Mbed TLS is now part of TrustedFirmware.org.

SSL Library

What does an SSL library do?

An SSL library handles the complexities of the Secure Sockets Layer (SSL) protocol for an application. It is more likely that an SSL library, like mbed TLS or PolarSSL, will handle the Transport Layer Security (TLS) protocol instead, as SSL is mostly outdated.

What is SSL?

SSL libraries implement the SSL protocol. The SSL protocol, or more accurately its successor TLS, is a standardized technology for establishing a secure, encrypted and authenticated link between two parties over an insecure network. SSL is an industry standard and is used in millions of devices and websites. The SSL protocol derives most of its security from using SSL certificates to identify and authenticate different parties.

Why mbed TLS?

Other SSL libraries can be difficult to use. The mbed TLS SSL library is designed with your happiness in mind and is a great alternative to OpenSSL. The library is documented and has examples so you can easily understand how to use it. More information on complex issues is available in our Knowledge Base. And if you need support, you can use our Discussion Forum to ask your question or contact us directly.

Check out our Features for more details!

Background: Difference between SSL / TLS

The TLS protocol is the successor of the SSL protocol. Just like its predecessor, the TLS protocol provides communication security for connections over possibly untrusted networks, like the Internet. The main difference between TLS and SSL is the increased standardization of the workings of the protocol. SSL itself was designed and developed by Netscape. The newer TLS standard is defined in a number of public RFCs and is extended periodically to counter possible weaknesses or add much needed functionality.

Background: Parts of an SSL library

In order to perform the SSL or TLS protocol, an SSL library needs to perform a number of supporting functionality. The SSL library needs to perform symmetric cryptographic operations, such as AES, to encrypt the data over the connection. The SSL library uses asymmetric cryptographic operations, such as RSA, for identifying and authenticating the parties of the connection. An SSL library uses message digest operations, such as the SHA-256 hash algorithm, to protect the integrity of the information sent over the wire. In addition an SSL library needs to be able to parse, understand and use X.509 certificates. And finally an SSL library has to perform network operations to send and receive the protocol packets. All of this is hidden from most users and wrapped inside an SSL library, such as mbed TLS, which developers can use to implement SSL or TLS in their applications.