EthernetClientSecure
EthernetClientSecure is a lightweight library designed to enable TLS/SSL-secured Ethernet communication on ESP32-based systems.
Project Introduction
EthernetClientSecure is a lightweight library designed to enable TLS/SSL-secured Ethernet communication on ESP32-based systems.
It combines Ethernet3 and SSLClient to provide a secure client interface for Ethernet applications, allowing developers to build encrypted connections with server authentication and optional mutual TLS support.
What makes this project especially interesting is that it does not primarily rely on the ESP32’s native lwIP software networking path.
Instead, it is built on top of the W5500 Ethernet controller’s hardware socket architecture, using the transport capabilities already implemented inside the W5500 chip and then adding TLS on top through SSLClient.
Key Characteristics
1. Built around W5500 hardware sockets, not the typical lwIP-centric flow
Rather than using the ESP32 as the main TCP/IP processing engine, this project uses Ethernet3, which is designed for the W5500 Ethernet controller.
This means the actual Ethernet and TCP connection handling follows the W5500 socket model, where socket open, connect, send, and receive operations are managed through the controller’s hardware registers and command interface.
2. TLS is layered on top of W5500-based Ethernet transport
The W5500 already provides a hardwired TCP/IP stack, so the role of the ESP32 in this project is not to implement the full Ethernet stack in software.
Instead, the ESP32 works with the W5500 as the lower communication layer, while SSLClient adds the TLS security layer on top.
In other words, this project is best understood as a secure wrapper over W5500-based Ethernet communication, rather than a native ESP32 lwIP Ethernet implementation.
3. Practical Arduino-style secure networking
Another advantage of this approach is compatibility with the Arduino ecosystem.SSLClient is designed to add TLS to libraries that implement the Arduino Client interface, and Ethernet3 provides that Ethernet-side client layer for the W5500.
As a result, this project offers a practical way to create a secure Ethernet client in an Arduino-style programming model without building a new networking stack from scratch.
4. Supports certificate-based secure communication
The project is not limited to simple encrypted communication.
It also supports certificate validation through trust anchors and can be extended to mutual TLS (mTLS) by loading a client certificate and private key.
This makes it suitable for embedded and IoT applications that require stronger authentication and secure communication channels.
Ethernet3
Ethernet3 is an Arduino Ethernet library for the W5500, designed to provide an easy-to-use, high-level networking interface for embedded applications. It simplifies TCP, UDP, DHCP, and socket-based communication while leveraging the W5500’s hardware TCP/IP engine.
| Item | Ethernet3 + SSLClient | ioLibrary / Bare-metal W5500 |
|---|---|---|
| Networking base | W5500 hardware socket-based TCP/IP | W5500 hardware socket-based TCP/IP |
| Software abstraction | High-level Arduino-style API | Low-level socket and driver API |
| Ease of use | Easy to use in Arduino applications | Requires more low-level integration work |
| TLS support | Straightforward with SSLClient | Not directly provided in Arduino Client form |
| Best fit | Rapid application development | Platform porting and low-level embedded development |
| Flexibility | Simpler but more opinionated | More flexible and hardware-oriented |
What is EthernetClientSecure?
EthernetClientSecure is a secure Ethernet client library for Arduino and ESP32 that adds TLS/SSL support over Ethernet connections. It wraps SSLClient and EthernetClient to provide certificate validation and optional mutual TLS (mTLS) support in a simple embedded-friendly interface.
Does EthernetClientSecure use ESP32 lwIP for Ethernet communication?
EthernetClientSecure is designed around EthernetClient and SSLClient, not around the ESP32’s native lwIP-based Ethernet stack. In this project structure, Ethernet transport is handled through the underlying Ethernet client layer, while TLS is added by SSLClient on top. This makes the library especially suitable for W5500-based hardware socket Ethernet designs rather than a native lwIP-centered software networking path.
How does EthernetClientSecure work?
EthernetClientSecure works by combining an Ethernet transport client with a TLS layer.
The lower layer manages Ethernet communication, and SSLClient adds secure TLS functionality, including server certificate verification and optional client authentication. This allows embedded developers to build secure Ethernet applications without implementing a separate TLS stack from scratch.