Alternatives to MbedTLS include OpenSSL, GnuTLS, LibreSSL, but TI prefers the usage of MbedTLS as MbedTLS has direct support in LwIP. MbedTLS can be ported over LwIP with minimal changes in existing LwIP configurations.

MbedTLS builds as an independent library which has hooks in LwIP for application layer APIs, which is discussed in detail in the next section. With detailed documentation and easy to use API, MbedTLS is a quick and efficient way to include security in your applications. MbedTLS APIs not only can be used in adding security to network communications but can be used across applications which need cryptographic implementations.

Moreover, MbedTLS provides a well-defined approach to offload the cryptographic operations from software to hardware. To note down a few, AES, SHA, RSA, ECDSA, ENTROPY, Timing functions, DES, ARIA, and so forth. can be offloaded to hardware. MbedTLS also provides an option to offload a subpart of cryptography, for example, offloading encryption to hardware and performing decryption on software, increasing the overall flexibility of optimization. Depending on factors such as clock speed of the CPU, RAM execution, Cache usage and so forth, the throughput can be optimized. On testing the same for TI Sitara™ AM2434, there was a 8-10x increase in throughput on hardware cryptography accelerator for AES encryption and decryption as compared to performing software cryptography (Note: This is not the benchmark number for performance of the hardware offloaded cryptography, the performance numbers are implementation specific and can be further improved). MbedTLS configurations are controlled by a header file which can be used to enable or disable the desired Cryptographic modules or even the cipher suites. This can be used to reduce the code size of the MbedTLS library.