Tested code: mbed TLS is extensively tested with our continuous integration system. Easy integration with a small memory footprint: Tiny library: mbed TLS's memory footprint can get as small as 30k and averages below 110k. Easy to understand and use with a clean API: We offer readable code and a logical and readable API with API documentation and examples. Easy to reduce and expand the code: mbed TLS has no global code and has minimal coupling between its modules. So it's easy to just grab part and drop it into an existing project or add new functionality. Easy to build with no external dependencies: Except for basic libc calls, mbed TLS has no external dependencies on other libraries. Extremely portable: mbed TLS is used on many architectures, including x86/x64, ARM, PowerPC, MIPS and Motorola 68000 and OS'es like Windows, Linuxes, Unixes, Apple iOS, FreeRTOS, ThreadX, Android OS, XBox, SEGGER embOS, OpenWRT, eCOS, VxWorks and much more.

• SSL version 3.0 and TLS versions 1.0, 1.1 and 1.2 (client and server) • DTLS 1.0, 1.2 support (client and server) • Minimum footprint size of 20-100 kB, depending on build options and operating environment • Runtime memory usage between 1-36 kB (depending on I/O buffer sizes, public key algorithm, and key size) • OpenSSL compatibility layer • OCSP and CRL support • Multiple Hashing Functions: MD2, MD4, MD5, SHA-1, SHA-2, SHA-256, SHA-384, SHA-512, BLAKE2b, RIPEMD-160, Poly1305 • Block, Stream, and Authenticated Ciphers: AES (CBC, CTR, GCM, CCM), Camellia, DES, 3DES, ARC4, RABBIT, HC-128, ChaCha20, IDEA • Public Key Options: RSA, DSS, DH, EDH, NTRU • Password-based Key Derivation: HMAC, PBKDF2, PKCS#5 • ECC Support ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA • RSA Key Generation • Curve25519 and Ed25519 • Client authentication support • PSK Pre-Shared Keys • Simple API • Persistent session and certificate cache • zlib compression support • Interchangeable crypto and certificate libraries • PEM and DER certificate support • x509 v3 RSA and ECC Signed Certificate Generation • PKCS #7 - Cryptographic Message Syntax (CMS) • PKCS #10 - Certificate Signing Request (CSR) • PKCS #8, #5, #12 Private Key Encryption • Supported TLS Extensions: SNI (Server Name Indication) Maximum Fragment Length Truncated HMAC Supported Elliptic Curves ALPN • Certificate Manager • QSH (quantum-safe handshake) extension • SRP (Secure Remote Password) • Hardware Cryptography Support Intel AES-NI support Cavium NITROX support STM32F2/F4 hardware crypto support Freescale CAU / mmCAU / SEC Microchip PIC32MZ • SSL Sniffer (SSL Inspection) Support • IPv4 and IPv6 support • Abstraction Layers / User Callbacks C Standard Library, Custom I/O, Memory hooks, Logging callbacks, User Atomic Record Layer Processing, Public Key • MySQL integration • Lighttpd, GoAhead, Mongoose web server support • stunnel support • OpenSSH support