Jump to content
Wikipedia The Free Encyclopedia

Comparison of TLS implementations

From Wikipedia, the free encyclopedia
This article is about TLS libraries comparison. For cryptographic libraries comparison, see Comparison of cryptography libraries.
"Secure Transport" redirects here. For the transportation of valuables, see Armored car (valuables).

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.

Overview

[edit ]
Implementation Developed by Open source Software license Copyright holder Written in Latest stable version, release date Origin
Botan Jack Lloyd Yes Simplified BSD License Jack Lloyd C++ 3.8.1 (May 7, 2025; 6 months ago (2025年05月07日)[1] ) [±] US (Vermont)
BoringSSL Google Yes OpenSSL-SSLeay dual-license, ISC license Eric Young, Tim Hudson, Sun, OpenSSL project, Google, and others C, C++, Go, assembly ?? Australia/EU
Bouncy Castle The Legion of the Bouncy Castle Inc. Yes MIT License Legion of the Bouncy Castle Inc. Java, C#
Java1.81 / June 4, 2025; 5 months ago (2025年06月04日)[2]
Java LTSBC-LJA 2.73.7 / November 8, 2024; 12 months ago (2024年11月08日)[3]
Java FIPSBC-FJA 2.0.0 / July 30, 2024; 15 months ago (2024年07月30日)[4]
C#2.6.1 / May 22, 2025; 5 months ago (2025年05月22日)[5]
C# FIPSBC-FNA 1.0.2 / March 11, 2024; 19 months ago (2024年03月11日)[6]
Australia
BSAFE Dell, formerly RSA Security No Proprietary Dell Java, C, assembly SSL-J 6.6 (July 2, 2024; 16 months ago (2024年07月02日)[7] ) [±]

SSL-J 7.3.1 (October 7, 2024; 13 months ago (2024年10月07日)[8] ) [±]
Micro Edition Suite 5.0.3 (December 3, 2024; 11 months ago (2024年12月03日)[9] ) [±]

Australia
cryptlib Peter Gutmann Yes Sleepycat License and commercial license Peter Gutmann C 3.4.8 (April 30, 2025; 6 months ago (2025年04月30日)[10] ) [±] NZ
GnuTLS GnuTLS project Yes LGPL-2.1-or-later Free Software Foundation C 3.8.10[11]  Edit this on Wikidata 2025年07月09日 EU (Greece and Sweden)
Java Secure Socket Extension (JSSE) Oracle Yes GNU GPLv2 and commercial license Oracle Java

25 LTS (September 16, 2025; 54 days ago (2025年09月16日)[12] ) [±]
21.0.5 LTS (October 15, 2024; 12 months ago (2024年10月15日)[13] ) [±]
17.0.13 LTS (October 15, 2024; 12 months ago (2024年10月15日)[14] ) [±]
11.0.25 LTS (October 15, 2024; 12 months ago (2024年10月15日)[15] ) [±]
8u431 LTS (October 15, 2024; 12 months ago (2024年10月15日)[16] ) [±]

US
LibreSSL OpenBSD Project Yes Apache-1.0, BSD-4-Clause, ISC, and public domain Eric Young, Tim Hudson, Sun, OpenSSL project, OpenBSD Project, and others C, assembly 4.2.1[17]  Edit this on Wikidata 2025年10月31日 Canada
MatrixSSL [18] PeerSec Networks Yes GNU GPLv2+ and commercial license PeerSec Networks C 4.2.2 (September 11, 2019; 6 years ago (2019年09月11日) [19] ) [±] US
Mbed TLS (previously PolarSSL) Arm Yes Apache License 2.0, GNU GPLv2+ and commercial license Arm Holdings C 4.0.0[20] Edit this on Wikidata (15 October 2025; 25 days ago (15 October 2025)) [±] EU (Netherlands)
Network Security Services (NSS) Mozilla, AOL, Red Hat, Sun, Oracle, Google and others Yes MPL 2.0 NSS contributors C, assembly
Standard3.84 / October 12, 2022; 3 years ago (2022年10月12日)[21]
Extended Support Release3.79.1 / August 18, 2022; 3 years ago (2022年08月18日)[21]
US
OpenSSL OpenSSL project Yes Apache-2.0 [a] Eric Young, Tim Hudson, Sun, OpenSSL project, and others C, assembly 3.6.0[22]  Edit this on Wikidata 2025年10月01日 Australia/EU
Rustls Joe Birr-Pixton, Dirkjan Ochtman, Daniel McCarney, Josh Aas, and open source contributors Yes Apache-2.0, MIT License and ISC Open source contributors Rust v0.23.31 (July 29, 2025; 3 months ago (2025年07月29日)[23] ) [±] United Kingdom
s2n Amazon Yes Apache License 2.0, GNU GPLv2+ and commercial license Amazon.com, Inc. C Continuous US
Schannel Microsoft No Proprietary Microsoft Corporation Windows 11, 2021年10月05日 US
Secure Transport Apple Inc. Yes APSL 2.0 Apple Inc. 57337.20.44 (OS X 10.11.2), 2015年12月08日 US
wolfSSL (previously CyaSSL) wolfSSL[24] Yes GNU GPLv3+ and commercial license wolfSSL Inc.[25] C, assembly 5.8.2 (July 17, 2025; 3 months ago (2025年07月17日)[26] ) [±] US
Erlang/OTP SSL application Ericsson Yes Apache License 2.0 Ericsson Erlang OTP-21, 2018年06月19日 Sweden
Implementation Developed by Open source Software license Copyright owner Written in Latest stable version, release date Origin
  1. ^ Apache-2.0 for OpenSSL 3.0 and later releases. OpenSSL-SSLeay dual-license for any release before OpenSSL 3.0.

TLS/SSL protocol version support

[edit ]

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated[27] protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.[28] TLS 1.1 (2006) fixed only one of the problems, by switching to random initialization vectors (IV) for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC 7366.[29] A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011.[30] In 2014, the POODLE vulnerability of SSL 3.0 was discovered, which takes advantage of the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.[31]

TLS 1.2 (2008) introduced a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).[32]

Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012.[33]

TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2.

Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2.

Implementation SSL 2.0 (insecure)[34] SSL 3.0 (insecure)[35] TLS 1.0 (deprecated)[36] TLS 1.1 (deprecated)[37] TLS 1.2 [38] TLS 1.3 DTLS 1.0 (deprecated)[39] DTLS 1.2 [33] DTLS 1.3
Botan No No[40] No No Yes Yes No Yes No
BoringSSL Yes Yes Yes Yes Yes Yes No
Bouncy Castle No No Yes Yes Yes Yes Yes Yes No
BSAFE SSL-J[41] No Disabled by default No[a] No[a] Yes Yes No No No
cryptlib No No Yes Yes Yes Yes No No No
GnuTLS No[b] Disabled by default[42] Yes Yes Yes Yes[43] Yes Yes No
JSSE No[b] Disabled by default[44] Disabled by default[45] Disabled by default[45] Yes Yes Yes Yes No
LibreSSL No[46] No[47] Yes Yes Yes Yes Yes Yes[48] No
MatrixSSL No Disabled by default at compile time[49] Yes Yes Yes Yes Yes Yes No
Mbed TLS No No[50] No[50] No[50] Yes Yes
(experimental) 		Yes[51] Yes[51] No
NSS No[c] Disabled by default[52] Yes Yes[53] Yes[54] Yes[55] Yes[53] Yes[56] No
OpenSSL No[57] Disabled by default Yes Yes[58] Yes[58] Yes Yes Yes[59] No
Rustls No[60] No[60] No[60] No[60] Yes[60] Yes[60] No No No
s2n [61] No Disabled by default Yes Yes Yes Yes No No No
Schannel XP, 2003[62] Disabled by default in MSIE 7 Enabled by default Enabled by default in MSIE 7 No No No No No No
Schannel Vista[63] Disabled by default Enabled by default Yes No No No No No No
Schannel 2008[63] Disabled by default Enabled by default Yes Disabled by default (KB4019276) Disabled by default (KB4019276) No No No No
Schannel 7, 2008R2[64] Disabled by default Disabled by default in MSIE 11 Yes Enabled by default in MSIE 11 Enabled by default in MSIE 11 No Yes[65] No[65] No
Schannel 8, 2012[64] Disabled by default Enabled by default Yes Disabled by default Disabled by default No Yes No No
Schannel 8.1, 2012R2, 10 RTM & v1511[64] Disabled by default Disabled by default in MSIE 11 Yes Yes Yes No Yes No No
Schannel 10 v1607 / 2016[66] No Disabled by default Yes Yes Yes No Yes Yes No
Schannel 11 / 2022[67] No Disabled by default Yes Yes Yes Yes Yes Yes No
Secure Transport

OS X 10.2–10.7, iOS 1–4

Yes Yes Yes No No No No No
Secure Transport OS X 10.8–10.10, iOS 5–8 No[d] Yes Yes Yes[d] Yes[d] Yes[d] No No
Secure Transport OS X 10.11, iOS 9 No No[d] Yes Yes Yes Yes Unknown No
Secure Transport OS X 10.13, iOS 11 No No[d] Yes Yes Yes Yes
(draft version)[68] 		Yes Unknown No
wolfSSL No Disabled by default[69] Disabled by default[70] Yes Yes Yes Yes Yes Yes
Erlang/OTP SSL application[71] No [e] No [f] Disabled by default [e] Disabled by default [e] Yes Partially [g] Disabled by default [e] Yes No
Implementation SSL 2.0 (insecure)[34] SSL 3.0 (insecure)[35] TLS 1.0 (deprecated)[36] TLS 1.1 (deprecated)[37] TLS 1.2 [38] TLS 1.3 DTLS 1.0 (deprecated)[39] DTLS 1.2 [33] DTLS 1.3
  1. ^ a b As of SSL-J 7.0, support for TLS 1.0 and 1.1 has been removed
  2. ^ a b SSL 2.0 client hello is supported for backward compatibility reasons even though SSL 2.0 is not supported.
  3. ^ Server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages."NSS 3.24 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2016年08月26日. Retrieved 2016年06月19日.
  4. ^ a b c d e f Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012年05月03日.
  5. ^ a b c d Since OTP 22
  6. ^ Since OTP 23
  7. ^ "Erlang OTP SSL application TLS 1.3 compliance table".

NSA Suite B Cryptography

[edit ]

Required components for NSA Suite B Cryptography (RFC 6460) are:

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

Implementation TLS 1.2 Suite B
Botan Yes
Bouncy Castle Yes
BSAFE Yes[41]
cryptlib Yes
GnuTLS Yes
JSSE Yes[72]
LibreSSL Yes
MatrixSSL Yes
Mbed TLS Yes
NSS No[73]
OpenSSL Yes[59]
Rustls Yes[60]
S2n
Schannel Yes[74]
Secure Transport No
wolfSSL Yes
Implementation TLS 1.2 Suite B

Certifications

[edit ]

Note that certain certifications have received serious negative criticism from people who are actually involved in them.[75]

Implementation FIPS 140-1, FIPS 140-2 [76] FIPS 140-3
Level 1 Level 2[disputeddiscuss ] Level 1
Botan [77]
Bouncy Castle BC-FJA 2.0.0 (#4743)
BC-FJA 2.1.0 (#4943)
BC-FNA 1.0.2 (#4416
BSAFE SSL-J[78] Crypto-J 6.0 (1785, 1786)
Crypto-J 6.1 / 6.1.1.0.1 (2057, 2058)
Crypto-J 6.2 / 6.2.1.1 (2468, 2469)
Crypto-J 6.2.4 (3172, 3184)
Crypto-J 6.2.5 (#3819, #3820)
Crypto-J 6.3 (#4696, #4697) 		Crypto-J 7.0 (4892)
cryptlib [79]
GnuTLS [80] Red Hat Enterprise Linux GnuTLS Cryptographic Module (#2780)
JSSE
LibreSSL [46] no support
MatrixSSL [81] SafeZone FIPS Cryptographic Module: 1.1 (#2389)
Mbed TLS [82]
NSS [83] Network Security Services: 3.2.2 (#247)
Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837) 		Netscape Security Module: 1 (#7[notes 1] ), 1.01 (#47[notes 2] )
Network Security Services: 3.2.2 (#248[notes 3] )
Network Security Services Cryptographic Module: 3.11.4 (#814[notes 4] ), 3.12.4 (#1279, #1280[notes 5] )
OpenSSL [84] OpenSSL FIPS Object Module: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051)
2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)
Rustls aws-lc FIPS module[85] (#4759)
Schannel [86] Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8
See details on Microsoft FIPS 140 Validated Cryptographic Modules
Secure Transport Apple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701)
Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016)
Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7, #2020, #2021)
wolfSSL [87] wolfCrypt FIPS Module: 4.0 (#3389)
See details on NIST certificate for validated Operating Environments
wolfCrypt FIPS Module: 3.6.0 (#2425)
See details on NIST certificate for validated Operating Environments 		wolfCrypt FIPS Module (#4178)
See details on NIST certificate
Implementation Level 1 Level 2 Level 1
FIPS 140-1, FIPS 140-2 FIPS 140-3
  1. ^ with Sun Sparc 5 w/ Sun Solaris v 2.4SE (ITSEC-rated)
  2. ^ with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated)
  3. ^ with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1
  4. ^ with these platforms; Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU, Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU
  5. ^ with these platforms; Red Hat Enterprise Linux v5 running on an IBM System x3550, Red Hat Enterprise Linux v5 running on an HP ProLiant DL145, Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation, Sun Solaris 10 5/08 running on a Sun W2100z workstation

Key exchange algorithms (certificate-only)

[edit ]

This section lists the certificate verification functionality available in the various implementations.

Implementation RSA [38] RSA-EXPORT (insecure)[38] DHE-RSA (forward secrecy)[38] DHE-DSS (forward secrecy)[38] ECDH-ECDSA [88] ECDHE-ECDSA (forward secrecy)[88] ECDH-RSA [88] ECDHE-RSA (forward secrecy)[88] GOST R 34.10-94, 34.10-2001[89]
Botan Disabled by default No Yes Disabled by default No Yes No Yes No
BSAFE Yes No Yes Yes Yes Yes Yes Yes No
cryptlib Yes No Yes Yes Yes Yes No Yes No
GnuTLS Yes No Yes Disabled by default[42] No Yes No Yes No
JSSE Yes Disabled by default Yes Yes Yes Yes Yes Yes No
LibreSSL Yes No[46] Yes Yes No Yes No Yes Yes[90]
MatrixSSL Yes No Yes No Yes Yes Yes Yes No
Mbed TLS Yes No Yes No Yes Yes Yes Yes No
NSS Yes Disabled by default Yes[91] Yes Yes Yes Yes Yes No[92] [93]
OpenSSL Yes No[57] Yes Disabled by default[57] No Yes No Yes Yes[94]
Rustls No No No No No Yes[60] No Yes[60] No
Schannel XP/2003 Yes Yes No XP: Max 1024 bits
2003: 1024 bits only 		No No No No No[95]
Schannel Vista/2008 Yes Disabled by default No 1024 bits by default[96] No Yes No except AES_GCM No[95]
Schannel 8/2012 Yes Disabled by default AES_GCM only[97] [98] [99] 1024 bits by default[96] No Yes No except AES_GCM No[95]
Schannel 7/2008R2, 8.1/2012R2 Yes Disabled by default Yes 2048 bits by default[96] No Yes No except AES_GCM No[95]
Schannel 10 Yes Disabled by default Yes 2048 bits by default[96] No Yes No Yes No[95]
Secure Transport OS X 10.6 Yes Yes except AES_GCM Yes Yes except AES_GCM yes except AES_GCM No
Secure Transport OS X 10.8-10.10 Yes No except AES_GCM No Yes except AES_GCM Yes except AES_GCM No
Secure Transport OS X 10.11 Yes No Yes No No Yes No Yes No
wolfSSL Yes No Yes No Yes Yes Yes Yes No
Erlang/OTP SSL application Yes No Yes Yes Yes Yes Yes Yes No
Implementation RSA [38] RSA-EXPORT (insecure)[38] DHE-RSA (forward secrecy)[38] DHE-DSS (forward secrecy)[38] ECDH-ECDSA [88] ECDHE-ECDSA (forward secrecy)[88] ECDH-RSA [88] ECDHE-RSA (forward secrecy)[88] GOST R 34.10-94, 34.10-2001[89]

Key exchange algorithms (alternative key-exchanges)

[edit ]
Implementation SRP [100] SRP-DSS [100] SRP-RSA [100] PSK-RSA [101] PSK [101] DHE-PSK (forward secrecy)[101] ECDHE-PSK (forward secrecy)[102] KRB5 [103] DH-ANON[38] (insecure) ECDH-ANON[88] (insecure)
Botan No No No No Yes No Yes No No No
BSAFE SSL-J No No No No Yes[104] No No No Disabled by default Disabled by default
cryptlib No No No No Yes Yes No No No No
GnuTLS Yes Yes Yes Yes Yes Yes Yes No Disabled by default Disabled by default
JSSE No No No No No No No No Disabled by default Disabled by default
LibreSSL No[105] No[105] No[105] No No No No No Yes Yes
MatrixSSL No No No Yes Yes Yes No No Disabled by default No
Mbed TLS No No No Yes Yes Yes Yes No No No
NSS No[106] No[106] No[106] No[107] No[107] No[107] No[107] No Client side only, disabled by default[108] Disabled by default[109]
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes[110] Disabled by default[111] Disabled by default[111]
Rustls No No No No No No No No No No
Schannel No No No No No No No Yes No No
Secure Transport No No No No No No No Unknown Yes Yes
wolfSSL Yes Yes Yes Yes Yes Yes Yes[112] Yes No No
Erlang/OTP SSL application Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default No No Disabled by default Disabled by default
Implementation SRP [100] SRP-DSS [100] SRP-RSA [100] PSK-RSA [101] PSK [101] DHE-PSK (forward secrecy)[101] ECDHE-PSK (forward secrecy)[102] KRB5 [103] DH-ANON[38] (insecure) ECDH-ANON[88] (insecure)

Certificate verification methods

[edit ]
Implementation Application-defined PKIX path validation[113] CRL [114] OCSP [115] DANE (DNSSEC)[116] [117] CT [118]
Botan Yes Yes Yes Yes No Unknown
Bouncy Castle Yes Yes Yes Yes Yes Unknown
BSAFE Yes Yes Yes Yes No Unknown
cryptlib Yes Yes Yes Yes No Unknown
GnuTLS Yes Yes Yes Yes Yes Unknown
JSSE Yes Yes Yes Yes No No
LibreSSL Yes Yes Yes Yes No Unknown
MatrixSSL Yes Yes Yes Yes[119] No Unknown
Mbed TLS Yes Yes Yes No[120] No Unknown
NSS Yes Yes Yes Yes No[121] Unknown
OpenSSL Yes Yes Yes Yes Yes Yes
Rustls Yes Yes Yes No No No
s2n No [122] Unknown [123] Unknown [124]
Schannel Unknown Yes Yes[125] Yes[125] No Unknown
Secure Transport Yes Yes Yes Yes No Unknown
wolfSSL Yes Yes Yes Yes No Unknown
Erlang/OTP SSL application Yes Yes Yes No No Unknown
Implementation Application-defined PKIX path validation CRL OCSP DANE (DNSSEC) CT

Encryption algorithms

[edit ]
Implementation Block cipher with mode of operation Stream cipher None
AES GCM
[126] 		AES CCM
[127] 		AES CBC Camellia GCM
[128] 		Camellia CBC
[129] [128] 		ARIA GCM
[130] 		ARIA CBC
[130] 		SEED CBC
[131] 		3DES EDE CBC
(insecure)[132] 		GOST 28147-89 CNT
(proposed)
[89] [n 1] 		ChaCha20-Poly1305
[133] 		Null
(insecure)
[n 2]
Botan Yes Yes Yes Yes Yes No No Disabled by default Disabled by default No Yes[134] Not implemented
BoringSSL Yes No Yes No No No No No Yes No Yes
BSAFE SSL-J Yes Yes Yes No No No No No Disabled by default No No Disabled by default
cryptlib Yes No Yes No No No No No Yes No No Not implemented
GnuTLS Yes Yes[42] Yes Yes Yes No No No Disabled by default[135] No Yes[136] Disabled by default
JSSE Yes No Yes No No No No No Disabled by default[137] No Yes
(JDK 12+)[138] 		Disabled by default
LibreSSL Yes[46] No Yes No Yes[90] No No No[46] Yes Yes[90] Yes[46] Disabled by default
MatrixSSL Yes No Yes No No No No Yes Disabled by default No Yes[139] Disabled by default
Mbed TLS Yes Yes [140] Yes Yes Yes Yes[141] Yes[141] No No[50] No Yes[142] Disabled by default at compile time
NSS Yes[143] No Yes No[144] [n 3] Yes[145] No No Yes[146] Yes No[92] [93] Yes[147] Disabled by default
OpenSSL Yes[148] Disabled by default[57] Yes No Disabled by default[57] Disabled by default[149] No Disabled by default[57] Disabled by default[57] Yes[94] Yes[57] Disabled by default
Rustls Yes[60] No No No No No No No No No Yes[60] Not implemented
Schannel XP/2003 No No 2003 only[150] No No No No No Yes No[95] No Disabled by default
Schannel Vista/2008, 2008R2, 2012 No No Yes No No No No No Yes No[95] No Disabled by default
Schannel 7, 8, 8.1/2012R2 Yes except ECDHE_RSA
[97] [98] 		No Yes No No No No No Yes No[95] No Disabled by default
Schannel 10 [151] Yes No Yes No No No No No Yes No[95] No Disabled by default
Secure Transport OS X 10.6 - 10.10 No No Yes No No No No No Yes No No Disabled by default
Secure Transport OS X 10.11 Yes No Yes No No No No No Yes No No Disabled by default
wolfSSL Yes Yes Yes No No No No No Yes No Yes Disabled by default
Erlang/OTP SSL application Yes No Yes No No No No No Disabled by default No Experimental Disable by default
Implementation Block cipher with mode of operation Stream cipher None
AES GCM
[126] 		AES CCM
[127] 		AES CBC Camellia GCM
[128] 		Camellia CBC
[129] [128] 		ARIA GCM
[130] 		ARIA CBC
[130] 		SEED CBC
[131] 		3DES EDE CBC
(insecure)[132] 		GOST 28147-89 CNT
(proposed)
[89] [n 1] 		ChaCha20-Poly1305
[133] 		Null
(insecure)
[n 2]
Notes
  1. ^ a b This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.
  2. ^ a b authentication only, no encryption
  3. ^ This algorithm is implemented in an NSS fork used by Pale Moon.

Obsolete algorithms

[edit ]
Implementation Block cipher with mode of operation Stream cipher
IDEA CBC
[n 1] (insecure)[153] 		DES CBC
(insecure)
[n 1] 		DES-40 CBC
(EXPORT, insecure)
[n 2] 		RC2-40 CBC
(EXPORT, insecure)
[n 2] 		RC4-128
(insecure)
[n 3] 		RC4-40
(EXPORT, insecure)
[n 4] [n 2]
Botan No No No No No[154] No
BoringSSL No No No No Disabled by default at compile time No
BSAFE SSL-J No Disabled by default Disabled by default No Disabled by default Disabled by default
cryptlib No Disabled by default at compile time No No Disabled by default at compile time No
GnuTLS No No No No Disabled by default[42] No
JSSE No Disabled by default Disabled by default No Disabled by default Disabled by default [155]
LibreSSL Yes Yes No[46] No[46] Yes No[46]
MatrixSSL Yes No No No Disabled by default No
Mbed TLS No Disabled by default at compile time No No Disabled by default at compile time[51] No
NSS Yes Disabled by default Disabled by default Disabled by default Lowest priority[156] [157] Disabled by default
OpenSSL Disabled by default[57] Disabled by default No[57] No[57] Disabled by default No[57]
Rustls No No No No No No
Schannel XP/2003 No Yes Yes Yes Yes Yes
Schannel Vista/2008 No Disabled by default Disabled by default Disabled by default Yes Disabled by default
Schannel 7/2008R2 No Disabled by default Disabled by default Disabled by default Lowest priority
will be disabled soon[158] 		Disabled by default
Schannel 8/2012 No Disabled by default Disabled by default Disabled by default Only as fallback Disabled by default
Schannel 8.1/2012R2 No Disabled by default Disabled by default Disabled by default Disabled by default[158] Disabled by default
Schannel 10 [151] No Disabled by default Disabled by default Disabled by default Disabled by default[158] Disabled by default
Secure Transport OS X 10.6 Yes Yes Yes Yes Yes Yes
Secure Transport OS X 10.7 Yes Unknown Unknown Unknown Yes Unknown
Secure Transport OS X 10.8-10.9 Yes Disabled by default Disabled by default Disabled by default Yes Disabled by default
Secure Transport OS X 10.10-10.11 Yes Disabled by default Disabled by default Disabled by default Lowest priority Disabled by default
Secure Transport macOS 10.12 Yes Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default
wolfSSL Disabled by default[159] No No No Disabled by default No
Erlang/OTP SSL application no Disabled by default no no Disabled by default no
Implementation Block cipher with mode of operation Stream cipher
IDEA CBC
[n 1] (insecure)[153] 		DES CBC
(insecure)
[n 1] 		DES-40 CBC
(EXPORT, insecure)
[n 2] 		RC2-40 CBC
(EXPORT, insecure)
[n 2] 		RC4-128
(insecure)
[n 3] 		RC4-40
(EXPORT, insecure)
[n 4] [n 2]
Notes
  1. ^ a b c d IDEA and DES have been removed from TLS 1.2.[152]
  2. ^ a b c d e f 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later.
  3. ^ a b The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465.
  4. ^ a b The RC4 attacks weaken or break RC4 used in SSL/TLS.

Supported elliptic curves

[edit ]

This section lists the supported elliptic curves by each implementation.

Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier)

[edit ]
applicable TLS version TLS 1.3 and earlier TLS 1.2 and earlier
Implementation secp256r1
prime256v1
NIST P-256
(0x0017,[160] 23[161] ) 		secp384r1
NIST P-384
(0x0018,[160] 24[161] ) 		secp521r1
NIST P-521
(0x0019,[160] 25[161] ) 		X25519
(0x001D,[160] 29[161] ) 		X448
(0x001E,[160] 30[161] ) 		brainpoolP256r1
(26)[162] 		brainpoolP384r1
(27)[162] 		brainpoolP512r1
(28)[162]
Botan Yes Yes Yes Yes[134] No Yes[163] Yes[163] Yes[163]
BoringSSL Yes Yes Yes (disabled by default) Yes No No No No
BSAFE Yes Yes Yes No No No No No
GnuTLS Yes Yes Yes Yes[164] Yes[165] No No No
JSSE Yes Yes Yes Yes
x25519: JDK 13+[166]
Ed25519:JDK 15+[167] 		Yes
x448: JDK 13+[166]
Ed448: JDK 15+[167] 		No No No
LibreSSL Yes Yes Yes Yes[168] No Yes[46] Yes[46] Yes[46]
MatrixSSL Yes Yes Yes TLS 1.3 only[169] No Yes Yes Yes
Mbed TLS Yes Yes Yes Primitive only[170] Primitive only[171] Yes[172] Yes[172] Yes[172]
NSS Yes Yes Yes Yes[173] No[174] [175] No[176] No[176] No[176]
OpenSSL Yes Yes Yes Yes[177] [178] Yes[179] [180] Yes[59] Yes[59] Yes[59]
Rustls Yes Yes No Yes No No No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 Yes Yes Yes No No No No No
Secure Transport Yes Yes Yes No No No No No
wolfSSL Yes Yes Yes Yes[181] Yes[182] Yes Yes Yes
Erlang/OTP SSL application Yes Yes Yes No No Yes Yes Yes
Implementation secp256r1
prime256v1
NIST P-256
(0x0017, 23) 		secp384r1
NIST P-384
(0x0018, 24) 		secp521r1
NIST P-521
(0x0019, 25) 		X25519
(0x001D, 29) 		X448
(0x001E, 30) 		brainpoolP256r1
(26) 		brainpoolP384r1
(27) 		brainpoolP512r1
(28)

Deprecated curves in RFC 8422

[edit ]
Implementation sect163k1
NIST K-163
(1)[88] 		sect163r1
(2)[88] 		sect163r2
NIST B-163
(3)[88] 		sect193r1
(4)[88] 		sect193r2
(5)[88] 		sect233k1
NIST K-233
(6)[88] 		sect233r1
NIST B-233
(7)[88] 		sect239k1
(8)[88] 		sect283k1
NIST K-283
(9)[88] 		sect283r1
NIST B-283
(10)[88] 		sect409k1
NIST K-409
(11)[88] 		sect409r1
NIST B-409
(12)[88] 		sect571k1
NIST K-571
(13)[88] 		sect571r1
NIST B-571
(14)[88]
Botan No No No No No No No No No No No No No No
BoringSSL No No No No No No No No No No No No No No
BSAFE Yes No Yes No No Yes Yes No Yes Yes Yes Yes Yes Yes
GnuTLS No No No No No No No No No No No No No No
JSSE Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b]
LibreSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
MatrixSSL No No No No No No No No No No No No No No
Mbed TLS No No No No No No No No No No No No No No
NSS Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Rustls No No No No No No No No No No No No No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 No No No No No No No No No No No No No No
Secure Transport No No No No No No No No No No No No No No
wolfSSL No No No No No No No No No No No No No No
Erlang/OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Implementation sect163k1
NIST K-163
(1) 		sect163r1
(2) 		sect163r2
NIST B-163
(3) 		sect193r1
(4) 		sect193r2
(5) 		sect233k1
NIST K-233
(6) 		sect233r1
NIST B-233
(7) 		sect239k1
(8) 		sect283k1
NIST K-283
(9) 		sect283r1
NIST B-283
(10) 		sect409k1
NIST K-409
(11) 		sect409r1
NIST B-409
(12) 		sect571k1
NIST K-571
(13) 		sect571r1
NIST B-571
(14)
Implementation secp160k1
(15)[88] 		secp160r1
(16)[88] 		secp160r2
(17)[88] 		secp192k1
(18)[88] 		secp192r1
prime192v1
NIST P-192
(19)[88] 		secp224k1
(20)[88] 		secp224r1
NIST P-244
(21)[88] 		secp256k1
(22)[88] 		arbitrary prime curves
(0xFF01)[88] [185] 		arbitrary char2 curves
(0xFF02)[88] [185]
Botan No No No No No No No No No No
BoringSSL No No No No No No Yes No No No
BSAFE No No No No Yes No Yes No No No
GnuTLS No No No No Yes No Yes No No No
JSSE Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] Notes[a] [b] No No
LibreSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
MatrixSSL No No No No Yes No Yes No No No
Mbed TLS No No No Yes Yes Yes Yes Yes No No
NSS Yes Yes Yes Yes Yes Yes Yes Yes No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
Rustls No No No No No No No No No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 No No No No No No No No No No
Secure Transport No No No No Yes No No No No No
wolfSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
Erlang/OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes No No
Implementation secp160k1
(15) 		secp160r1
(16) 		secp160r2
(17) 		secp192k1
(18) 		secp192r1
prime192v1
NIST P-192
(19) 		secp224k1
(20) 		secp224r1
NIST P-244
(21) 		secp256k1
(22) 		arbitrary prime curves
(0xFF01) 		arbitrary char2 curves
(0xFF02)
Notes
  1. ^ a b c d e f g h i j k l m n o p q r s t u v These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]
  2. ^ a b c d e f g h i j k l m n o p q r s t u v These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

Data integrity

[edit ]
Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA256/384 AEAD GOST 28147-89 IMIT
[89] 		GOST R 34.11-94
[89]
Botan No Yes Yes Yes No No
BSAFE Yes Yes Yes Yes No No
cryptlib Yes Yes Yes Yes No No
GnuTLS Yes Yes Yes Yes No No
JSSE Disabled by Default Yes Yes Yes No No
LibreSSL Yes Yes Yes Yes Yes
[90] 		Yes
[90]
MatrixSSL Yes Yes Yes Yes No No
Mbed TLS Yes Yes Yes Yes No No
NSS Yes Yes Yes Yes No
[92] [93] 		No
[92] [93]
OpenSSL Yes Yes Yes Yes Yes
[94] 		Yes
[94]
Rustls No No No Yes No No
Schannel XP/2003, Vista/2008 Yes Yes XP SP3, 2003 SP2 via hotfix
[186] 		No No
[95] 		No
[95]
Schannel 7/2008R2, 8/2012, 8.1/2012R2 Yes Yes Yes except ECDHE_RSA
[97] [98] [99] 		No
[95] 		No
[95]
Schannel 10 Yes Yes Yes Yes
[151] 		No
[95] 		No
[95]
Secure Transport Yes Yes Yes Yes No No
wolfSSL Yes Yes Yes Yes No No
Erlang/OTP SSL application Yes Yes Yes Yes No No
Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA256/384 AEAD GOST 28147-89 IMIT GOST R 34.11-94

Compression

[edit ]

Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.

Implementation DEFLATE[187]
(insecure)
Botan No
BSAFE [41] No
cryptlib No
GnuTLS Disabled by default
JSSE No
LibreSSL No[46]
MatrixSSL Disabled by default
Mbed TLS Disabled by default
NSS Disabled by default
OpenSSL Disabled by default
Rustls No
Schannel No
Secure Transport No
wolfSSL Disabled by default
Erlang/OTP SSL application No
Implementation DEFLATE

Extensions

[edit ]

In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security [citation needed ]. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.

Implementation Secure Renegotiation
[188] 		Server Name Indication
[189] 		ALPN
[190] 		Certificate Status Request
[189] 		OpenPGP
[191] 		Supplemental Data
[192] 		Session Ticket
[193] 		Keying Material Exporter
[194] 		Maximum Fragment Length
[189] 		Encrypt-then-MAC
[29] 		TLS Fallback SCSV
[195] 		Extended Master Secret
[196] 		ClientHello Padding
[197] 		Raw Public Keys
[198]
Botan Yes Yes Yes[199] No No No Yes Yes Yes Yes Yes[200] Yes[201] No Unknown
BSAFE SSL-J Yes Yes No Yes No No No No Yes No No Yes No No
cryptlib Yes Yes No No No Yes No No No[202] Yes Yes Yes No Unknown
GnuTLS Yes Yes Yes[203] Yes No[204] Yes Yes Yes Yes Yes[42] Yes[205] Yes[42] Yes[206] Yes[207]
JSSE Yes Yes[72] Yes[72] Yes No No Yes No Yes No No Yes No No
LibreSSL Yes Yes Yes[208] Yes No No? Yes Yes? No No Server side only[209] No Yes No
MatrixSSL Yes Yes Yes[210] Yes[139] No No Yes No Yes No Yes[139] Yes[139] No Unknown
Mbed TLS Yes Yes Yes[211] No No No Yes No Yes Yes[212] Yes[212] Yes[212] No No
NSS Yes Yes Yes[213] Yes No[214] No Yes Yes No No[215] Yes[216] Yes[217] Yes[213] Unknown
OpenSSL Yes Yes Yes[59] Yes No No? Yes Yes Yes Yes Yes[218] Yes[57] Yes[219] Yes[220]
Rustls Yes Yes Yes Yes No No Yes Yes No No No [221] Yes No Unknown
Schannel XP/2003 No No No No No Yes No No No No No No No Unknown
Schannel Vista/2008 Yes Yes No No No Yes No No No No No Yes[222] No Unknown
Schannel 7/2008R2 Yes Yes No Yes No Yes No No No No No Yes[222] No Unknown
Schannel 8/2012 Yes Yes No Yes No Yes Client side only[223] No No No No Yes[222] No Unknown
Schannel 8.1/2012R2, 10 Yes Yes Yes Yes No Yes Yes[223] No No No No Yes[222] No Unknown
Secure Transport Yes Yes Unknown No No Yes No No No No No No No Unknown
wolfSSL Yes Yes Yes[159] Yes No No Yes No Yes Yes[224] No Yes No Yes[225]
Erlang/OTP SSL application Yes Yes Yes No No No No No No No Yes No No Unknown
Implementation Secure Renegotiation Server Name Indication ALPN Certificate Status Request OpenPGP Supplemental Data Session Ticket Keying Material Exporter Maximum Fragment Length Encrypt-then-MAC TLS Fallback SCSV Extended Master Secret ClientHello Padding Raw Public Keys

Assisted cryptography

[edit ]

This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.

Implementation PKCS #11 device Intel AES-NI VIA PadLock ARMv8-A Intel SHA NXP CAAM TPM 2.0 NXP SE050 Microchip ATECC STMicro STSAFE Maxim MAXQ
Botan Yes[226] Yes No Yes No Yes[227] No No No No
BSAFE SSL-J [a] [b] Yes Yes No Yes Yes No No[230] No No No No
cryptlib Yes Yes Yes No Yes No No No No
Crypto++ Yes Yes No No No No
GnuTLS Yes Yes Yes Yes[231] Yes No[232] No No No No
JSSE Yes Yes[233] No No No No No No No
LibreSSL No Yes Yes No No No No No
MatrixSSL Yes Yes No Yes No No No No No
Mbed TLS Yes Yes[234] Yes No No Partial[235] Yes[236] No No
NSS Yes[237] Yes[238] No[239] No No No No No No
OpenSSL Yes[240] [241] [242] Yes Yes Yes[243] Yes Partial Partial[244] [245] Partial[235] No Partial[246] No
Rustls Yes Yes Yes No No No No
Schannel No Yes No No No No No No No
Secure Transport No Yes[247] [248] No Yes No No No No No
wolfSSL Yes Yes No Yes Yes[249] Yes[250] [251] Yes[252] Yes[253] Yes[254] Yes[255]
Implementation PKCS #11 device Intel AES-NI VIA PadLock ARMv8-A Intel SHA NXP CAAM TPM 2.0 NXP SE050 Microchip ATECC STMicro STSAFE Maxim MAXQ
  1. ^ Pure Java implementations relies on JVM processor optimization capabilities, such as OpenJDK support for AES-NI [228]
  2. ^ BSAFE SSL-J can be configured to run in native mode, using BSAFE Crypto-C Micro Edition to benefit from processor optimization.[229]

System-specific backends

[edit ]

This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.

Implementation /dev/crypto af_alg Windows CSP CommonCrypto OpenSSL engine
Botan No No No No Partial
BSAFE No No No No No
cryptlib Yes No No No No
GnuTLS Yes Yes No No No
JSSE No No Yes No No
LibreSSL No No No No No[256]
MatrixSSL No No No Yes Yes
Mbed TLS No No No No No
NSS No No No No No
OpenSSL Yes Yes No No Yes
Rustls No Yes [257] No No No
Schannel No No Yes No No
Secure Transport No No No Yes No
wolfSSL Yes Yes Partial No Yes[258]
Erlang/OTP SSL application No No No No Yes
Implementation /dev/crypto af_alg Windows CSP CommonCrypto OpenSSL engine

Cryptographic module/token support

[edit ]
Implementation TPM support Hardware token support Objects identified via
Botan Partial[201] PKCS #11
BSAFE SSL-J No No
cryptlib Yes PKCS #11 User-defined label
GnuTLS Yes PKCS #11 RFC 7512 PKCS #11 URLs[259]
JSSE No PKCS11 Java Cryptography Architecture,
Java Cryptography Extension
LibreSSL Yes PKCS #11 (via 3rd party module) Custom method
MatrixSSL No PKCS #11
Mbed TLS No PKCS #11 (via libpkcs11-helper) or standard hooks Custom method
NSS No PKCS #11
OpenSSL Yes PKCS #11 (via 3rd party module)[260] RFC 7512 PKCS #11 URLs[259]
Rustls No Microsoft CryptoAPI [261] Custom method
Schannel No Microsoft CryptoAPI UUID, User-defined label
Secure Transport
wolfSSL Yes PKCS #11
Implementation TPM support Hardware token support Objects identified via

Code dependencies

[edit ]
Implementation Dependencies Optional dependencies
Botan C++20 SQLite
zlib (compression)
bzip2 (compression)
liblzma (compression)
boost
trousers (TPM)
GnuTLS libc
nettle
gmp 		zlib (compression)
p11-kit (PKCS #11)
trousers (TPM)
libunbound (DANE)
JSSE Java
MatrixSSL none zlib (compression)
MatrixSSL-open libc or newlib
Mbed TLS libc libpkcs11-helper (PKCS #11)
zlib (compression)
NSS libc
libnspr4
libsoftokn3
libplc4
libplds4 		zlib (compression)
Rustls rust core library rust std library
zlib-rs (compression)
brotli (compression)
ring (cryptography)
aws-lc-rs (cryptography)
OpenSSL libc zlib (compression)
brotli (compression)
zstd (compression)
wolfSSL None libc
zlib (compression)
Erlang/OTP SSL application libcrypto (from OpenSSL), Erlang/OTP and its public_key, crypto and asn1 applications Erlang/OTP -inets (http fetching of CRLs)
Implementation Dependencies Optional dependencies

Development environment

[edit ]
Implementation Namespace Build tools API manual Crypto back-end OpenSSL compatibility Layer[clarify ]
Botan Botan::TLS Makefile Sphinx Included (pluggable) No
Bouncy Castle org.bouncycastle Java Development Environment Programmers reference manual (PDF) Included (pluggable) No
BSAFE SSL-J com.rsa.asn1[a]

com.rsa.certj[b]
com.rsa.jcp[c]
com.rsa.jsafe[d]
com.rsa.ssl[e]
com.rsa.jsse[f]

Java class loader Javadoc, Developer's guide (HTML) Included No
cryptlib crypt* makefile, MSVC project workspaces Programmers reference manual (PDF), architecture design manual (PDF) Included (monolithic) No
GnuTLS gnutls_* Autoconf, automake, libtool Manual and API reference (HTML, PDF) External, libnettle Yes (limited)
JSSE javax.net.ssl

sun.security.ssl

Makefile API Reference (HTML) +

JSSE Reference Guide

Java Cryptography Architecture,
Java Cryptography Extension 		No
MatrixSSL matrixSsl_*

ps*

Makefile, MSVC project workspaces, Xcode projects for OS X and iOS API Reference (PDF), Integration Guide Included (pluggable) Yes (Subset: SSL_read, SSL_write, etc.)
Mbed TLS mbedtls_ssl_*

mbedtls_sha1_*
mbedtls_md5_*
mbedtls_x509*
...

Makefile, CMake, MSVC project workspaces, yotta API Reference + High Level and Module Level Documentation (HTML) Included (monolithic) No
NSS CERT_*

SEC_*
SECKEY_*
NSS_*
PK11_*
SSL_*
...

Makefile Manual (HTML) Included, PKCS#11 based[262] Yes (separate package called nss_compat_ossl[263] )
OpenSSL SSL_*

SHA1_*
MD5_*
EVP_*
...

Makefile Man pages Included (monolithic)
Rustls rustls:: cargo API reference and design manual Two options included (pluggable) Yes[264] (subset)
wolfSSL wolfSSL_*

CyaSSL_*
SSL_*

Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC, e2Studio Manual and API Reference (HTML, PDF) Included (monolithic) Yes (about 60% of API)
Implementation Namespace Build tools API manual Crypto back-end OpenSSL compatibility layer
  1. ^
    ASN.1 manipulation classes
  2. ^
    Cert-J proprietary API
  3. ^
    Certificate Path manipulation classes
  4. ^
    Crypto-J proprietary API, JCE, CMS and PKI
    5. API
  5. ^
    SSLJ proprietary API
  6. ^
    JSSE API

Portability concerns

[edit ]
Implementation Platform requirements Network requirements Thread safety Random seed Able to cross-compile No OS (bare metal) Supported operating systems
Botan C++11 None Thread-safe Platform-dependent Yes Windows, Linux, macOS, Android, iOS, FreeBSD, OpenBSD, Solaris, AIX, HP-UX, QNX, BeOS, IncludeOS
BSAFE SSL-J Java Java SE network components Thread-safe Depends on java.security.SecureRandom Yes No FreeBSD, Linux, macOS, Microsoft Windows, Android, AIX, Solaris
cryptlib C89 POSIX send() and recv(). API to supply your own replacement Thread-safe Platform-dependent, including hardware sources Yes Yes AMX, BeOS, ChorusOS, DOS, eCos, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK
GnuTLS C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available. Platform dependent Yes No Generally any POSIX platforms or Windows, commonly tested platforms include Linux, Win32/64, macOS, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
JSSE Java Java SE network components Thread-safe Depends on java.security.SecureRandom Yes Java based, platform-independent
MatrixSSL C89 None Thread-safe Platform dependent Yes Yes All
Mbed TLS C89 POSIX read() and write(). API to supply your own replacement. Threading layer available (POSIX or own hooks) Random seed set through entropy pool Yes Yes Known to work on: Win32/64, Linux, macOS, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, eCos, SeggerOS, RISC OS
NSS C89, NSPR[265] NSPR[265] PR_Send() and PR_Recv(). API to supply your own replacement. Thread-safe Platform dependent[266] Yes (but cumbersome) No AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, macOS, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation
Rustls Rust (programming language) None Thread-safe Platform dependent Yes Yes All supported by Rust (programming language)
OpenSSL C89 None Thread-safe Platform dependent Yes No Unix-like, DOS (with djgpp), Windows, OpenVMS, NetWare, eCos
wolfSSL C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe Random seed set through wolfCrypt Yes Yes Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Project, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and GameCube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, eCos, Micrium μC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, Keil RTX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, TOPPERS, PetaLinux, Apache mynewt
Implementation Platform requirements Network requirements Thread safety Random seed Able to cross-compile No OS (bare metal) Supported operating systems

See also

[edit ]
  • SCTP — with DTLS support
  • DCCP — with DTLS support
  • SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)

References

[edit ]
  1. ^ "Botan: Release Notes" . Retrieved 2025年05月16日.
  2. ^ "Download Bouncy Castle for Java - bouncycastle.org". 2025年08月04日. Retrieved 2025年08月04日.
  3. ^ "Download Bouncy Castle for Java LTS - bouncycastle.org". 2024年11月08日. Retrieved 2024年11月29日.
  4. ^ "Download Bouncy Castle for Java FIPS - bouncycastle.org". 2024年07月30日. Retrieved 2024年11月29日.
  5. ^ "Download Bouncy Castle for C# .NET - bouncycastle.org". 2025年08月04日. Retrieved 2025年08月04日.
  6. ^ "Download Bouncy Castle for C# .NET FIPS - bouncycastle.org". 2024年03月11日. Retrieved 2024年11月29日.
  7. ^ "Dell BSAFE SSL-J 6.6 Release Advisory". Dell .
  8. ^ "Dell BSAFE SSL-J 7.3.1 Release Advisory". Dell .
  9. ^ "Dell BSAFE Micro Edition Suite 5.0.3 Release Advisory".
  10. ^ Gutmann, Peter (May 1, 2025). "cryptlib". Github. Retrieved 2025年08月02日.
  11. ^ Daiki Ueno (9 July 2025). "gnutls 3.8.10" . Retrieved 10 August 2025.
  12. ^ "Java Development Kit 25 Release Notes". Oracle Corporation . Retrieved 2025年06月09日.
  13. ^ "JavaTM SE Development Kit 21, 21.0.5 Release Notes". Oracle Corporation . Retrieved 2024年10月16日.
  14. ^ "JavaTM SE Development Kit 17, 17.0.13 Release Notes". Oracle Corporation . Retrieved 2024年10月16日.
  15. ^ "JavaTM SE Development Kit 11, 11.0.25 Release Notes". Oracle Corporation . Retrieved 2024年10月16日.
  16. ^ "JavaTM SE Development Kit 8, Update 431 Release Notes". Oracle Corporation . Retrieved 2024年10月16日.
  17. ^ "LibreSSL 4.1.2 and 4.2.1 released". 31 October 2025. Retrieved 3 November 2025.
  18. ^ The features listed are for the closed source version
  19. ^ "MatrixSSL 4.2.2 Open release". 2019年09月11日. Retrieved 2020年03月20日.
  20. ^ "Release 4.0.0". 15 October 2025. Retrieved 21 October 2025.
  21. ^ a b "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
  22. ^ "OpenSSL 3.6.0". 1 October 2025. Retrieved 1 October 2025.
  23. ^ "rustls/rustls releases". Github. Retrieved 15 August 2025.
  24. ^ "wolfSSL product description" . Retrieved 2016年05月03日.
  25. ^ "wolfSSL Embedded SSL/TLS" . Retrieved 2016年05月03日.
  26. ^ "wolfSSL ChangeLog". 2025年07月17日. Retrieved 2025年07月17日.
  27. ^ Prohibiting Secure Sockets Layer (SSL) Version 2.0. doi:10.17487/RFC6176 . RFC 6176.
  28. ^ Vaudenay, Serge (2001). "CBC-Padding: Security Flaws in SSL, IPsec, WTLS,..." (PDF).
  29. ^ a b Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security. doi:10.17487/RFC7366 . RFC 7366.
  30. ^ "Rizzo/Duong BEAST Countermeasures". Archived from the original on 2016年03月11日.
  31. ^ Möller, Bodo; Duong, Thai; Kotowicz, Krzysztof (September 2014). "This POODLE Bites: Exploiting The SSL 3.0 Fallback" (PDF). Archived from the original (PDF) on 15 October 2014. Retrieved 15 October 2014.
  32. ^ "TLSv1.2's Major Differences from TLSv1.1". The Transport Layer Security (TLS) Protocol Version 1.2. sec. 1.2. doi:10.17487/RFC5246 . RFC 5246.
  33. ^ a b c RFC 6347. doi:10.17487/RFC6347 .
  34. ^ a b Elgamal, Taher; Hickman, Kipp E. B. (19 April 1995). The SSL Protocol. I-D draft-hickman-netscape-ssl-00.
  35. ^ a b RFC 6101. doi:10.17487/RFC6101 .
  36. ^ a b RFC 2246. doi:10.17487/RFC2246 .
  37. ^ a b RFC 4346. doi:10.17487/RFC4346 .
  38. ^ a b c d e f g h i j k l RFC 5246. doi:10.17487/RFC5246 .
  39. ^ a b RFC 4347. doi:10.17487/RFC4347 .
  40. ^ "Version 1.11.13, 2015年01月11日 — Botan". 2015年01月11日. Archived from the original on 2015年01月09日. Retrieved 2015年01月16日.
  41. ^ a b c "RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015年09月24日. Retrieved 2015年01月09日.
  42. ^ a b c d e f "[gnutls-devel] GnuTLS 3.4.0 released". 2015年04月08日. Retrieved 2015年04月16日.
  43. ^ "[gnutls-devel] GnuTLS 3.6.3". 2018年07月16日. Retrieved 2018年09月16日.
  44. ^ "Java SE Development Kit 8, Update 31 Release Notes" . Retrieved 2024年01月14日.
  45. ^ a b "Release Note: Disable TLS 1.0 and 1.1" . Retrieved 2024年01月14日.
  46. ^ a b c d e f g h i j k l m "OpenBSD 5.6 Released". 2014年11月01日. Retrieved 2015年01月20日.
  47. ^ "LibreSSL 2.3.0 Released". 2015年09月23日. Retrieved 2015年09月24日.
  48. ^ "LibreSSL 3.3.3 Released". 2021年05月04日. Retrieved 2021年05月04日.
  49. ^ "MatrixSSL - News". Archived from the original on 2015年02月14日. Retrieved 2014年11月09日.
  50. ^ a b c d "Mbed TLS 3.0.0 branch released". GitHub . 2021年07月07日. Retrieved 2021年08月13日.
  51. ^ a b c "mbed TLS 2.0.0 released". 2015年07月10日. Retrieved 2015年07月14日.
  52. ^ "NSS 3.19 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2015年06月05日. Retrieved 2015年05月06日.
  53. ^ a b "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013年01月17日. Retrieved 2012年10月27日.
  54. ^ "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013年08月10日.
  55. ^ "NSS 3.39 release notes". Mozilla Developer Network. Mozilla. 2018年08月31日. Archived from the original on 2021年12月07日. Retrieved 2018年09月15日.
  56. ^ "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014年06月30日. Archived from the original on 2021年12月07日. Retrieved 2014年06月30日.
  57. ^ a b c d e f g h i j k l m "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018年03月17日. Retrieved 2016年09月03日.
  58. ^ a b "Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012年03月14日. Archived from the original on December 5, 2014. Retrieved 2015年01月20日.
  59. ^ a b c d e f "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015年01月22日.
  60. ^ a b c d e f g h i j k "rustls implemented and unimplemented features documentation" . Retrieved 2024年08月28日.
  61. ^ "S2N Readme". GitHub . 2019年12月21日.
  62. ^ "TLS Cipher Suites (Windows)". msdn.microsoft.com. 14 July 2023.
  63. ^ a b "TLS Cipher Suites in Windows Vista (Windows)". msdn.microsoft.com. 25 October 2021.
  64. ^ a b c "Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023.
  65. ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
  66. ^ "Protocols in TLS/SSL (Schannel SSP)". Microsoft. 2022年05月25日. Retrieved 2023年11月18日.
  67. ^ "Protocols in TLS/SSL (Schannel SSP)". 25 May 2022. Retrieved 6 November 2022.
  68. ^ "@badger: the 1.3 stuff is apparently in iOS 11 and macOS 10.13". 2018年03月09日. Retrieved 2018年03月09日.
  69. ^ "[wolfssl] wolfSSL 3.6.6 Released". 2015年08月20日. Retrieved 2015年08月24日.
  70. ^ "[wolfssl] wolfSSL 3.13.0 Released". 2017年12月21日. Retrieved 2022年01月17日.
  71. ^ "Erlang -- Standards Compliance".
  72. ^ a b c "Security Enhancements in JDK 8". docs.oracle.com.
  73. ^ "Bug 663320 - (NSA-Suite-B-TLS) Implement RFC6460 (NSA Suite B profile for TLS)". Mozilla. Retrieved 2014年05月19日.
  74. ^ "Introducing Compliance to Suite B Cryptography". 18 September 2012.
  75. ^ "Speeds and Feeds › Secure or Compliant, Pick One". Archived from the original on December 27, 2013.
  76. ^ "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. Archived from the original on 2014年12月26日. Retrieved 2014年03月18日.
  77. ^ ""Is botan FIPS 140 certified?" Frequently Asked Questions — Botan". Archived from the original on 2014年11月29日. Retrieved 2014年11月16日.
  78. ^ "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. 11 October 2016.
  79. ^ "cryptlib". 11 October 2013. Archived from the original on 11 October 2013.
  80. ^ "B.5 Certification". GnuTLS 3.7.7. Retrieved 26 September 2022.
  81. ^ "Matrix SSL Toolkit" (PDF).
  82. ^ "Is mbed TLS FIPS certified? - Mbed TLS documentation". Mbed TLS documentation.
  83. ^ "FIPS Validation - MozillaWiki". wiki.mozilla.org.
  84. ^ "OpenSSL and FIPS 140-2". Archived from the original on 2013年05月28日. Retrieved 2014年11月15日.
  85. ^ "rustls FIPS documentation" . Retrieved 2024年08月28日.
  86. ^ "Microsoft FIPS 140 Validated Cryptographic Modules".
  87. ^ "wolfCrypt FIPS 140-2 Information - wolfSSL Embedded SSL/TLS Library".
  88. ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah RFC 4492. doi:10.17487/RFC4492 .
  89. ^ a b c d e "LibreSSL 2.1.2 released". 2014年12月09日. Retrieved 2015年01月20日.
  90. ^ "NSS 3.20 release notes". Mozilla. 2015年08月19日. Archived from the original on 2021年12月07日. Retrieved 2015年08月20日.
  91. ^ a b c d Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS" . Retrieved 2014年07月01日.
  92. ^ a b c d Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird" . Retrieved 2014年07月01日.
  93. ^ a b c d "OpenSSL: CVS Web Interface". Archived from the original on 2013年04月15日. Retrieved 2014年11月12日.
  94. ^ a b c d e f g h i j k l m n o Extensions to support GOST in Schannel might be available.[citation needed ]
  95. ^ a b c d "Microsoft Security Advisory 3174644". 14 October 2022.
  96. ^ a b c "Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014.
  97. ^ a b c Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014.
  98. ^ a b "Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2". support.microsoft.com.
  99. ^ a b c d e f RFC 5054. doi:10.17487/RFC5054 .
  100. ^ a b c d e f RFC 4279. doi:10.17487/RFC4279 .
  101. ^ a b RFC 5489. doi:10.17487/RFC5489 .
  102. ^ a b RFC 2712. doi:10.17487/RFC2712 .
  103. ^ "RSA BSAFE SSL-J 6.2.4 Release Notes". 2018年09月05日. Archived from the original on 2018年09月10日.
  104. ^ a b c "LibreSSL 2.0.4 released" . Retrieved 2014年08月04日.
  105. ^ a b c "Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014年01月25日.
  106. ^ a b c d "Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014年01月25日.
  107. ^ "Bug 1170510 - Implement NSS server side support for DH_anon". Mozilla. Retrieved 2015年06月03日.
  108. ^ "Bug 236245 - Update ECC/TLS to conform to RFC 4492". Mozilla. Retrieved 2014年06月09日.
  109. ^ "Changes between 0.9.6h and 0.9.7 [31 Dec 2002]" . Retrieved 2016年01月29日.
  110. ^ a b "Changes between 0.9.8n and 1.0.0 [29 Mar 2010]" . Retrieved 2016年01月29日.
  111. ^ "wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016)". 2016年03月18日. Retrieved 2016年04月05日.
  112. ^ RFC 5280. doi:10.17487/RFC5280 .
  113. ^ RFC 3280. doi:10.17487/RFC3280 .
  114. ^ RFC 2560. doi:10.17487/RFC2560 .
  115. ^ RFC 6698. doi:10.17487/RFC6698 .
  116. ^ RFC 7218. doi:10.17487/RFC7218 .
  117. ^ Laurie, B.; Langley, A.; Kasper, E. (June 2013). Certificate Transparency. IETF. doi:10.17487/RFC6962 . ISSN 2070-1721. RFC 6962 . Retrieved 2020年08月31日.
  118. ^ "MatrixSSL 3.8.3". Archived from the original on 2017年01月19日. Retrieved 2017年01月18日.
  119. ^ "mbed TLS 2.0 defaults implement best practices" . Retrieved 2017年01月18日.
  120. ^ "Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation". Mozilla. Retrieved 2014年06月18日.
  121. ^ "CRL Validation · Issue #3499 · aws/s2n-tls". GitHub. Retrieved 2022年11月01日.
  122. ^ "OCSP digest support for SHA-256 · Issue #2854 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022年11月01日.
  123. ^ "[RFC 6962] s2n Client can Validate Signed Certificate Timestamp TLS Extension · Issue #457 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022年11月01日.
  124. ^ a b "How Certificate Revocation Works". Microsoft TechNet . Microsoft. March 16, 2012. Retrieved July 10, 2013.
  125. ^ a b
  126. ^ a b RFC 6655, RFC 7251
  127. ^ a b c d RFC 6367. doi:10.17487/RFC6367 .
  128. ^ a b RFC 5932. doi:10.17487/RFC5932 .
  129. ^ a b c d RFC 6209. doi:10.17487/RFC6209 .
  130. ^ a b RFC 4162. doi:10.17487/RFC4162 .
  131. ^ a b "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info.
  132. ^ a b RFC 7905. doi:10.17487/RFC7905 .
  133. ^ a b "Version 1.11.12, 2015年01月02日 — Botan". 2015年01月02日. Retrieved 2015年01月09日.
  134. ^ "gnutls 3.6.0". 2017年09月21日. Retrieved 2018年01月07日.
  135. ^ "gnutls 3.4.12". 2016年05月20日. Archived from the original on 2016年10月13日. Retrieved 2016年05月29日.
  136. ^ "Java SE DevelopmentK Kit 10 - 10.0.1 Release Notes". 2018年04月17日. Retrieved 2024年01月14日.
  137. ^ "JDK 12 Release Notes" . Retrieved 2024年01月14日.
  138. ^ a b c d "Changes in 3.8.3". GitHub . Retrieved 2016年06月19日.[permanent dead link ]
  139. ^ "PolarSSL 1.3.8 release notes". Archived from the original on 2014年07月14日.
  140. ^ a b "Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released" . Retrieved 2018年08月30日.
  141. ^ "Mbed TLS 2.12.0, 2.7.5 and 2.1.14 released" . Retrieved 2018年08月30日.
  142. ^ "NSS 3.25 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021年12月07日. Retrieved 2016年07月01日.
  143. ^ "Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites". Mozilla. Retrieved 2013年11月19日.
  144. ^ "NSS 3.12 is released" . Retrieved 2013年11月19日.
  145. ^ "NSS 3.12.3 Release Notes". Mozilla Developer Network. Mozilla. Archived from the original on 2023年04月02日. Retrieved 2023年04月01日.
  146. ^ "NSS 3.23 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021年04月14日. Retrieved 2016年03月09日.
  147. ^ "openssl/CHANGES at OpenSSL_1_0_1-stable · openssl/openssl". GitHub . Retrieved 2015年01月20日.
  148. ^ "OpenSSL 1.1.1 Series Release Notes". www.openssl.org. Archived from the original on 2024年01月16日.
  149. ^ "Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps". docs.microsoft.com. 14 July 2023.
  150. ^ a b c "Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023年07月14日.
  151. ^ RFC 5469
  152. ^ a b "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN".
  153. ^ "Version 1.11.15, 2015年03月08日 — Botan". 2015年03月08日. Retrieved 2015年03月11日.
  154. ^ "Java Cryptography Architecture Oracle Providers Documentation". docs.oracle.com.
  155. ^ "NSS 3.15.3 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2014年06月05日. Retrieved 2014年07月13日.
  156. ^ "MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities". Mozilla. Retrieved 2014年07月13日.
  157. ^ a b c "RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016年08月09日.
  158. ^ a b "wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)". 2015年10月26日. Retrieved 2015年11月19日.
  159. ^ a b c d e RFC 8446
  160. ^ a b c d e RFC 8422
  161. ^ a b c RFC 7027
  162. ^ a b c "Version 1.11.5, 2013年11月10日 — Botan". 2013年11月10日. Retrieved 2015年01月23日.
  163. ^ "An overview of the new features in GnuTLS 3.5.0". 2016年05月02日. Retrieved 2016年12月09日.
  164. ^ "gnutls 3.6.12". 2020年02月01日. Retrieved 2021年08月31日.
  165. ^ a b "JDK 13 Early-Access Release Notes". Archived from the original on 2020年04月01日. Retrieved 2019年06月20日.
  166. ^ a b "JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA)" . Retrieved 2024年01月14日.
  167. ^ "LibreSSL 2.5.1 release notes". OpenBSD. 2017年01月31日. Retrieved 2017年02月23日.
  168. ^ "MatrixSSL 4.0 changelog". GitHub . Retrieved 2018年09月18日.
  169. ^ "PolarSSL 1.3.3 released". 2013年12月31日. Archived from the original on 2014年01月07日. Retrieved 2015年01月23日.
  170. ^ "Mbed TLS 2.9.0, 2.7.3 and 2.1.12 released" . Retrieved 2018年08月30日.
  171. ^ a b c "PolarSSL 1.3.1 released". 2013年10月15日. Archived from the original on 2015年01月23日. Retrieved 2015年01月23日.
  172. ^ "Bug 957105 - Add support for curve25519 Key Exchange and UMAC MAC support for TLS". Mozilla. Retrieved 2017年02月23日.
  173. ^ "Bug 1305243 - Support for X448". Mozilla. Retrieved 2022年08月04日.
  174. ^ "Bug 1597057 - Curve448 or named Ed448-Goldilocks support needed (both X448 key exchange and Ed448 signature algorithm )". Mozilla. Retrieved 2022年08月04日.
  175. ^ a b c "Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014年01月25日.
  176. ^ "OpenSSL 1.1.0x Release Notes". 25 August 2016. Archived from the original on 18 May 2018. Retrieved 18 May 2018.
  177. ^ "OpenSSL GitHub Issue #487 Tracker". GitHub . 2 December 2015. Retrieved 18 May 2018.
  178. ^ "OpenSSL CHANGES". 1 May 2018. Archived from the original on 18 May 2018. Retrieved 18 May 2018.
  179. ^ "OpenSSL GitHub Issue #5049 Tracker". GitHub . 9 January 2018. Retrieved 18 May 2018.
  180. ^ "wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)". 2015年03月30日. Retrieved 2015年11月19日.
  181. ^ "wolfSSL Release 4.4.0 (04/22/2020)". 2020年04月22日. Retrieved 2022年10月18日.
  182. ^ "Release Note: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default". JDK Bug System (JBS). Retrieved 25 December 2024.
  183. ^ "Release Note: Removal of Legacy Elliptic Curves". JDK Bug System (JBS). Retrieved 25 December 2024.
  184. ^ a b Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart (2012). "A cross-protocol attack on the TLS protocol" (PDF). Proceedings of the 2012 ACM conference on Computer and communications security. Association for Computing Machinery. pp. 62–72. doi:10.1145/2382196.2382206. ISBN 978-1-4503-1651-4.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  185. ^ "SHA2 and Windows" . Retrieved 2024年12月25日.
  186. ^ RFC 3749
  187. ^ RFC 5746
  188. ^ a b c RFC 6066
  189. ^ RFC 7301
  190. ^ RFC 6091
  191. ^ RFC 4680
  192. ^ RFC 5077. doi:10.17487/RFC5077 .
  193. ^ RFC 5705. doi:10.17487/RFC5705 .
  194. ^ RFC 7507. doi:10.17487/RFC7507 .
  195. ^ RFC 7627
  196. ^ RFC 7685
  197. ^ RFC 7250
  198. ^ "Version 1.11.16, 2015年03月29日 — Botan". 2016年03月29日. Retrieved 2016年09月08日.
  199. ^ "Version 1.11.10, 2014年12月10日 — Botan". 2014年12月10日. Retrieved 2014年12月14日.
  200. ^ a b "Version 1.11.26, 2016年01月04日 — Botan". 2016年01月04日. Retrieved 2016年02月25日.
  201. ^ Present, but disabled by default due to lack of use by any implementation.
  202. ^ "gnutls 3.2.0". Archived from the original on 2016年01月31日. Retrieved 2015年01月26日.
  203. ^ Mavrogiannopoulos, Nikos (August 21, 2017). "[gnutls-help] GnuTLS 3.6.0 released".
  204. ^ "gnutls 3.4.4". Archived from the original on 2017年07月17日. Retrieved 2015年08月25日.
  205. ^ "%DUMBFW priority keyword" . Retrieved 2017年04月30日.
  206. ^ "gnutls 3.6.6". 2019年01月25日. Retrieved 2019年09月01日.
  207. ^ "LibreSSL 2.1.3 released". 2015年01月22日. Retrieved 2015年01月22日.
  208. ^ "LibreSSL 2.1.4 released". 2015年03月04日. Retrieved 2015年03月04日.
  209. ^ "MatrixSSL - News". 2014年12月04日. Archived from the original on 2015年02月14日. Retrieved 2015年01月26日.
  210. ^ "Download overview - PolarSSL". 2014年04月11日. Archived from the original on 2015年02月09日. Retrieved 2015年01月26日.
  211. ^ a b c "mbed TLS 1.3.10 released". 2015年02月08日. Archived from the original on 2015年02月09日. Retrieved 2015年02月09日.
  212. ^ a b "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Archived from the original on January 26, 2015. Retrieved 2015年01月26日.
  213. ^ "Bug 961416 - Support RFC6091 - Using OpenPGP Keys for Transport Layer Security Authentication (TLS1.2)". Mozilla. Retrieved 2014年06月18日.
  214. ^ "Bug 972145 - Implement the encrypt-then-MAC TLS extension". Mozilla. Retrieved 2014年11月06日.
  215. ^ "NSS 3.17.1 release notes". Archived from the original on 2019年04月19日. Retrieved 2014年10月17日.
  216. ^ "NSS 3.21 release notes". Archived from the original on 2021年12月07日. Retrieved 2015年11月14日.
  217. ^ "OpenSSL Security Advisory [15 Oct 2014]". 2014年10月15日.
  218. ^ "Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]". 2014年04月07日. Archived from the original on 2015年01月20日. Retrieved 2015年02月10日.
  219. ^ "OpenSSL Announces Final Release of OpenSSL 3.2.0". 2023年11月23日. Retrieved 2024年10月11日.
  220. ^ rustls does not implement earlier versions that would warrant protection against insecure downgrade
  221. ^ a b c d "Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024年04月28日.
  222. ^ a b "What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2024年04月28日.
  223. ^ "wolfSSL Version 4.2.0 is Now Available!". 22 October 2019. Retrieved 2021年08月13日.
  224. ^ "wolfSSL supports Raw Public Keys". August 2023. Retrieved 2024年10月25日.
  225. ^ "Version 1.11.31, 2015年08月30日 — Botan". 2016年08月30日. Retrieved 2016年09月08日.
  226. ^ "Trusted Platform Module (TPM) — Botan".
  227. ^ "JEP 164: Leverage CPU Instructions for AES Cryptography". openjdk.org.
  228. ^ "RSA SecurID PASSCODE Request". sso.rsasecurity.com.
  229. ^ "Comparison of BSAFE TLS libraries: Micro Edition Suite vs SSL-J | Dell Malaysia".
  230. ^ Mavrogiannopoulos, Nikos (October 9, 2016). "[gnutls-devel] gnutls 3.5.5".
  231. ^ "Trusted Platform Module (GnuTLS 3.8.4)".
  232. ^ "Java SSL provider with AES-NI support". stackoverflow.com.
  233. ^ "PolarSSL 1.3.3 released". 2013年12月31日. Archived from the original on 2014年01月07日. Retrieved 2014年01月07日. We've incorporated support for AES-NI in our AES and GCM modules.
  234. ^ a b "NXP/Plug-and-trust". GitHub .
  235. ^ "ARMmbed/Mbed-os-atecc608a". GitHub .
  236. ^ Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens
  237. ^ "Bug 706024 - AES-NI enhancements to NSS on Sandy Bridge systems" . Retrieved 2013年09月28日.
  238. ^ "Bug 479744 - RFE : VIA Padlock ACE support (hardware RNG, AES, SHA1 and SHA256)" . Retrieved 2014年04月11日.
  239. ^ "Подключаем Рутокен ЭЦП к OpenSSL" (in Russian). 16 December 2011.
  240. ^ "Поддержка Рутокен ЭЦП в OpenSSL (Страница 1) — Рутокен и Open Source — Форум Рутокен" (in Russian).
  241. ^ "OpenSSL ГОСТ" (in Russian). Archived from the original on 2018年06月23日.
  242. ^ "git.openssl.org Git - openssl.git/commitdiff". git.openssl.org.
  243. ^ "Tpm2-software/Tpm2-openssl". GitHub .
  244. ^ "Provider - OpenSSL Documentation".
  245. ^ "STSW-STSA110-SSL - STSAFE-A integration within OpenSSL security stack". STMicroelectronics .
  246. ^ SecECKey.c on GitHub
  247. ^ "Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8" (PDF). Apple Inc. 2013.
  248. ^ "CAAM support in wolfSSL". 10 March 2020.
  249. ^ "wolfTPM Portable TPM 2.0 Library".
  250. ^ "Announcing wolfSSL TPM support for the Espressif ESP32". 20 June 2024.
  251. ^ "WolfSSL SSL/TLS Support for NXP SE050 – wolfSSL". 22 February 2024.
  252. ^ "WolfSSL support for the ATECC608 Crypto Coprocessor – wolfSSL". 13 October 2021.
  253. ^ "WolfSSL support for STSAFE-A100 crypto coprocessor – wolfSSL". 20 September 2018.
  254. ^ "Support for MAXQ1065 in wolfSSL – wolfSSL". 29 November 2022.
  255. ^ "LibreSSL 2.2.1 Released". 2015年07月08日. Retrieved 2016年01月30日.
  256. ^ "ktls integration for rustls". GitHub . Retrieved 2024年08月29日.
  257. ^ "wolfProvider". 2021年11月10日. Retrieved 2022年01月17日.
  258. ^ a b The PKCS #11 URI Scheme. doi:10.17487/RFC7512 . RFC 7512.
  259. ^ "libp11: PKCS#11 wrapper library". 19 January 2018 – via GitHub.
  260. ^ "Windows CNG bridge for rustls". GitHub . Retrieved 2024年08月29日.
  261. ^ On the fly replaceable/augmentable.
  262. ^ "Nss compat ossl - Fedora Project Wiki". fedoraproject.org.
  263. ^ "rustls-openssl compatibility layer". GitHub . Retrieved 2024年08月29日.
  264. ^ a b "NSPR". Mozilla Developer Network.
  265. ^ For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For other platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions it uses to determine randomness.
Protocols and technologies
Public-key infrastructure
See also
History
Implementations
Notaries
Vulnerabilities
Theory
Cipher
Protocol
Implementation

AltStyle によって変換されたページ (->オリジナル) /