Secure networking for resource-constrained environments

Tuxera TCP/IP Stack is our highly optimized TCP/IP solution designed to provide secure network communications for embedded devices. Our networking solution has all the connectivity components you need, with a small footprint, high throughput, and low CPU cycle operation. It supports IPv4 and IPv6 standards, and is available for virtually any 32- or 64-bit microcontroller, RTOS, or development toolset.

Get TCP/IP overview now

Why choose Tuxera TCP/IP Stack

Our TCP/IP stacks integrate easily with any RTOS and are designed for high performance on embedded microcontrollers.

All the included software components are developed with a rigorous approach to quality, using a strongly typed subset of the “C” language. Tuxera supplies quality verification including a full MISRA-compliant static analysis report.

The software features precision-engineered static memory management, fully exploits dedicated memory areas and cache, and does not create unnecessary copies. An innovative approach to design has resulted in an extremely high-speed data transfer rate – with minimal system resource requirements – specifically targeting embedded applications that need a TCP/IP stack to have a small footprint, high throughput, and low CPU cycle operation.

Tuxera’s networking solution provides an extensive set of protocols and applications, and support for both IPv4 and IPv6 standards. A “clean” proprietary stack, developed specifically for embedded systems, provides unrivalled performance and security. When it comes to cyber security, the efficient code size of Tuxera TCP/IP Stack makes it easy to analyze and verify any potential security threats, plus it’s easier to maintain.

Where Tuxera TCP/IP Stack makes an impact

Automotive event recorder and telematics

Automotive embedded systems

Industrial applications

Extend memory lifetime

Medical appliances

Tuxera TCP/IP technical features and modules

Key technical features

  • Fully MISRA-compliant
  • Supports both IPv4 and IPv6
  • Integrates with both RTOS and non-RTOS based systems
  • Small RAM and ROM footprint
  • High performance
  • Multiple network interfaces support
  • Extensive set of secure protocols and applications
  • Routing module provided
  • Native and Sockets interface support
  • Wide range of TCP and UDP applications
  • Fast/zero copy between network interfaces where common memory pools are defined
  • Mechanisms to ensure authenticity, integrity, and confidentiality between devices in a network
Tuxera TCP/IP Stacks architecture diagram
Tuxera TCPIP Stack architecture diagram

Read more in the Tuxera TCP/IP Stack overview.

Download now

Tuxera TCP/IP Stack standard modules

Our TCP/IP stack includes all the standard modules and connectivity features you expect – plus we go above and beyond to provide enhanced features with the following specialized modules. Read more about some of our most-requested TCP/IP modules below.


MQTT is a small, low-bandwidth networking protocol ideally suited for connecting embedded applications that are remotely monitored through an internet connection. Tuxera’s MQTT implementation runs on its trusted TCP/IP stack and uses verifiable TLS for secure connections.


Network Address Translation (NAT) allows an organization to set up a network using private addresses, while still allowing its members to communicate over the public Internet.


Tuxera’s SNMP module provides a consistent and reliable way to share information between devices connected on a network. Our high-quality SNMPv2 and SNMPv3 implementation provides embedded devices with secure network management capability. Using SNMP, engineers can monitor device operation and usage, detect network faults or inappropriate access, and configure remote devices. Tuxera’s robust SNMP module is designed for use on a wide variety of network devices, and optimized for minimal impact on managed nodes, low transport overheads, and robust fault tolerance.

Other modules

Ethernet low-level drivers, PPP Driver

Data link
Ethernet Interface, Serial (PPP) low-level driver





Read more in the Tuxera TCP/IP Stack overview.

Download now

Secure communications over networks

Our security applications and protocols enable a consistent, secure, and reliable way to share data between embedded devices on a network. Read more about our network security modules below.


The Extensible Authentication Protocol (EAP) framework is designed to support secure connections for embedded devices. We provide support for many “flavors” of EAP and the framework easily extends to include other protocols. Commonly used algorithms include EAPOL, EAP-TLS, EAP-IKEv2, and EAP-MD5.


Enrollment over Secure Transport (EST) is used for authenticated/authorized endpoint certificate enrollment. EST-CoAP uses the Constrained Application Protocol (CoAP) instead of HTTP for Internet of Things (IoT) devices with low-resource environments.

HTTPS Secure Server, HTTPS Secure Client

Our flexible web server solution for embedded systems allows the creation of dynamic content within a highly secure environment. It operates as a request-response protocol in the client/server model. The secure client may be a web browser, while an application hosting a website may be the secure server. HTTPS resources are identified and located on the network using Uniform Resource Identifiers (URIs). HTTPS secure operation relies on Tuxera’s Transport Layer Security (TLS) module.

IPsec and IKE

Our IPSec module ensures integrity, confidentiality, and authentication between two devices in a network. Internet Key Exchange is used by IPsec to set up security associations. Like other components in Tuxera TCP/IP Stack, our IPSec and IKE modules use a strong development process to ensure the modules are reliable and secure.


Media Access Control Security (MACsec) provides security on point-to-point Ethernet links or shared Ethernet networks, giving confidentiality, integrity, and authenticity of user data. Our MACsec implementation can be integrated with both RTOS and non-RTOS based systems, is (MCU/CPU) platform independent, and is provided with fully tested reference drivers, plus complete documentation.


Tuxera’s Secure Shell (SSH) is a portable, low footprint server that runs as an application on our IPv4 and IPv6 stacks. It creates a secure socket connection that can be used for executing menu commands or for tunneling data between the clients and servers of other applications. The SSH module includes the SSH Authentication, Transport Layer, and Connection Layer protocols. The protocol layers coexist, with each layer supporting multiple simultaneous sessions.

Secure Copy (SCP) and SSH File Transfer Protocol (SFTP) are related secure file transfer protocol modules that use an SSH connection to encrypt passwords and data during transfers.


Our verifiable Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) is a highly optimized, quality-assured software module designed to provide secure network communications for embedded devices. It provides a framework for secure communication in networks based on the TCP/IP or UDP protocols. Tuxera’s implementation supports TLS 1.0, 1.1, 1.2, and 1.3, and DTLS 1.0, 1.2, and 1.3.

Read more in the Tuxera TCP/IP Stack overview.

Download now

Tuxera CryptoCore™ module for encryption over networks

Our encryption module is a premium add-on to Tuxera TCP/IP Stack, and is necessary to provide secure networking. It allows developers to secure embedded systems using multiple encryption or hash algorithms through a uniform interface. Using a well-defined interface shortens development time, as developers can encrypt data stored on flash or transmitted across a network. Such security is necessary to block potential hackers searching for a backdoor to access embedded system data. Developed using a formal process, Tuxera CryptoCore undergoes verification to ensure stability and enhanced integrity. It is delivered with a full MISRA compliance report. This level of verifiable quality in the area of security and encryption stands in direct contrast with the widely used ‘code-then-test’ methods, which have resulted in serious security breaches. Tuxera CryptoCore provides full certificate management. Available algorithms include AES, 3DES, DSS, ECC, EDH, MD5, RSA, SHA and Tiger.

Read more in the Tuxera TCP/IP Stack overview.

Download now

Get Tuxera TCP/IP Stack

For software evaluations, pricing quotes, and more detailed technical specifications, contact us.

Pricing and evaluations