emSSL offers all features for current TLS and includes its latest protocol versions. It is not covered by an open-source or required-attribution license and can be integrated in any free, commercial, or proprietary product without the obligation to disclose the combined source. emSSL is provided as source code in ANSI C and offers transparency for all included modules, allowing inspection by auditors.

It is both compiler and target independent. It can be implemented in embedded software as well as in PC applications and can run on Linux, macOS and Windows, with ease.

Designed for embedded systems, where every byte is precious, it has been fine-tuned for high performance and a low memory footprint in both RAM and ROM.

It is also configurable to match any speed or size requirements. Unused features can be excluded and additional features can easily be added.

Key features

  • Provides a secures connection
  • Compatible with any modern server
  • Source code is easy to understand
  • Simple integration into an IoT environment
  • No additional hardware required
  • No royalties


emSSL’s cryptographic algorithms have been validated by NIST. A plug-in cryptography interface delivers more performance from a wide range of cryptographic accelerators.


In addition to having a minimal memory footprint, emSSL is modular, enabling the user to license only the modules to be used.


It can be used with almost any compiler and run on almost any core, on Linux, macOS and Windows, with ease. SEGGER can also provide preconfigured support for a wide range of targets.

Time to market

emSSL’s easy of use and implementation, together with first-class support and outstanding documentation, equates to a fast time to market.

Supported cipher suites

emSSL includes the most commonly used cipher suites, which allows connection to nearly every TLS-supporting server.


emSSL is built for high performance with target independent code. It is completely written in ANSI C and can be used in any embedded application, as well as in PC applications.

Memory footprint

That will depend entirely on the features that you select and the choices you make for the underlying implementation. Our hash functions and block ciphers are configurable to tune RAM, ROM, and performance to customer needs. You can choose a fast implementation and burn flash with precomputed lookup tables, or a lean implementation and run a little slower, using less RAM and ROM.


The foundation of all SEGGER security products – emSSL, emSSH, emSecure-RSA, and emSecure-ECDSA – is a cryptographic algorithm library toolkit.

Buyer’s guide

emSSL is a complete software package, designed for embedded systems and comes with everything which is needed to secure communication.

It includes all modules which implement the required functionality to use SSL. They are provided in source code, to allow complete control of the code that is used in the product and create transparency to avoid worries about possible back doors or weakness in code, which cannot be checked in precompiled libraries. emSSL comes with a simple, yet powerful API to make using emSSL in your product as easy as possible.

It also includes sample applications in binary and source code, which demonstrate how and when emSSL can be used in real life scenarios.

emSSL includes sample utilities and tools to show how to use emSSL.

Application nameDescription
SimpleWebClientGet a webpage via HTTPS and print it to the console.
SimpleWebServerA minimal web server using HTTPS
PrintCertRead an X.509 SSL certificate and print its information to the console.
ScanScan a server for its supported cipher suites.
ROT13ServerA server that provides a ROT13 service
ROT13ClientA client that uses the ROT13 service

Getting started

emSSL can be used even on small microcontrollers to serve websites on the Internet.

emSSL is shipped with a number of examples that demonstrate TLS capability and how to integrate emSSL into your application.

  • Browser—a minimal text-based web browser using HTTPS to retrieve web content
  • WebServer—a minimal web server using HTTPS
  • ROT13Server—A server that provides a ROT13 service.
  • ROT13Client—A client that uses the ROT13 service.

Browsing websites with emSSL

Open a command line window on Windows and navigate to the Browser directory that contains the Browser.exe application. Once there, run Browser.exe and you should see something similar to this:

emSSL Webpages

The browser opened a secure connection to the segger.com website on port 443 (the HTTPS port) and retrieved the HTML associated with the home page. It then processed the HTML markup to format the output nicely. The browser will work on any website that can support an HTTPS connection, but graphic-rich websites have a poor textual browsing experience.

Serving webpages with emSSL

Now open up a second command line window, navigate to the WebServer directory and run the WebServer.exe application. It is likely that you will see a dialog asking you to grant the web server application access to the network, which you should do. You should now see something like:

emSSL Webpages

The web server application is waiting for somebody to connect to it such that it can serve its small web page. Now we will connect emSSL to emSSL over a TLS connection — we are going to browse the website served by the WebServer application by using the Browser application. Back in the first window, type “browser”, the IP address of the local web server and the port it will serve on, and you will see:

emSSL Webpages

Here you will see the web page served by the emSSL web server. And in the web server window you will see:

emSSL Webpages

This shows that both sides of the TLS connection are working correctly and the cipher suite that was agreed between them, RSA-AES-256-GCM-WITH-SHA-384 in this case, is the same on both sides.

To prove that this is no accident, you can point a standard web browser, such as Firefox or Chrome, to the local web server. Open your web browser and enter the URL “” into the address bar. You should now be greeted by a notification from the browser that the certificate presented is invalid — and it is, according to the browser, because you are browsing your own PC using a self-signed certificate rather than a fully-authenticated certificate for a website on the Internet. Accept the certificate or click “Advanced” and “Proceed to” and you should be greeted with a short web page served by emSSL on your PC.

Internet Explorer has some difficulties with locally-hosted websites serving what it thinks are invalid certificates, so it is better to use Chrome or Firefox in this case.

Hardware acceleration

emSSL offers support for various hardware accelerator; Kinetis CAU, STM32 CRYP, LPC18S and LPC43S, and EFM32 CRYPTO.


emSSL is available under various Embedded Software License models and delivered in source code packages. With a wide range of licensing options, emSSL can fulfill commercial requirements as well as technical requirements. All licenses are one-time payments. emSSL is royalty-free and not subscription-based. This makes the software a part of the equipment expenses, keeping the costs static.

* Applies to second seat/product and all additional seats/products of the Single Product License and Single Developer License.