-2015 SEGGER Microcontroller GmbH & Co. KG
www.segger.com
emSSL Simple Secure Web Server V1.02 compiled May 13 2015 09:38:20
Awaiting connection...
Connection made, attempting to upgrade to secure...
Session is now secured by RSA-AES-256-GCM-WITH-SHA-384.
Socket closed by server.
Awaiting connection...This shows that both sides of the TLS connection are working correctly and the cipher suite that was agreed between them, RSA-AES-256-GCM-WITH-SHA-384 in this case, is the same on both sides.
To prove that this is no accident, you can point a standard web browser, such as Firefox or Chrome, to the local web server. Open your web browser and enter the URL "https://127.0.0.1:1234/index.html" into the address bar. You should now be greeted by a notification from the browser that the certificate presented is invalid — and it is, according to the browser, because you are browsing your own PC using a self-signed certificate rather than a fully-authenticated certificate for a website on the Internet. Accept the certificate or click "Advanced" and "Proceed to 127.0.0.1" and you should be greeted with a short web page served by emSSL on your PC.
Internet Explorer has some difficulties with locally-hosted websites serving what it thinks are invalid certificates, so it is better to use Chrome or Firefox in this case.
Hardware acceleration
emSSL offers support for various hardware accelerator; Kinetis CAU, STM32 CRYP, LPC18S and LPC43S, and EFM32 CRYPTO.
Licensing
emSSL is available under various Embedded Software License models and delivered in source code packages. With a wide range of licensing options, emSSL can fulfill commercial requirements as well as technical requirements. All licenses are one-time payments. emSSL is royalty-free and not subscription-based. This makes the software a part of the equipment expenses, keeping the costs static.
* Applies to second seat/product and all additional seats/products of the Single Product License and Single Developer License.
FAQ
Q: Can I use emSSL with my product?
A: Yes. emSSL can be integrated into nearly every product: it is independent from the target and native computer applications.
Q: Does emSSL support TLS?
A: Yes. emSSL supports TLS 1.0, 1.1 and 1.2.
Q: I want to connect to a specific server with only one cipher suite. Do I have to include the complete emSSL in my project?
A: No. emSSL lets users select which cipher suites to include. Unused modules can be removed from the project or not linked into the application, reducing the size to a minimum.
Q: I want to connect to a server on the Internet. Which cipher suites will I need?
A: This depends on the server one wants to connect to. emSSL includes an application to scan a server for its available cipher suites. If the server configuration does not change, only one of the available cipher suites needs to be included.
Q: Is emSSL vulnerable to a ROBOT Attack?
A: No. emSSL implements the countermeasures described in the TLS 1.2 protocol. No update is required.
Q: My question is not listed here. What can I do?
A: If you have any further questions about emSSL, please contact us.