Secure Sockets User Guide clarification needed

The Secure Sockets library User Guide says this in the Usage Restrictions section:

Only TCP sockets are supported by the FreeRTOS Secure Sockets library. UDP sockets are not supported.

Server APIs are not supported by the FreeRTOS Secure Sockets library, except for a lightweight IP (lwIP) implementation of the server side Bind API. Client APIs are supported.

But the Dependencies and requirements section says this:

The FreeRTOS Secure Sockets library depends on a TCP/IP stack and on a TLS implementation. Ports for FreeRTOS meet these dependencies in one of three ways:

  • A custom implementation of both TCP/IP and TLS
  • A custom implementation of TCP/IP, and the FreeRTOS TLS layer with mbedTLS
  • FreeRTOS+TCP and the FreeRTOS TLS layer with mbedTLS

I’m confused by this - if lwIP is required (as stated in the Usage Restrictions) then why does the dependencies not say lwIP is required, instead it says you can use FreeRTOS+TCP?

Also, lwIP + mbed TLS supports client APIs - so then why doesn’t FreeRTOS if it’s just using lwIP and mbed TLS?


The secure sockets abstraction is just that - an abstraction - you can provide an implementation of that abstraction using any TCP/IP stack and TLS stack of your choice. If you are using a common combination of these, then the implementation will already exist. The abstraction is intended to provide outbound client sockets - hence it doesn’t cover the whole Berkeley sockets API. I think at some point there may have been a bind() added for a particular use case - maybe needed after placing a Wi-Fi stack into AP mode.

If you are using coreMQTT then secure sockets is optional as it uses a simple transport interface (which can be implemented using secure sockets if you wish - but normal just to use the native TCP interface).