Intel SGX has started to be widely adopted. Cloud providers (Microsoft Azure, IBM Cloud, Alibaba Cloud) are offering new solutions, implementing data-in-use protection via SGX. A major challenge faced by both academia and industry is providing transparent SGX support to legacy applications. The approach with the highest consensus is linking the target software with SGX-extended libc libraries. Unfortunately, the increased security entails a dramatic performance penalty, which is mainly due to the intrinsic overhead of context switches, and the limited size of protected memory. Performance optimization is non-trivial since it depends on key parameters whose manual tuning is a very long process. We present the architecture of an automated tool, called SGXTuner , which is able to find the best setting of SGX-extended libc library parameters, by iteratively adjusting such parameters based on continuous monitoring of performance data. The tool is — to a large extent — algorithm agnostic. We decided to base the current implementation on a particular type of stochastic optimization algorithm, specifically Simulated Annealing . A massive experimental campaign was conducted on a relevant case study. Three client-server applications — Memcached , Redis , and Apache — were compiled with SCONE's sgx-musl and tuned for best performance. Results demonstrate the effectiveness of SGXTuner .