fbpx
Wikipedia

Comparison of TLS implementations

March 17, 2024

This article is about TLS libraries comparison. For cryptographic libraries comparison, see Comparison of cryptography libraries.
"Secure Transport" redirects here. For the transportation of valuables, see Armoured car (valuables).

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.

Overview edit

Implementation Developed by Open source Software license Copyright holder Written in Latest stable version, release date Origin
Botan Jack Lloyd Yes Simplified BSD License Jack Lloyd C++ 3.2.0 (October 9, 2023; 5 months ago (2023-10-09)[1]) [±] US (Vermont)
BoringSSL Google Yes OpenSSL-SSLeay dual-license, ISC license Eric Young, Tim Hudson, Sun, OpenSSL project, Google, and others C, C++, Go, assembly ?? Australia/EU
Bouncy Castle The Legion of the Bouncy Castle Inc. Yes MIT License Legion of the Bouncy Castle Inc. Java, C#
Java1.77 / November 13, 2023; 4 months ago (2023-11-13)[2]
Java LTSBC-LJA 2.73.4 / January 22, 2024; 53 days ago (2024-01-22)[3]
Java FIPSBC-FJA 1.0.2.4 / September 28, 2023; 5 months ago (2023-09-28)[4]
C#2.3.0 / February 5, 2024; 39 days ago (2024-02-05)[5]
C# FIPSBC-FNA 1.0.2 / February 28, 2023; 12 months ago (2023-02-28)[6]
 Australia
BSAFE Dell, formerly RSA Security No Proprietary Dell Java, C, assembly SSL-J 6.5.1 (July 10, 2023; 8 months ago (2023-07-10)[7]) [±]

SSL-J 7.2 (December 20, 2023; 2 months ago (2023-12-20)[8]) [±]
Micro Edition Suite 4.6.2 (May 2, 2023; 10 months ago (2023-05-02)[9]) [±]
Micro Edition Suite 5.0.2.1 (September 18, 2023; 5 months ago (2023-09-18)[10]) [±]

Australia
cryptlib Peter Gutmann Yes Sleepycat License and commercial license Peter Gutmann C 3.4.5 (2019; 5 years ago (2019)[11]) [±] NZ
GnuTLS GnuTLS project Yes LGPL-2.1-or-later Free Software Foundation C 3.8.3[12]   2024-01-16 EU (Greece and Sweden)
Java Secure Socket Extension (JSSE) Oracle Yes GNU GPLv2 and commercial license Oracle Java 21.0.0 LTS (September 19, 2023; 5 months ago (2023-09-19)) [±]

17.0.6 LTS (February 18, 2023; 12 months ago (2023-02-18)) [±]
11.0.17 LTS (October 18, 2022; 16 months ago (2022-10-18)[13]) [±]
8u401 LTS (January 16, 2024; 59 days ago (2024-01-16)[14]) [±]

US
LibreSSL OpenBSD Project Yes Apache-1.0, BSD-4-Clause, ISC, and public domain Eric Young, Tim Hudson, Sun, OpenSSL project, OpenBSD Project, and others C, assembly 3.8.3[15]   2024-03-09 Canada
MatrixSSL[16] PeerSec Networks Yes GNU GPLv2+ and commercial license PeerSec Networks C 4.2.2 (September 11, 2019; 4 years ago (2019-09-11) [17]) [±] US
Mbed TLS (previously PolarSSL) Arm Yes Apache License 2.0, GNU GPLv2+ and commercial license Arm Holdings C 3.5.2[18]  (26 January 2024; 49 days ago (26 January 2024)) [±] EU (Netherlands)
Network Security Services (NSS) Mozilla, AOL, Red Hat, Sun, Oracle, Google and others Yes MPL 2.0 NSS contributors C, assembly
Standard3.84 / October 12, 2022; 17 months ago (2022-10-12)[19]
Extended Support Release3.79.1 / August 18, 2022; 18 months ago (2022-08-18)[19]
 US
OpenSSL OpenSSL project Yes Apache-2.0[a] Eric Young, Tim Hudson, Sun, OpenSSL project, and others C, assembly 3.2.1[20]   2024-01-30 Australia/EU
s2n Amazon Yes Apache License 2.0, GNU GPLv2+ and commercial license Amazon, Inc. C Continuous US
Schannel Microsoft No Proprietary Microsoft Inc. Windows 11, 2021-10-05 US
Secure Transport Apple Inc. Yes APSL 2.0 Apple Inc. 57337.20.44 (OS X 10.11.2), 2015-12-08 US
wolfSSL (previously CyaSSL) wolfSSL[21] Yes GNU GPLv2+ and commercial license wolfSSL Inc.[22] C, assembly 5.6.4 (October 30, 2023; 4 months ago (2023-10-30)[23]) [±] US
Erlang/OTP SSL application Ericsson Yes Apache License 2.0 Ericsson Erlang OTP-21, 2018-06-19 Sweden
Implementation Developed by Open source Software license Copyright owner Written in Latest stable version, release date Origin
  1. ^ Apache-2.0 for OpenSSL 3.0 and later releases. OpenSSL-SSLeay dual-license for any release before OpenSSL 3.0.

TLS/SSL protocol version support edit

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated[24] protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.[25] TLS 1.1 (2006) fixed only one of the problems, by switching to random initialization vectors (IV) for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC 7366.[26] A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011.[27] In 2014, the POODLE vulnerability of SSL 3.0 was discovered, which takes advantage of the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.[28]

TLS 1.2 (2008) introduced a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).[29]

Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012.[30]

TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2.

Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2.

Implementation SSL 2.0 (insecure)[31] SSL 3.0 (insecure)[32] TLS 1.0 (deprecated)[33] TLS 1.1 (deprecated)[34] TLS 1.2[35] TLS 1.3 DTLS 1.0 (deprecated)[36] DTLS 1.2[30]
Botan No No[37] No No Yes Yes No Yes
BoringSSL Yes Yes Yes Yes Yes Yes
Bouncy Castle No No Yes Yes Yes Yes
(draft version) 		Yes Yes
BSAFE SSL-J[38] No Disabled by default No[a] No[a] Yes Yes No No
cryptlib No Disabled by default at compile time Yes Yes Yes No No
GnuTLS No[b] Disabled by default[39] Yes Yes Yes Yes[40] Yes Yes
JSSE No[b] Disabled by default[41] Disabled by default[42] Disabled by default[42] Yes Yes Yes Yes
LibreSSL No[43] No[44] Yes Yes Yes Yes Yes Yes[45]
MatrixSSL No Disabled by default at compile time[46] Yes Yes Yes Yes Yes Yes
Mbed TLS No No[47] No[47] No[47] Yes Yes
(experimental) 		Yes[48] Yes[48]
NSS No[c] Disabled by default[49] Yes Yes[50] Yes[51] Yes[52] Yes[50] Yes[53]
OpenSSL No[54] Disabled by default Yes Yes[55] Yes[55] Yes Yes Yes[56]
s2n[57] No Disabled by default Yes Yes Yes Yes No No
Schannel XP, 2003[58] Disabled by default in MSIE 7 Enabled by default Enabled by default in MSIE 7 No No No No No
Schannel Vista[59] Disabled by default Enabled by default Yes No No No No No
Schannel 2008[59] Disabled by default Enabled by default Yes Disabled by default (KB4019276) Disabled by default (KB4019276) No No No
Schannel 7, 2008R2[60] Disabled by default Disabled by default in MSIE 11 Yes Enabled by default in MSIE 11 Enabled by default in MSIE 11 No Yes[61] No[61]
Schannel 8, 2012[60] Disabled by default Enabled by default Yes Disabled by default Disabled by default No Yes No
Schannel 8.1, 2012R2, 10 v1507 & v1511[60] Disabled by default Disabled by default in MSIE 11 Yes Yes Yes No Yes No
Schannel 10 v1607 / 2016[62] No Disabled by default Yes Yes Yes No Yes Yes
Schannel 11 / 2022[63] No Disabled by default Yes Yes Yes Yes Yes Yes
Secure Transport

OS X 10.2-10.7, iOS 1-4

Yes Yes Yes No No No No
Secure Transport OS X 10.8-10.10, iOS 5-8 No[d] Yes Yes Yes[d] Yes[d] Yes[d] No
Secure Transport OS X 10.11, iOS 9 No No[d] Yes Yes Yes Yes Un­known
Secure Transport OS X 10.13, iOS 11 No No[d] Yes Yes Yes Yes
(draft version)[64]		 Yes Un­known
wolfSSL No Disabled by default[65] Disabled by default[66] Yes Yes Yes Yes Yes
Erlang/OTP SSL application[67] No [e] No [f] Disabled by default [e] Disabled by default [e] Yes Partially [g] Disabled by default [e] Yes
Implementation SSL 2.0 (insecure)[31] SSL 3.0 (insecure)[32] TLS 1.0 (deprecated)[33] TLS 1.1 (deprecated)[34] TLS 1.2[35] TLS 1.3 DTLS 1.0 (deprecated)[36] DTLS 1.2[30]
  1. ^ a b As of SSL-J 7.0, support for TLS 1.0 and 1.1 has been removed
  2. ^ a b SSL 2.0 client hello is supported for backward compatibility reasons even though SSL 2.0 is not supported.
  3. ^ Server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages.. Mozilla Developer Network. Mozilla. Archived from the original on 2016-08-26. Retrieved 2016-06-19.
  4. ^ a b c d e f Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
  5. ^ a b c d Since OTP 22
  6. ^ Since OTP 23
  7. ^ "Erlang OTP SSL application TLS 1.3 compliance table".

NSA Suite B Cryptography edit

Required components for NSA Suite B Cryptography (RFC 6460) are:

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

Implementation TLS 1.2 Suite B
Botan Yes
Bouncy Castle Yes
BSAFE Yes[38]
cryptlib Yes
GnuTLS Yes
JSSE Yes[68]
LibreSSL Yes
MatrixSSL Yes
Mbed TLS Yes
NSS No[69]
OpenSSL Yes[56]
S2n
Schannel Yes[70]
Secure Transport No
wolfSSL Yes
Implementation TLS 1.2 Suite B

Certifications edit

Note that certain certifications have received serious negative criticism from people who are actually involved in them.[71]

Implementation FIPS 140-1, FIPS 140-2[72] Embedded FIPS Solution
Level 1 Level 2[disputed discuss]
Botan[73]
Bouncy Castle BC-FJA 1.0.0 (#2768)
BC-FJA 1.0.1 (#3152)
BSAFE SSL-J[74] Crypto-J 6.0 (1785, 1786)
Crypto-J 6.1 / 6.1.1.0.1 (2057, 2058)
Crypto-J 6.2 / 6.2.1.1 (2468, 2469)
Crypto-J 6.2.4 (3172, 3184)
Crypto-J 6.2.5 (#3819, #3820)
cryptlib[75]
GnuTLS[76] Red Hat Enterprise Linux GnuTLS Cryptographic Module (#2780)
JSSE
LibreSSL[43] no support
MatrixSSL[77] SafeZone FIPS Cryptographic Module: 1.1 (#2389)
Mbed TLS[78]
NSS[79] Network Security Services: 3.2.2 (#247)
Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837) 		Netscape Security Module: 1 (#7[notes 1]), 1.01 (#47[notes 2])
Network Security Services: 3.2.2 (#248[notes 3])
Network Security Services Cryptographic Module: 3.11.4 (#814[notes 4]), 3.12.4 (#1279, #1280[notes 5])
OpenSSL[80] OpenSSL FIPS Object Module: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051)
2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)
Schannel[81] Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8
See details on Microsoft FIPS 140 Validated Cryptographic Modules
Secure Transport Apple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701)
Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016)
Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7, #2020, #2021)
wolfSSL[82] wolfCrypt FIPS Module: 4.0 (#3389)
See details on NIST certificate for validated Operating Environments
wolfCrypt FIPS Module: 3.6.0 (#2425)
See details on NIST certificate for validated Operating Environments 		Yes
Implementation Level 1 Level 2 Embedded FIPS Solution
FIPS 140-1, FIPS 140-2
  1. ^ with Sun Sparc 5 w/ Sun Solaris v 2.4SE (ITSEC-rated)
  2. ^ with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated)
  3. ^ with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1
  4. ^ with these platforms; Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU, Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU
  5. ^ with these platforms; Red Hat Enterprise Linux v5 running on an IBM System x3550, Red Hat Enterprise Linux v5 running on an HP ProLiant DL145, Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation, Sun Solaris 10 5/08 running on a Sun W2100z workstation

Key exchange algorithms (certificate-only) edit

This section lists the certificate verification functionality available in the various implementations.

Implementation RSA[35] RSA-EXPORT (insecure)[35] DHE-RSA (forward secrecy)[35] DHE-DSS (forward secrecy)[35] ECDH-ECDSA[83] ECDHE-ECDSA (forward secrecy)[83] ECDH-RSA[83] ECDHE-RSA (forward secrecy)[83] GOST R 34.10-94, 34.10-2001[84]
Botan Disabled by default No Yes Disabled by default No Yes No Yes No
BSAFE Yes No Yes Yes Yes Yes Yes Yes No
cryptlib Yes No Yes Yes No Yes No No No
GnuTLS Yes No Yes Disabled by default[39] No Yes No Yes No
JSSE Yes Disabled by default Yes Yes Yes Yes Yes Yes No
LibreSSL Yes No[43] Yes Yes No Yes No Yes Yes[85]
MatrixSSL Yes No Yes No Yes Yes Yes Yes No
Mbed TLS Yes No Yes No Yes Yes Yes Yes No
NSS Yes Disabled by default Yes[86] Yes Yes Yes Yes Yes No[87][88]
OpenSSL Yes No[54] Yes Disabled by default[54] No Yes No Yes Yes[89]
Schannel XP/2003 Yes Yes No XP: Max 1024 bits
2003: 1024 bits only 		No No No No No[90]
Schannel Vista/2008 Yes Disabled by default No 1024 bits by default[91] No Yes No except AES_GCM No[90]
Schannel 8/2012 Yes Disabled by default AES_GCM only[92][93][94] 1024 bits by default[91] No Yes No except AES_GCM No[90]
Schannel 7/2008R2, 8.1/2012R2 Yes Disabled by default Yes 2048 bits by default[91] No Yes No except AES_GCM No[90]
Schannel 10 Yes Disabled by default Yes 2048 bits by default[91] No Yes No Yes No[90]
Secure Transport OS X 10.6 Yes Yes except AES_GCM Yes Yes except AES_GCM yes except AES_GCM No
Secure Transport OS X 10.8-10.10 Yes No except AES_GCM No Yes except AES_GCM Yes except AES_GCM No
Secure Transport OS X 10.11 Yes No Yes No No Yes No Yes No
wolfSSL Yes No Yes No Yes Yes Yes Yes No
Erlang/OTP SSL application Yes No Yes Yes Yes Yes Yes Yes No
Implementation RSA[35] RSA-EXPORT (insecure)[35] DHE-RSA (forward secrecy)[35] DHE-DSS (forward secrecy)[35] ECDH-ECDSA[83] ECDHE-ECDSA (forward secrecy)[83] ECDH-RSA[83] ECDHE-RSA (forward secrecy)[83] GOST R 34.10-94, 34.10-2001[84]

Key exchange algorithms (alternative key-exchanges) edit

Implementation SRP[95] SRP-DSS[95] SRP-RSA[95] PSK-RSA[96] PSK[96] DHE-PSK (forward secrecy)[96] ECDHE-PSK (forward secrecy)[97] KRB5[98] DH-ANON[35] (insecure) ECDH-ANON[83] (insecure)
Botan No No No No Yes No Yes No No No
BSAFE SSL-J No No No No Yes[99] No No No Disabled by default Disabled by default
cryptlib No No No No Yes Yes No Un­known No No
GnuTLS Yes Yes Yes Yes Yes Yes Yes No Disabled by default Disabled by default
JSSE No No No No No No No No Disabled by default Disabled by default
LibreSSL No[100] No[100] No[100] No No No No No Yes Yes
MatrixSSL No No No Yes Yes Yes No No Disabled by default No
Mbed TLS No No No Yes Yes Yes Yes No No No
NSS No[101] No[101] No[101] No[102] No[102] No[102] No[102] No Client side only, disabled by default[103] Disabled by default[104]
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes[105] Disabled by default[106] Disabled by default[106]
Schannel No No No No No No No Yes No No
Secure Transport No No No No No No No Un­known Yes Yes
wolfSSL Yes Yes Yes Yes Yes Yes Yes[107] Yes No No
Erlang/OTP SSL application Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default No No Disabled by default Disabled by default
Implementation SRP[95] SRP-DSS[95] SRP-RSA[95] PSK-RSA[96] PSK[96] DHE-PSK (forward secrecy)[96] ECDHE-PSK (forward secrecy)[97] KRB5[98] DH-ANON[35] (insecure) ECDH-ANON[83] (insecure)

Certificate verification methods edit

Implementation Application-defined PKIX path validation[108] CRL[109] OCSP[110] DANE (DNSSEC)[111] Trust on First Use (TOFU) CT[112]
Botan Yes Yes Yes Yes No No Un­known
Bouncy Castle Yes Yes Yes Yes Yes No Un­known
BSAFE Yes Yes Yes Yes No No Un­known
cryptlib Yes Yes Yes Yes No No Un­known
GnuTLS Yes Yes Yes Yes Yes Yes Un­known
JSSE Yes Yes Yes Yes No No No
LibreSSL Yes Yes Yes Yes No No Un­known
MatrixSSL Yes Yes Yes Yes[113] No No Un­known
Mbed TLS Yes Yes Yes No[114] No No Un­known
NSS Yes Yes Yes Yes No[115] No Un­known
OpenSSL Yes Yes Yes Yes Yes No Yes
s2n No [116] Un­known [117] Un­known [118]
Schannel Un­known Yes Yes[119] Yes[119] No No Un­known
Secure Transport Yes Yes Yes Yes No No Un­known
wolfSSL Yes Yes Yes Yes No No Un­known
Erlang/OTP SSL application Yes Yes Yes No No No Un­known
Implementation Application-defined PKIX path validation CRL OCSP DANE (DNSSEC) Trust on First Use (TOFU) CT

Encryption algorithms edit

Implementation Block cipher with mode of operation Stream cipher None
AES GCM
[120]		 AES CCM
[121]		 AES CBC Camellia GCM
[122]		 Camellia CBC
[123]		 ARIA GCM
[124]		 ARIA CBC
[124]		 SEED CBC
[125]		 3DES EDE CBC
(insecure)[126]		 GOST 28147-89 CNT
(proposed)
[84][n 1]		 ChaCha20-Poly1305
[127]		 Null
(insecure)
[n 2]
Botan Yes Yes Yes Yes Yes No No Disabled by default Disabled by default No Yes[128] Not implemented
BoringSSL Yes No Yes No No No No No Yes No Yes
BSAFE SSL-J Yes Yes Yes No No No No No Disabled by default No No Disabled by default
cryptlib Yes No Yes No No No No No Yes No No Not implemented
GnuTLS Yes Yes[39] Yes Yes Yes No No No Disabled by default[129] No Yes[130] Disabled by default
JSSE Yes No Yes No No No No No Disabled by default[131] No Yes
(JDK 12+)[132]		 Disabled by default
LibreSSL Yes[43] No Yes No Yes[85] No No No[43] Yes Yes[85] Yes[43] Disabled by default
MatrixSSL Yes No Yes No No No No Yes Disabled by default No Yes[133] Disabled by default
Mbed TLS Yes Yes [134] Yes Yes Yes Yes[135] Yes[135] No No[47] No Yes[136] Disabled by default at compile time
NSS Yes[137] No Yes No[138][n 3] Yes[139] No No Yes[140] Yes No[87][88] Yes[141] Disabled by default
OpenSSL Yes[142] Disabled by default[54] Yes No Disabled by default[54] Disabled by default[143] No Disabled by default[54] Disabled by default[54] Yes[89] Yes[54] Disabled by default
Schannel XP/2003 No No 2003 only[144] No No No No No Yes No[90] No Disabled by default
Schannel Vista/2008, 2008R2, 2012 No No Yes No No No No No Yes No[90] No Disabled by default
Schannel 7, 8, 8.1/2012R2 Yes except ECDHE_RSA
[92][93]		 No Yes No No No No No Yes No[90] No Disabled by default
Schannel 10[145] Yes No Yes No No No No No Yes No[90] No Disabled by default
Secure Transport OS X 10.6 - 10.10 No No Yes No No No No No Yes No No Disabled by default
Secure Transport OS X 10.11 Yes No Yes No No No No No Yes No No Disabled by default
wolfSSL Yes Yes Yes No No No No No Yes No Yes Disabled by default
Erlang/OTP SSL application Yes No Yes No No No No No Disabled by default No Experimental Disable by default
Implementation Block cipher with mode of operation Stream cipher None
AES GCM
[120]		 AES CCM
[121]		 AES CBC Camellia GCM
[122]		 Camellia CBC
[123]		 ARIA GCM
[124]		 ARIA CBC
[124]		 SEED CBC
[125]		 3DES EDE CBC
(insecure)[126]		 GOST 28147-89 CNT
(proposed)
[84][n 1]		 ChaCha20-Poly1305
[127]		 Null
(insecure)
[n 2]
Notes
  1. ^ a b This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.
  2. ^ a b authentication only, no encryption
  3. ^ This algorithm is implemented in an NSS fork used by Pale Moon.

Obsolete algorithms edit

Implementation Block cipher with mode of operation Stream cipher
IDEA CBC
[n 1](insecure)[147]		 DES CBC
(insecure)
[n 1]		 DES-40 CBC
(EXPORT, insecure)
[n 2]		 RC2-40 CBC
(EXPORT, insecure)
[n 2]		 RC4-128
(insecure)
[n 3]		 RC4-40
(EXPORT, insecure)
[n 4][n 2]
Botan No No No No No[148] No
BoringSSL No No No No Disabled by default at compile time No
BSAFE SSL-J No Disabled by default Disabled by default No Disabled by default Disabled by default
cryptlib No Disabled by default at compile time No No Disabled by default at compile time No
GnuTLS No No No No Disabled by default[39] No
JSSE No Disabled by default Disabled by default No Disabled by default Disabled by default [149]
LibreSSL Yes Yes No[43] No[43] Yes No[43]
MatrixSSL Yes No No No Disabled by default No
Mbed TLS No Disabled by default at compile time No No Disabled by default at compile time[48] No
NSS Yes Disabled by default Disabled by default Disabled by default Lowest priority[150][151] Disabled by default
OpenSSL Disabled by default[54] Disabled by default No[54] No[54] Disabled by default No[54]
Schannel XP/2003 No Yes Yes Yes Yes Yes
Schannel Vista/2008 No Disabled by default Disabled by default Disabled by default Yes Disabled by default
Schannel 7/2008R2 No Disabled by default Disabled by default Disabled by default Lowest priority
will be disabled soon[152]		 Disabled by default
Schannel 8/2012 No Disabled by default Disabled by default Disabled by default Only as fallback Disabled by default
Schannel 8.1/2012R2 No Disabled by default Disabled by default Disabled by default Disabled by default[152] Disabled by default
Schannel 10[145] No Disabled by default Disabled by default Disabled by default Disabled by default[152] Disabled by default
Secure Transport OS X 10.6 Yes Yes Yes Yes Yes Yes
Secure Transport OS X 10.7 Yes Un­known Un­known Un­known Yes Un­known
Secure Transport OS X 10.8-10.9 Yes Disabled by default Disabled by default Disabled by default Yes Disabled by default
Secure Transport OS X 10.10-10.11 Yes Disabled by default Disabled by default Disabled by default Lowest priority Disabled by default
Secure Transport macOS 10.12 Yes Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default
wolfSSL Disabled by default[153] No No No Disabled by default No
Erlang/OTP SSL application no Disabled by default no no Disabled by default no
Implementation Block cipher with mode of operation Stream cipher
IDEA CBC
[n 1](insecure)[147]		 DES CBC
(insecure)
[n 1]		 DES-40 CBC
(EXPORT, insecure)
[n 2]		 RC2-40 CBC
(EXPORT, insecure)
[n 2]		 RC4-128
(insecure)
[n 3]		 RC4-40
(EXPORT, insecure)
[n 4][n 2]
Notes
  1. ^ a b c d IDEA and DES have been removed from TLS 1.2.[146]
  2. ^ a b c d e f 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later.
  3. ^ a b The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465.
  4. ^ a b The RC4 attacks weaken or break RC4 used in SSL/TLS.

Supported elliptic curves edit

This section lists the supported elliptic curves by each implementation.

Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier) edit

applicable TLS version TLS 1.3 and earlier TLS 1.2 and earlier
Implementation secp256r1
prime256v1
NIST P-256
(0x0017,[154] 23[155]) 		secp384r1
NIST P-384
(0x0018,[154] 24[155]) 		secp521r1
NIST P-521
(0x0019,[154] 25[155]) 		X25519
(0x001D,[154] 29[155]) 		X448
(0x001E,[154] 30[155]) 		brainpoolP256r1
(26)[156]		 brainpoolP384r1
(27)[156]		 brainpoolP512r1
(28)[156]
Botan Yes Yes Yes Yes[128] No Yes[157] Yes[157] Yes[157]
BoringSSL Yes Yes Yes (disabled by default) Yes No No No No
BSAFE Yes Yes Yes No No No No No
GnuTLS Yes Yes Yes Yes[158] Yes[159] No No No
JSSE Yes Yes Yes Yes
x25519: JDK 13+[160]
Ed25519:JDK 15+[161]		 Yes
x448: JDK 13+[160]
Ed448: JDK 15+[161]		 No No No
LibreSSL Yes Yes Yes Yes[162] No Yes[43] Yes[43] Yes[43]
MatrixSSL Yes Yes Yes TLS 1.3 only[163] No Yes Yes Yes
Mbed TLS Yes Yes Yes Primitive only[164] Primitive only[165] Yes[166] Yes[166] Yes[166]
NSS Yes Yes Yes Yes[167] No[168][169] No[170] No[170] No[170]
OpenSSL Yes Yes Yes Yes[171][172] Yes[173][174] Yes[56] Yes[56] Yes[56]
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 Yes Yes Yes No No No No No
Secure Transport Yes Yes Yes No No No No No
wolfSSL Yes Yes Yes Yes[175] Yes[176] Yes Yes Yes
Erlang/OTP SSL application Yes Yes Yes No No Yes Yes Yes
Implementation secp256r1
prime256v1
NIST P-256
(0x0017, 23) 		secp384r1
NIST P-384
(0x0018, 24) 		secp521r1
NIST P-521
(0x0019, 25) 		X25519
(0x001D, 29) 		X448
(0x001E, 30) 		brainpoolP256r1
(26) 		brainpoolP384r1
(27) 		brainpoolP512r1
(28)

Proposed curves edit

Implementation M221
Curve2213
[177]		 E222
[177]		 Curve1174
[177]		 E382
[177]		 M383
[177]		 Curve383187
[177]		 Curve41417
Curve3617
[177]		 M511
Curve511187
[177]		 E521
[177]
Botan No No No No No No No No No
BoringSSL No No No No No No No No No
BSAFE No No No No No No No No No
GnuTLS No No No No No No No No No
JSSE No No No No No No No No No
LibreSSL No No No No No No No No No
MatrixSSL No No No No No No No No No
Mbed TLS No No No No No No No No No
NSS No No No No No No No No No
OpenSSL No No No No No No No No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 No No No No No No No No No
Secure Transport No No No No No No No No No
wolfSSL No No No No No No No No No
Erlang/OTP SSL application No No No No No No No No No
Implementation M221
Curve2213 		E222 Curve1174 E382 M383 Curve383187 Curve41417
Curve3617 		M511
Curve511187 		E521

Deprecated curves in RFC 8422 edit

Implementation sect163k1
NIST K-163
(1)[83]		 sect163r1
(2)[83]		 sect163r2
NIST B-163
(3)[83]		 sect193r1
(4)[83]		 sect193r2
(5)[83]		 sect233k1
NIST K-233
(6)[83]		 sect233r1
NIST B-233
(7)[83]		 sect239k1
(8)[83]		 sect283k1
NIST K-283
(9)[83]		 sect283r1
NIST B-283
(10)[83]		 sect409k1
NIST K-409
(11)[83]		 sect409r1
NIST B-409
(12)[83]		 sect571k1
NIST K-571
(13)[83]		 sect571r1
NIST B-571
(14)[83]
Botan No No No No No No No No No No No No No No
BoringSSL No No No No No No No No No No No No No No
BSAFE Yes No Yes No No Yes Yes No Yes Yes Yes Yes Yes Yes
GnuTLS No No No No No No No No No No No No No No
JSSE Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b]
LibreSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
MatrixSSL No No No No No No No No No No No No No No
Mbed TLS No No No No No No No No No No No No No No
NSS Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 No No No No No No No No No No No No No No
Secure Transport No No No No No No No No No No No No No No
wolfSSL No No No No No No No No No No No No No No
Erlang/OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Implementation sect163k1
NIST K-163
(1) 		sect163r1
(2) 		sect163r2
NIST B-163
(3) 		sect193r1
(4) 		sect193r2
(5) 		sect233k1
NIST K-233
(6) 		sect233r1
NIST B-233
(7) 		sect239k1
(8) 		sect283k1
NIST K-283
(9) 		sect283r1
NIST B-283
(10) 		sect409k1
NIST K-409
(11) 		sect409r1
NIST B-409
(12) 		sect571k1
NIST K-571
(13) 		sect571r1
NIST B-571
(14)
Implementation secp160k1
(15)[83]		 secp160r1
(16)[83]		 secp160r2
(17)[83]		 secp192k1
(18)[83]		 secp192r1
prime192v1
NIST P-192
(19)[83]		 secp224k1
(20)[83]		 secp224r1
NIST P-244
(21)[83]		 secp256k1
(22)[83]		 arbitrary prime curves
(0xFF01)[83][180]		 arbitrary char2 curves
(0xFF02)[83][180]
Botan No No No No No No No No No No
BoringSSL No No No No No No Yes No No No
BSAFE No No No No Yes No Yes No No No
GnuTLS No No No No Yes No Yes No No No
JSSE Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] Notes[a][b] No No
LibreSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
MatrixSSL No No No No Yes No Yes No No No
Mbed TLS No No No Yes Yes Yes Yes Yes No No
NSS Yes Yes Yes Yes Yes Yes Yes Yes No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 No No No No No No No No No No
Secure Transport No No No No Yes No No No No No
wolfSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
Erlang/OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes No No
Implementation secp160k1
(15) 		secp160r1
(16) 		secp160r2
(17) 		secp192k1
(18) 		secp192r1
prime192v1
NIST P-192
(19) 		secp224k1
(20) 		secp224r1
NIST P-244
(21) 		secp256k1
(22) 		arbitrary prime curves
(0xFF01) 		arbitrary char2 curves
(0xFF02)
Notes
  1. ^ a b c d e f g h i j k l m n o p q r s t u v These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[178]
  2. ^ a b c d e f g h i j k l m n o p q r s t u v These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[179]

Data integrity edit

Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA256/384 AEAD GOST 28147-89 IMIT[84] GOST R 34.11-94[84]
Botan No Yes Yes Yes No No
BSAFE Yes Yes Yes Yes No No
cryptlib Yes Yes Yes Yes No No
GnuTLS Yes Yes Yes Yes No No
JSSE Disabled by Default Yes Yes Yes No No
LibreSSL Yes Yes Yes Yes Yes[85] Yes[85]
MatrixSSL Yes Yes Yes Yes No No
Mbed TLS Yes Yes Yes Yes No No
NSS Yes Yes Yes Yes No[87][88] No[87][88]
OpenSSL Yes Yes Yes Yes Yes[89] Yes[89]
Schannel XP/2003, Vista/2008 Yes Yes XP SP3, 2003 SP2 via hotfix[181] No No[90] No[90]
Schannel 7/2008R2, 8/2012, 8.1/2012R2 Yes Yes Yes except ECDHE_RSA[92][93][94] No[90] No[90]
Schannel 10 Yes Yes Yes Yes[145] No[90] No[90]
Secure Transport Yes Yes Yes Yes No No
wolfSSL Yes Yes Yes Yes No No
Erlang/OTP SSL application Yes Yes Yes Yes No No
Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA256/384 AEAD GOST 28147-89 IMIT GOST R 34.11-94

Compression edit

Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.

Implementation DEFLATE[182]
(insecure)
Botan No
BSAFE[38] No
cryptlib No
GnuTLS Disabled by default
JSSE No
LibreSSL No[43]
MatrixSSL Disabled by default
Mbed TLS Disabled by default
NSS Disabled by default
OpenSSL Disabled by default
Schannel No
Secure Transport No
wolfSSL Disabled by default
Erlang/OTP SSL application No
Implementation DEFLATE

Extensions edit

In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security[citation needed]. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.

Implementation Secure Renegotiation
[183]		 Server Name Indication
[184]		 ALPN
[185]		 Certificate Status Request
[184]		 OpenPGP
[186]		 Supplemental Data
[187]		 Session Ticket
[188]		 Keying Material Exporter
[189]		 Maximum Fragment Length
[184]		 Truncated HMAC
[184]		 Encrypt-then-MAC
[190]		 TLS Fallback SCSV
[191]		 Extended Master Secret
[192]		 ClientHello Padding
[193]		 Raw Public Keys
[194]
Botan Yes Yes Yes[195] No No No Yes Yes Yes No Yes Yes[196] Yes[197] No Un­known
BSAFE SSL-J Yes Yes No Yes No No No No Yes No No No Yes No No
cryptlib Yes Yes No No No Yes No No No[198] No Yes Yes Yes No Un­known
GnuTLS Yes Yes Yes[199] Yes No[200] Yes Yes Yes Yes No Yes[39] Yes[201] Yes[39] Yes[202] Yes[203]
JSSE Yes Yes[68] Yes[68] Yes No No Yes No Yes No No No Yes No No
LibreSSL Yes Yes Yes[204] Yes No No? Yes Yes? No No No Server side only[205] No Yes No
MatrixSSL Yes Yes Yes[206] Yes[133] No No Yes No Yes Yes No Yes[133] Yes[133] No Un­known
Mbed TLS Yes Yes Yes[207] No No No Yes No Yes Disabled by default[48] Yes[208] Yes[208] Yes[208] No No
NSS Yes Yes Yes[209] Yes No[210] No Yes Yes No No No[211] Yes[212] Yes[213] Yes[209] Un­known
OpenSSL Yes Yes Yes[56] Yes No No? Yes Yes Yes No Yes Yes[214] Yes[54] Yes[215] Yes[216]
Schannel XP/2003 No No No No No Yes No No No No No No No No Un­known
Schannel Vista/2008 Yes Yes No No No Yes No No No No No No Yes[217] No Un­known
Schannel 7/2008R2 Yes Yes No Yes No Yes No No No No No No Yes[217] No Un­known
Schannel 8/2012 Yes Yes No Yes No Yes Client side only[218] No No No No No Yes[217] No Un­known
Schannel 8.1/2012R2, 10 Yes Yes Yes Yes No Yes Yes[218] No No No No No Yes[217] No Un­known
Secure Transport Yes Yes Un­known No No Yes No No No No No No No No Un­known
wolfSSL Yes Yes Yes[153] Yes No No Yes No Yes Yes Yes[219] No Yes No Un­known
Erlang/OTP SSL application Yes Yes Yes No No No No No No No No Yes No No Un­known
Implementation Secure Renegotiation Server Name Indication ALPN Certificate Status Request OpenPGP Supplemental Data Session Ticket Keying Material Exporter Maximum Fragment Length Truncated HMAC Encrypt-then-MAC TLS Fallback SCSV Extended Master Secret ClientHello Padding Raw Public Keys

Assisted cryptography edit

This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.

Implementation PKCS #11 device Intel AES-NI VIA PadLock ARMv8-A Intel SGX Intel QAT Intel SHA NXP CAAM
Botan Yes[220] Yes No Yes No No No
BSAFE SSL-J [a][b] Yes Yes No Yes No No Yes No
cryptlib Yes Yes Yes No No
Crypto++ Yes No Yes
GnuTLS Yes Yes Yes Yes[223] No No Yes
JSSE Yes Yes[224] No No No No
LibreSSL No Yes Yes No No
MatrixSSL Yes Yes No Yes No No
Mbed TLS Yes Yes[225] Yes No No No
NSS Yes[226] Yes[227] No[228] No No No
OpenSSL Yes[229] Yes Yes Yes[230] No Yes Partial
Schannel No Yes No No No No
Secure Transport No Yes[231][232] No Yes No No
wolfSSL Yes Yes No Yes Yes Yes[233] Yes[234]
Implementation PKCS #11 device Intel AES-NI VIA PadLock ARMv8-A Intel SGX Intel QAT Intel SHA NXP CAAM
  1. ^ Pure Java implementations relies on JVM processor optimization capabilities, such as OpenJDK support for AES-NI[221]
  2. ^ BSAFE SSL-J can be configured to run in native mode, using BSAFE Crypto-C Micro Edition to benefit from processor optimization.[222]

System-specific backends edit

This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.

Implementation /dev/crypto af_alg Windows CSP CommonCrypto OpenSSL engine
Botan No No No No Partial
BSAFE No No No No No
cryptlib No No No No No
GnuTLS Yes Yes No No No
JSSE No No Yes No No
LibreSSL No No No No No[235]
MatrixSSL No No No Yes Yes
Mbed TLS No No No No No
NSS No No No No No
OpenSSL Yes Yes No No Yes
Schannel No No Yes No No
Secure Transport No No No Yes No
wolfSSL Yes Yes Partial No Yes[236]
Erlang/OTP SSL application No No No No Yes
Implementation /dev/crypto af_alg Windows CSP CommonCrypto OpenSSL engine

Cryptographic module/token support edit

Implementation TPM support Hardware token support Objects identified via
Botan Partial[197] PKCS #11
BSAFE SSL-J No No
cryptlib No PKCS #11 User-defined label
GnuTLS Yes PKCS #11 RFC 7512 PKCS #11 URLs[237]
JSSE No PKCS11 Java Cryptography Architecture,
Java Cryptography Extension
LibreSSL Yes PKCS #11 (via 3rd party module) Custom method
MatrixSSL No PKCS #11
Mbed TLS No PKCS #11 (via libpkcs11-helper) or standard hooks Custom method
NSS No PKCS #11
OpenSSL Yes PKCS #11 (via 3rd party module)[238] RFC 7512 PKCS #11 URLs[237]
Schannel No Microsoft CryptoAPI UUID, User-defined label
Secure Transport
wolfSSL Yes PKCS #11
Implementation TPM support Hardware token support Objects identified via

Code dependencies edit

Implementation Dependencies Optional dependencies
Botan C++20 SQLite
zlib (compression)
bzip2 (compression)
liblzma (compression)
boost
trousers (TPM)
GnuTLS libc
nettle
gmp 		zlib (compression)
p11-kit (PKCS #11)
trousers (TPM)
libunbound (DANE)
JSSE Java
MatrixSSL none zlib (compression)
MatrixSSL-open libc or newlib
Mbed TLS libc libpkcs11-helper (PKCS #11)
zlib (compression)
NSS libc
libnspr4
libsoftokn3
libplc4
libplds4 		zlib (compression)
OpenSSL libc zlib (compression)
wolfSSL None libc
zlib (compression)
Erlang/OTP SSL application libcrypto (from OpenSSL), Erlang/OTP and its public_key, crypto and asn1 applications Erlang/OTP -inets (http fetching of CRLs)
Implementation Dependencies Optional dependencies

Development environment edit

Implementation Namespace Build tools API manual Crypto back-end OpenSSL compatibility Layer[clarify]
Botan Botan::TLS Makefile Sphinx Included (pluggable) No
Bouncy Castle org.bouncycastle Java Development Environment Programmers reference manual (PDF) Included (pluggable) No
BSAFE SSL-J com.rsa.asn1[a]

com.rsa.certj[b]
com.rsa.jcp[c]
com.rsa.jsafe[d]
com.rsa.ssl[e]
com.rsa.jsse[f]

 Java classloader Javadoc, Developer's guide (HTML) Included No
cryptlib crypt* makefile, MSVC project workspaces Programmers reference manual (PDF), architecture design manual (PDF) Included (monolithic) No
GnuTLS gnutls_* Autoconf, automake, libtool Manual and API reference (HTML, PDF) External, libnettle Yes (limited)
JSSE javax.net.ssl

sun.security.ssl

Makefile API Reference (HTML) +

JSSE Reference Guide

Java Cryptography Architecture,
Java Cryptography Extension 		No
MatrixSSL matrixSsl_*

ps*

Makefile, MSVC project workspaces, Xcode projects for OS X and iOS API Reference (PDF), Integration Guide Included (pluggable) Yes (Subset: SSL_read, SSL_write, etc.)
Mbed TLS mbedtls_ssl_*

mbedtls_sha1_*
mbedtls_md5_*
mbedtls_x509*
...

Makefile, CMake, MSVC project workspaces, yotta API Reference + High Level and Module Level Documentation (HTML) Included (monolithic) No
NSS CERT_*

SEC_*
SECKEY_*
NSS_*
PK11_*
SSL_*
...

Makefile Manual (HTML) Included, PKCS#11 based[239] Yes (separate package called nss_compat_ossl[240])
OpenSSL SSL_*

SHA1_*
MD5_*
EVP_*
...

Makefile Man pages Included (monolithic)
wolfSSL wolfSSL_*

CyaSSL_*
SSL_*

Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC, e2Studio Manual and API Reference (HTML, PDF) Included (monolithic) Yes (about 60% of API)
Implementation Namespace Build tools API manual Crypto back-end OpenSSL compatibility layer
  1. ^
    ASN.1 manipulation classes
  2. ^
    Cert-J proprietary API
  3. ^
    Certificate Path manipulation classes
  4. ^
    Crypto-J proprietary API, JCE, CMS and PKI
    5. API
  5. ^
    SSLJ proprietary API
  6. ^
    JSSE API

Portability concerns edit

Implementation Platform requirements Network requirements Thread safety Random seed Able to cross-compile No OS (bare metal) Supported operating systems
Botan C++11 None Thread-safe Platform-dependent Yes Windows, Linux, macOS, Android, iOS, FreeBSD, OpenBSD, Solaris, AIX, HP-UX, QNX, BeOS, IncludeOS
BSAFE SSL-J Java Java SE network components Thread-safe Depends on java.security.SecureRandom Yes No FreeBSD, Linux, macOS, Microsoft Windows, Android, AIX, Solaris
cryptlib C89 POSIX send() and recv(). API to supply your own replacement Thread-safe Platform-dependent, including hardware sources Yes Yes AMX, BeOS, ChorusOS, DOS, eCos, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK
GnuTLS C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available. Platform dependent Yes No Generally any POSIX platforms or Windows, commonly tested platforms include Linux, Win32/64, macOS, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
JSSE Java Java SE network components Thread-safe Depends on java.security.SecureRandom Yes Java based, platform-independent
MatrixSSL C89 None Thread-safe Platform dependent Yes Yes All
Mbed TLS C89 POSIX read() and write(). API to supply your own replacement. Threading layer available (POSIX or own hooks) Random seed set through entropy pool Yes Yes Known to work on: Win32/64, Linux, macOS, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, eCos, SeggerOS, RISC OS
NSS C89, NSPR[241] NSPR[241] PR_Send() and PR_Recv(). API to supply your own replacement. Thread-safe Platform dependent[242] Yes (but cumbersome) No AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, macOS, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation
OpenSSL C89 None Thread-safe Platform dependent Yes No Unix-like, DOS (with djgpp), Windows, OpenVMS, NetWare, eCos
wolfSSL C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe Random seed set through wolfCrypt Yes Yes Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Project, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, eCos, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, Keil RTX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, TOPPERS, PetaLinux, Apache mynewt
Implementation Platform requirements Network requirements Thread safety Random seed Able to cross-compile No OS (bare metal) Supported operating systems

See also edit

  • SCTP — with DTLS support
  • DCCP — with DTLS support
  • SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)

References edit

  1. ^ "Botan: Release Notes". Retrieved 2023-10-09.
  2. ^ "Release Notes - bouncycastle.org". 2023-11-13. Retrieved 2023-11-18.
  3. ^ "Java LTS Resources - bouncycastle.org". 2024-01-22. Retrieved 2024-01-22.
  4. ^ "Java FIPS Resources - bouncycastle.org". 2023-09-28. Retrieved 2022-09-29.
  5. ^ "The Legion of the Bouncy Castle C# Cryptography APIs". 2024-02-05. Retrieved 2024-02-06.
  6. ^ "C# .NET FIPS Resources - bouncycastle.org". 2023-02-28. Retrieved 2023-02-28.
  7. ^ "Dell BSAFE SSL-J 6.5.1 Release Advisory". Dell.
  8. ^ "Dell BSAFE SSL-J 7.2 Release Advisory". Dell.
  9. ^ "Dell BSAFE Micro Edition Suite 4.6.2 Release Advisory".
  10. ^ "Dell BSAFE Micro Edition Suite 5.0.2.1 Release Advisory".
  11. ^ Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07.
  12. ^ "[gnutls-help] gnutls 3.8.3".
  13. ^ "JDK Releases". Oracle Corporation. Retrieved 2022-12-09.
  14. ^ "JDK Releases". Oracle Corporation. Retrieved 2024-01-17.
  15. ^ Brent Cook (9 March 2024). "LibreSSL 3.8.3 Released". Retrieved 10 March 2024.
  16. ^ The features listed are for the closed source version
  17. ^ "MatrixSSL 4.2.2 Open release". 2019-09-11. Retrieved 2020-03-20.
  18. ^ "Release 3.5.2". 26 January 2024.
  19. ^ a b "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
  20. ^ "Release OpenSSL 3.2.1".
  21. ^ "wolfSSL product description". Retrieved 2016-05-03.
  22. ^ "wolfSSL Embedded SSL/TLS". Retrieved 2016-05-03.
  23. ^ "wolfSSL ChangeLog". 2023-10-31. Retrieved 2023-10-31.
  24. ^ Prohibiting Secure Sockets Layer (SSL) Version 2.0. doi:10.17487/RFC6176. RFC 6176.
  25. ^ Vaudenay, Serge (2001). "CBC-Padding: Security Flaws in SSL, IPsec, WTLS,..." (PDF).
  26. ^ Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security. doi:10.17487/RFC7366. RFC 7366.
  27. ^ . Archived from the original on 2016-03-11.
  28. ^ Möller, Bodo; Duong, Thai; Kotowicz, Krzysztof (September 2014). "This POODLE Bites: Exploiting The SSL 3.0 Fallback" (PDF). Retrieved 15 October 2014.
  29. ^ "TLSv1.2's Major Differences from TLSv1.1". The Transport Layer Security (TLS) Protocol Version 1.2. sec. 1.2. doi:10.17487/RFC5246. RFC 5246.
  30. ^ a b c RFC 6347
  31. ^ a b Elgamal, Taher; Hickman, Kipp E. B. (19 April 1995). The SSL Protocol. I-D draft-hickman-netscape-ssl-00.
  32. ^ a b RFC 6101
  33. ^ a b RFC 2246
  34. ^ a b RFC 4346
  35. ^ a b c d e f g h i j k l RFC 5246
  36. ^ a b RFC 4347
  37. ^ . 2015-01-11. Archived from the original on 2015-01-09. Retrieved 2015-01-16.
  38. ^ a b c (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09.
  39. ^ a b c d e f "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16.
  40. ^ "[gnutls-devel] GnuTLS 3.6.3". 2018-07-16. Retrieved 2018-09-16.
  41. ^ "Java™ SE Development Kit 8, Update 31 Release Notes". Retrieved 2024-01-14.
  42. ^ a b "Release Note: Disable TLS 1.0 and 1.1". Retrieved 2024-01-14.
  43. ^ a b c d e f g h i j k l m "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20.
  44. ^ "LibreSSL 2.3.0 Released". 2015-09-23. Retrieved 2015-09-24.
  45. ^ "LibreSSL 3.3.3 Released". 2021-05-04. Retrieved 2021-05-04.
  46. ^ . Archived from the original on 2015-02-14. Retrieved 2014-11-09.
  47. ^ a b c d "Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13.
  48. ^ a b c d "mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14.
  49. ^ . Mozilla Developer Network. Mozilla. Archived from the original on 2015-06-05. Retrieved 2015-05-06.
  50. ^ a b . Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27.
  51. ^ "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10.
  52. ^ . Mozilla Developer Network. Mozilla. 2018-08-31. Archived from the original on 2021-12-07. Retrieved 2018-09-15.
  53. ^ . Mozilla Developer Network. Mozilla. 2014-06-30. Archived from the original on 2021-12-07. Retrieved 2014-06-30.
  54. ^ a b c d e f g h i j k l m . www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03.
  55. ^ a b . 2012-03-14. Archived from the original on December 5, 2014. Retrieved 2015-01-20.
  56. ^ a b c d e f . Archived from the original on September 4, 2014. Retrieved 2015-01-22.
  57. ^ "S2N Readme". GitHub. 2019-12-21.
  58. ^ "TLS Cipher Suites (Windows)". msdn.microsoft.com. 14 July 2023.
  59. ^ a b "TLS Cipher Suites in Windows Vista (Windows)". msdn.microsoft.com. 25 October 2021.
  60. ^ a b c "Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023.
  61. ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
  62. ^ "Protocols in TLS/SSL (Schannel SSP)". Microsoft. 2022-05-25. Retrieved 2023-11-18.
  63. ^ "Protocols in TLS/SSL (Schannel SSP)". 25 May 2022. Retrieved 6 November 2022.
  64. ^ "@badger: the 1.3 stuff is apparently in iOS 11 and macOS 10.13". 2018-03-09. Retrieved 2018-03-09.
  65. ^ "[wolfssl] wolfSSL 3.6.6 Released". 2015-08-20. Retrieved 2015-08-24.
  66. ^ "[wolfssl] wolfSSL 3.13.0 Released". 2017-12-21. Retrieved 2022-01-17.
  67. ^ "Erlang -- Standards Compliance".
  68. ^ a b c "Security Enhancements in JDK 8". docs.oracle.com.
  69. ^ "Bug 663320 - (NSA-Suite-B-TLS) Implement RFC6460 (NSA Suite B profile for TLS)". Mozilla. Retrieved 2014-05-19.
  70. ^ "Introducing Compliance to Suite B Cryptography". 18 September 2012.
  71. ^ . Archived from the original on December 27, 2013.
  72. ^ . csrc.nist.gov. Archived from the original on 2014-12-26. Retrieved 2014-03-18.
  73. ^ . Archived from the original on 2014-11-29. Retrieved 2014-11-16.
  74. ^ "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. 11 October 2016.
  75. ^ . 11 October 2013. Archived from the original on 11 October 2013.
  76. ^ "B.5 Certification". GnuTLS 3.7.7. Retrieved 26 September 2022.
  77. ^ "Matrix SSL Toolkit" (PDF).
  78. ^ "Is mbed TLS FIPS certified? - Mbed TLS documentation". Mbed TLS documentation.
  79. ^ "FIPS Validation - MozillaWiki". wiki.mozilla.org.
  80. ^ . Archived from the original on 2013-05-28. Retrieved 2014-11-15.
  81. ^ "Microsoft FIPS 140 Validated Cryptographic Modules".
  82. ^ "wolfCrypt FIPS 140-2 Information - wolfSSL Embedded SSL/TLS Library".
  83. ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah RFC 4492
  84. ^ a b c d e "LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20.
  85. ^ . Mozilla. 2015-08-19. Archived from the original on 2021-12-07. Retrieved 2015-08-20.
  86. ^ a b c d Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01.
  87. ^ a b c d Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01.
  88. ^ a b c d "OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12.
  89. ^ a b c d e f g h i j k l m n o Extensions to support GOST in Schannel might be available.[citation needed]
  90. ^ a b c d "Microsoft Security Advisory 3174644". 14 October 2022.
  91. ^ a b c "Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014.
  92. ^ a b c Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014.
  93. ^ a b "Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2". support.microsoft.com.
  94. ^ a b c d e f RFC 5054
  95. ^ a b c d e f RFC 4279
  96. ^ a b RFC 5489
  97. ^ a b RFC 2712
  98. ^ . 2018-09-05. Archived from the original on 2018-09-10.
  99. ^ a b c "LibreSSL 2.0.4 released". Retrieved 2014-08-04.
  100. ^ a b c "Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25.
  101. ^ a b c d "Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25.
  102. ^ "Bug 1170510 - Implement NSS server side support for DH_anon". Mozilla. Retrieved 2015-06-03.
  103. ^ "Bug 236245 - Update ECC/TLS to conform to RFC 4492". Mozilla. Retrieved 2014-06-09.
  104. ^ "Changes between 0.9.6h and 0.9.7 [31 Dec 2002]". Retrieved 2016-01-29.
  105. ^ a b "Changes between 0.9.8n and 1.0.0 [29 Mar 2010]". Retrieved 2016-01-29.
  106. ^ "wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016)". 2016-03-18. Retrieved 2016-04-05.
  107. ^ RFC 5280
  108. ^ RFC 3280
  109. ^ RFC 2560
  110. ^ RFC 6698, RFC 7218
  111. ^ Laurie, B.; Langley, A.; Kasper, E. (June 2013). Certificate Transparency. IETF. doi:10.17487/RFC6962. ISSN 2070-1721. RFC 6962. Retrieved 2020-08-31.
  112. ^ . Archived from the original on 2017-01-19. Retrieved 2017-01-18.
  113. ^ "mbed TLS 2.0 defaults implement best practices". Retrieved 2017-01-18.
  114. ^ "Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation". Mozilla. Retrieved 2014-06-18.
  115. ^ "CRL Validation · Issue #3499 · aws/s2n-tls". GitHub. Retrieved 2022-11-01.
  116. ^ "OCSP digest support for SHA-256 · Issue #2854 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01.
  117. ^ "[RFC 6962] s2n Client can Validate Signed Certificate Timestamp TLS Extension · Issue #457 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01.
  118. ^ a b "How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013.
  119. ^ a b RFC 5288, RFC 5289
  120. ^ a b RFC 6655, RFC 7251
  121. ^ a b RFC 6367
  122. ^ a b RFC 5932, RFC 6367
  123. ^ a b c d RFC 6209
  124. ^ a b RFC 4162
  125. ^ a b "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info.
  126. ^ a b RFC 7905
  127. ^ a b "Version 1.11.12, 2015-01-02 — Botan". 2015-01-02. Retrieved 2015-01-09.
  128. ^ "gnutls 3.6.0". 2017-09-21. Retrieved 2018-01-07.
  129. ^ . 2016-05-20. Archived from the original on 2016-10-13. Retrieved 2016-05-29.
  130. ^ "Java SE DevelopmentK Kit 10 - 10.0.1 Release Notes". 2018-04-17. Retrieved 2024-01-14.
  131. ^ "JDK 12 Release Notes". Retrieved 2024-01-14.
  132. ^ a b c d "Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link]
  133. ^ . Archived from the original on 2014-07-14.
  134. ^ a b "Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released". Retrieved 2018-08-30.
  135. ^ "Mbed TLS 2.12.0, 2.7.5 and 2.1.14 released". Retrieved 2018-08-30.
  136. ^ . Mozilla Developer Network. Mozilla. Archived from the original on 2021-12-07. Retrieved 2016-07-01.
  137. ^ "Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites". Mozilla. Retrieved 2013-11-19.
  138. ^ "NSS 3.12 is released". Retrieved 2013-11-19.
  139. ^ . Mozilla Developer Network. Mozilla. Archived from the original on 2023-04-02. Retrieved 2023-04-01.
  140. ^ . Mozilla Developer Network. Mozilla. Archived from the original on 2021-04-14. Retrieved 2016-03-09.
  141. ^ "openssl/CHANGES at OpenSSL_1_0_1-stable · openssl/openssl". GitHub. Retrieved 2015-01-20.
March 17, 2024
comparison, implementations, this, article, about, libraries, comparison, cryptographic, libraries, comparison, comparison, cryptography, libraries, secure, transport, redirects, here, transportation, valuables, armoured, valuables, this, article, uses, bare, . This article is about TLS libraries comparison For cryptographic libraries comparison see Comparison of cryptography libraries Secure Transport redirects here For the transportation of valuables see Armoured car valuables This article uses bare URLs which are uninformative and vulnerable to link rot Please consider converting them to full citations to ensure the article remains verifiable and maintains a consistent citation style Several templates and tools are available to assist in formatting such as reFill documentation and Citation bot documentation September 2022 Learn how and when to remove this template message The Transport Layer Security TLS protocol provides the ability to secure communications across or inside networks This comparison of TLS implementations compares several of the most notable libraries There are several TLS implementations which are free software and open source All comparison categories use the stable version of each implementation listed in the overview section The comparison is limited to features that directly relate to the TLS protocol Contents 1 Overview 2 TLS SSL protocol version support 3 NSA Suite B Cryptography 4 Certifications 5 Key exchange algorithms certificate only 6 Key exchange algorithms alternative key exchanges 7 Certificate verification methods 8 Encryption algorithms 8 1 Obsolete algorithms 9 Supported elliptic curves 9 1 Defined curves in RFC 8446 for TLS 1 3 and RFC 8422 7027 for TLS 1 2 and earlier 9 2 Proposed curves 9 3 Deprecated curves in RFC 8422 10 Data integrity 11 Compression 12 Extensions 13 Assisted cryptography 14 System specific backends 15 Cryptographic module token support 16 Code dependencies 17 Development environment 18 Portability concerns 19 See also 20 ReferencesOverview editImplementation Developed by Open source Software license Copyright holder Written in Latest stable version release date OriginBotan Jack Lloyd Yes Simplified BSD License Jack Lloyd C 3 2 0 October 9 2023 5 months ago 2023 10 09 1 US Vermont BoringSSL Google Yes OpenSSL SSLeay dual license ISC license Eric Young Tim Hudson Sun OpenSSL project Google and others C C Go assembly Australia EUBouncy Castle The Legion of the Bouncy Castle Inc Yes MIT License Legion of the Bouncy Castle Inc Java C Java1 77 November 13 2023 4 months ago 2023 11 13 2 Java LTSBC LJA 2 73 4 January 22 2024 53 days ago 2024 01 22 3 Java FIPSBC FJA 1 0 2 4 September 28 2023 5 months ago 2023 09 28 4 C 2 3 0 February 5 2024 39 days ago 2024 02 05 5 C FIPSBC FNA 1 0 2 February 28 2023 12 months ago 2023 02 28 6 AustraliaBSAFE Dell formerly RSA Security No Proprietary Dell Java C assembly SSL J 6 5 1 July 10 2023 8 months ago 2023 07 10 7 SSL J 7 2 December 20 2023 2 months ago 2023 12 20 8 Micro Edition Suite 4 6 2 May 2 2023 10 months ago 2023 05 02 9 Micro Edition Suite 5 0 2 1 September 18 2023 5 months ago 2023 09 18 10 Australiacryptlib Peter Gutmann Yes Sleepycat License and commercial license Peter Gutmann C 3 4 5 2019 5 years ago 2019 11 NZGnuTLS GnuTLS project Yes LGPL 2 1 or later Free Software Foundation C 3 8 3 12 nbsp 2024 01 16 EU Greece and Sweden Java Secure Socket Extension JSSE Oracle Yes GNU GPLv2 and commercial license Oracle Java 21 0 0 LTS September 19 2023 5 months ago 2023 09 19 17 0 6 LTS February 18 2023 12 months ago 2023 02 18 11 0 17 LTS October 18 2022 16 months ago 2022 10 18 13 8u401 LTS January 16 2024 59 days ago 2024 01 16 14 USLibreSSL OpenBSD Project Yes Apache 1 0 BSD 4 Clause ISC and public domain Eric Young Tim Hudson Sun OpenSSL project OpenBSD Project and others C assembly 3 8 3 15 nbsp 2024 03 09 CanadaMatrixSSL 16 PeerSec Networks Yes GNU GPLv2 and commercial license PeerSec Networks C 4 2 2 September 11 2019 4 years ago 2019 09 11 17 USMbed TLS previously PolarSSL Arm Yes Apache License 2 0 GNU GPLv2 and commercial license Arm Holdings C 3 5 2 18 nbsp 26 January 2024 49 days ago 26 January 2024 EU Netherlands Network Security Services NSS Mozilla AOL Red Hat Sun Oracle Google and others Yes MPL 2 0 NSS contributors C assembly Standard3 84 October 12 2022 17 months ago 2022 10 12 19 Extended Support Release3 79 1 August 18 2022 18 months ago 2022 08 18 19 USOpenSSL OpenSSL project Yes Apache 2 0 a Eric Young Tim Hudson Sun OpenSSL project and others C assembly 3 2 1 20 nbsp 2024 01 30 Australia EUs2n Amazon Yes Apache License 2 0 GNU GPLv2 and commercial license Amazon Inc C Continuous USSchannel Microsoft No Proprietary Microsoft Inc Windows 11 2021 10 05 USSecure Transport Apple Inc Yes APSL 2 0 Apple Inc 57337 20 44 OS X 10 11 2 2015 12 08 USwolfSSL previously CyaSSL wolfSSL 21 Yes GNU GPLv2 and commercial license wolfSSL Inc 22 C assembly 5 6 4 October 30 2023 4 months ago 2023 10 30 23 USErlang OTP SSL application Ericsson Yes Apache License 2 0 Ericsson Erlang OTP 21 2018 06 19 SwedenImplementation Developed by Open source Software license Copyright owner Written in Latest stable version release date Origin Apache 2 0 for OpenSSL 3 0 and later releases OpenSSL SSLeay dual license for any release before OpenSSL 3 0 TLS SSL protocol version support editSeveral versions of the TLS protocol exist SSL 2 0 is a deprecated 24 protocol version with significant weaknesses SSL 3 0 1996 and TLS 1 0 1999 are successors with two weaknesses in CBC padding that were explained in 2001 by Serge Vaudenay 25 TLS 1 1 2006 fixed only one of the problems by switching to random initialization vectors IV for CBC block ciphers whereas the more problematic use of mac pad encrypt instead of the secure pad mac encrypt was addressed with RFC 7366 26 A workaround for SSL 3 0 and TLS 1 0 roughly equivalent to random IVs from TLS 1 1 was widely adopted by many implementations in late 2011 27 In 2014 the POODLE vulnerability of SSL 3 0 was discovered which takes advantage of the known vulnerabilities in CBC and an insecure fallback negotiation used in browsers 28 TLS 1 2 2008 introduced a means to identify the hash used for digital signatures While permitting the use of stronger hash functions for digital signatures in the future rsa sha256 sha384 sha512 over the SSL 3 0 conservative choice rsa sha1 md5 the TLS 1 2 protocol change inadvertently and substantially weakened the default digital signatures and provides rsa sha1 and even rsa md5 29 Datagram Transport Layer Security DTLS or Datagram TLS 1 0 is a modification of TLS 1 1 for a packet oriented transport layer where packet loss and packet reordering have to be tolerated The revision DTLS 1 2 based on TLS 1 2 was published in January 2012 30 TLS 1 3 2018 specified in RFC 8446 includes major optimizations and security improvements QUIC 2021 specified in RFC 9000 and DTLS 1 3 2022 specified in RFC 9147 builds on TLS 1 3 The publishing of TLS 1 3 and DTLS 1 3 obsoleted TLS 1 2 and DTLS 1 2 Note that there are known vulnerabilities in SSL 2 0 and SSL 3 0 In 2021 IETF published RFC 8996 also forbidding negotiation of TLS 1 0 TLS 1 1 and DTLS 1 0 due to known vulnerabilities NIST SP 800 52 requires support of TLS 1 3 by January 2024 Support of TLS 1 3 means that two compliant nodes will never negotiate TLS 1 2 Implementation SSL 2 0 insecure 31 SSL 3 0 insecure 32 TLS 1 0 deprecated 33 TLS 1 1 deprecated 34 TLS 1 2 35 TLS 1 3 DTLS 1 0 deprecated 36 DTLS 1 2 30 Botan No No 37 No No Yes Yes No YesBoringSSL Yes Yes Yes Yes Yes YesBouncy Castle No No Yes Yes Yes Yes draft version Yes YesBSAFE SSL J 38 No Disabled by default No a No a Yes Yes No Nocryptlib No Disabled by default at compile time Yes Yes Yes No NoGnuTLS No b Disabled by default 39 Yes Yes Yes Yes 40 Yes YesJSSE No b Disabled by default 41 Disabled by default 42 Disabled by default 42 Yes Yes Yes YesLibreSSL No 43 No 44 Yes Yes Yes Yes Yes Yes 45 MatrixSSL No Disabled by default at compile time 46 Yes Yes Yes Yes Yes YesMbed TLS No No 47 No 47 No 47 Yes Yes experimental Yes 48 Yes 48 NSS No c Disabled by default 49 Yes Yes 50 Yes 51 Yes 52 Yes 50 Yes 53 OpenSSL No 54 Disabled by default Yes Yes 55 Yes 55 Yes Yes Yes 56 s2n 57 No Disabled by default Yes Yes Yes Yes No NoSchannel XP 2003 58 Disabled by default in MSIE 7 Enabled by default Enabled by default in MSIE 7 No No No No NoSchannel Vista 59 Disabled by default Enabled by default Yes No No No No NoSchannel 2008 59 Disabled by default Enabled by default Yes Disabled by default KB4019276 Disabled by default KB4019276 No No NoSchannel 7 2008R2 60 Disabled by default Disabled by default in MSIE 11 Yes Enabled by default in MSIE 11 Enabled by default in MSIE 11 No Yes 61 No 61 Schannel 8 2012 60 Disabled by default Enabled by default Yes Disabled by default Disabled by default No Yes NoSchannel 8 1 2012R2 10 v1507 amp v1511 60 Disabled by default Disabled by default in MSIE 11 Yes Yes Yes No Yes NoSchannel 10 v1607 2016 62 No Disabled by default Yes Yes Yes No Yes YesSchannel 11 2022 63 No Disabled by default Yes Yes Yes Yes Yes YesSecure Transport OS X 10 2 10 7 iOS 1 4 Yes Yes Yes No No No NoSecure Transport OS X 10 8 10 10 iOS 5 8 No d Yes Yes Yes d Yes d Yes d NoSecure Transport OS X 10 11 iOS 9 No No d Yes Yes Yes Yes Un knownSecure Transport OS X 10 13 iOS 11 No No d Yes Yes Yes Yes draft version 64 Yes Un knownwolfSSL No Disabled by default 65 Disabled by default 66 Yes Yes Yes Yes YesErlang OTP SSL application 67 No e No f Disabled by default e Disabled by default e Yes Partially g Disabled by default e YesImplementation SSL 2 0 insecure 31 SSL 3 0 insecure 32 TLS 1 0 deprecated 33 TLS 1 1 deprecated 34 TLS 1 2 35 TLS 1 3 DTLS 1 0 deprecated 36 DTLS 1 2 30 a b As of SSL J 7 0 support for TLS 1 0 and 1 1 has been removed a b SSL 2 0 client hello is supported for backward compatibility reasons even though SSL 2 0 is not supported Server side implementation of the SSL TLS protocol still supports processing of received v2 compatible client hello messages NSS 3 24 release notes Mozilla Developer Network Mozilla Archived from the original on 2016 08 26 Retrieved 2016 06 19 a b c d e f Secure Transport SSL 2 0 was discontinued in OS X 10 8 SSL 3 0 was discontinued in OS X 10 11 and iOS 9 TLS 1 1 1 2 and DTLS are available on iOS 5 0 and later and OS X 10 9 and later Technical Note TN2287 iOS 5 and TLS 1 2 Interoperability Issues iOS Developer Library Apple Inc Retrieved 2012 05 03 a b c d Since OTP 22 Since OTP 23 Erlang OTP SSL application TLS 1 3 compliance table NSA Suite B Cryptography editRequired components for NSA Suite B Cryptography RFC 6460 are Advanced Encryption Standard AES with key sizes of 128 and 256 bits For traffic flow AES should be used with either the Counter Mode CTR for low bandwidth traffic or the Galois Counter Mode GCM mode of operation for high bandwidth traffic see Block cipher modes of operation symmetric encryption Elliptic Curve Digital Signature Algorithm ECDSA digital signatures Elliptic Curve Diffie Hellman ECDH key agreement Secure Hash Algorithm 2 SHA 256 and SHA 384 message digestPer CNSSP 15 the 256 bit elliptic curve specified in FIPS 186 2 SHA 256 and AES with 128 bit keys are sufficient for protecting classified information up to the Secret level while the 384 bit elliptic curve specified in FIPS 186 2 SHA 384 and AES with 256 bit keys are necessary for the protection of Top Secret information Implementation TLS 1 2 Suite BBotan YesBouncy Castle YesBSAFE Yes 38 cryptlib YesGnuTLS YesJSSE Yes 68 LibreSSL YesMatrixSSL YesMbed TLS YesNSS No 69 OpenSSL Yes 56 S2nSchannel Yes 70 Secure Transport NowolfSSL YesImplementation TLS 1 2 Suite BCertifications editNote that certain certifications have received serious negative criticism from people who are actually involved in them 71 Implementation FIPS 140 1 FIPS 140 2 72 Embedded FIPS SolutionLevel 1 Level 2 disputed discuss Botan 73 Bouncy Castle BC FJA 1 0 0 2768 BC FJA 1 0 1 3152 BSAFE SSL J 74 Crypto J 6 0 1785 1786 Crypto J 6 1 6 1 1 0 1 2057 2058 Crypto J 6 2 6 2 1 1 2468 2469 Crypto J 6 2 4 3172 3184 Crypto J 6 2 5 3819 3820 cryptlib 75 GnuTLS 76 Red Hat Enterprise Linux GnuTLS Cryptographic Module 2780 JSSELibreSSL 43 no supportMatrixSSL 77 SafeZone FIPS Cryptographic Module 1 1 2389 Mbed TLS 78 NSS 79 Network Security Services 3 2 2 247 Network Security Services Cryptographic Module 3 11 4 815 3 12 4 1278 3 12 9 1 1837 Netscape Security Module 1 7 notes 1 1 01 47 notes 2 Network Security Services 3 2 2 248 notes 3 Network Security Services Cryptographic Module 3 11 4 814 notes 4 3 12 4 1279 1280 notes 5 OpenSSL 80 OpenSSL FIPS Object Module 1 0 624 1 1 1 733 1 1 2 918 1 2 1 2 1 1 2 2 1 2 3 or 1 2 4 1051 2 0 2 0 1 2 0 2 2 0 3 2 0 4 2 0 5 2 0 6 2 0 7 or 2 0 8 1747 Schannel 81 Cryptographic modules in Windows NT 4 0 95 95 2000 XP Server 2003 CE 5 CE 6 Mobile 6 x Vista Server 2008 7 Server 2008 R2 8 Server 2012 RT Surface Phone 8See details on Microsoft FIPS 140 Validated Cryptographic ModulesSecure Transport Apple FIPS Cryptographic Module 1 0 OS X 10 6 1514 1 1 OS X 10 7 1701 Apple OS X CoreCrypto Module CoreCrypto Kernel Module 3 0 OS X 10 8 1964 1956 4 0 OS X 10 9 2015 2016 Apple iOS CoreCrypto Module CoreCrypto Kernel Module 3 0 iOS 6 1963 1944 4 0 iOS 7 2020 2021 wolfSSL 82 wolfCrypt FIPS Module 4 0 3389 See details on NIST certificate for validated Operating EnvironmentswolfCrypt FIPS Module 3 6 0 2425 See details on NIST certificate for validated Operating Environments YesImplementation Level 1 Level 2 Embedded FIPS SolutionFIPS 140 1 FIPS 140 2 with Sun Sparc 5 w Sun Solaris v 2 4SE ITSEC rated with Sun Ultra 5 w Sun Trusted Solaris version 2 5 1 ITSEC rated with Solaris v8 0 with AdminSuite 3 0 1 as specified in UK IT SEC CC Report No P148 EAL4 on a SUN SPARC Ultra 1 with these platforms Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU Trusted Solaris 8 4 01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU with these platforms Red Hat Enterprise Linux v5 running on an IBM System x3550 Red Hat Enterprise Linux v5 running on an HP ProLiant DL145 Sun Solaris 10 5 08 running on a Sun SunBlade 2000 workstation Sun Solaris 10 5 08 running on a Sun W2100z workstationKey exchange algorithms certificate only editThis section lists the certificate verification functionality available in the various implementations Implementation RSA 35 RSA EXPORT insecure 35 DHE RSA forward secrecy 35 DHE DSS forward secrecy 35 ECDH ECDSA 83 ECDHE ECDSA forward secrecy 83 ECDH RSA 83 ECDHE RSA forward secrecy 83 GOST R 34 10 94 34 10 2001 84 Botan Disabled by default No Yes Disabled by default No Yes No Yes NoBSAFE Yes No Yes Yes Yes Yes Yes Yes Nocryptlib Yes No Yes Yes No Yes No No NoGnuTLS Yes No Yes Disabled by default 39 No Yes No Yes NoJSSE Yes Disabled by default Yes Yes Yes Yes Yes Yes NoLibreSSL Yes No 43 Yes Yes No Yes No Yes Yes 85 MatrixSSL Yes No Yes No Yes Yes Yes Yes NoMbed TLS Yes No Yes No Yes Yes Yes Yes NoNSS Yes Disabled by default Yes 86 Yes Yes Yes Yes Yes No 87 88 OpenSSL Yes No 54 Yes Disabled by default 54 No Yes No Yes Yes 89 Schannel XP 2003 Yes Yes No XP Max 1024 bits2003 1024 bits only No No No No No 90 Schannel Vista 2008 Yes Disabled by default No 1024 bits by default 91 No Yes No except AES GCM No 90 Schannel 8 2012 Yes Disabled by default AES GCM only 92 93 94 1024 bits by default 91 No Yes No except AES GCM No 90 Schannel 7 2008R2 8 1 2012R2 Yes Disabled by default Yes 2048 bits by default 91 No Yes No except AES GCM No 90 Schannel 10 Yes Disabled by default Yes 2048 bits by default 91 No Yes No Yes No 90 Secure Transport OS X 10 6 Yes Yes except AES GCM Yes Yes except AES GCM yes except AES GCM NoSecure Transport OS X 10 8 10 10 Yes No except AES GCM No Yes except AES GCM Yes except AES GCM NoSecure Transport OS X 10 11 Yes No Yes No No Yes No Yes NowolfSSL Yes No Yes No Yes Yes Yes Yes NoErlang OTP SSL application Yes No Yes Yes Yes Yes Yes Yes NoImplementation RSA 35 RSA EXPORT insecure 35 DHE RSA forward secrecy 35 DHE DSS forward secrecy 35 ECDH ECDSA 83 ECDHE ECDSA forward secrecy 83 ECDH RSA 83 ECDHE RSA forward secrecy 83 GOST R 34 10 94 34 10 2001 84 Key exchange algorithms alternative key exchanges editImplementation SRP 95 SRP DSS 95 SRP RSA 95 PSK RSA 96 PSK 96 DHE PSK forward secrecy 96 ECDHE PSK forward secrecy 97 KRB5 98 DH ANON 35 insecure ECDH ANON 83 insecure Botan No No No No Yes No Yes No No NoBSAFE SSL J No No No No Yes 99 No No No Disabled by default Disabled by defaultcryptlib No No No No Yes Yes No Un known No NoGnuTLS Yes Yes Yes Yes Yes Yes Yes No Disabled by default Disabled by defaultJSSE No No No No No No No No Disabled by default Disabled by defaultLibreSSL No 100 No 100 No 100 No No No No No Yes YesMatrixSSL No No No Yes Yes Yes No No Disabled by default NoMbed TLS No No No Yes Yes Yes Yes No No NoNSS No 101 No 101 No 101 No 102 No 102 No 102 No 102 No Client side only disabled by default 103 Disabled by default 104 OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes 105 Disabled by default 106 Disabled by default 106 Schannel No No No No No No No Yes No NoSecure Transport No No No No No No No Un known Yes YeswolfSSL Yes Yes Yes Yes Yes Yes Yes 107 Yes No NoErlang OTP SSL application Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default No No Disabled by default Disabled by defaultImplementation SRP 95 SRP DSS 95 SRP RSA 95 PSK RSA 96 PSK 96 DHE PSK forward secrecy 96 ECDHE PSK forward secrecy 97 KRB5 98 DH ANON 35 insecure ECDH ANON 83 insecure Certificate verification methods editImplementation Application defined PKIX path validation 108 CRL 109 OCSP 110 DANE DNSSEC 111 Trust on First Use TOFU CT 112 Botan Yes Yes Yes Yes No No Un knownBouncy Castle Yes Yes Yes Yes Yes No Un knownBSAFE Yes Yes Yes Yes No No Un knowncryptlib Yes Yes Yes Yes No No Un knownGnuTLS Yes Yes Yes Yes Yes Yes Un knownJSSE Yes Yes Yes Yes No No NoLibreSSL Yes Yes Yes Yes No No Un knownMatrixSSL Yes Yes Yes Yes 113 No No Un knownMbed TLS Yes Yes Yes No 114 No No Un knownNSS Yes Yes Yes Yes No 115 No Un knownOpenSSL Yes Yes Yes Yes Yes No Yess2n No 116 Un known 117 Un known 118 Schannel Un known Yes Yes 119 Yes 119 No No Un knownSecure Transport Yes Yes Yes Yes No No Un knownwolfSSL Yes Yes Yes Yes No No Un knownErlang OTP SSL application Yes Yes Yes No No No Un knownImplementation Application defined PKIX path validation CRL OCSP DANE DNSSEC Trust on First Use TOFU CTEncryption algorithms editImplementation Block cipher with mode of operation Stream cipher NoneAES GCM 120 AES CCM 121 AES CBC Camellia GCM 122 Camellia CBC 123 ARIA GCM 124 ARIA CBC 124 SEED CBC 125 3DES EDE CBC insecure 126 GOST 28147 89 CNT proposed 84 n 1 ChaCha20 Poly1305 127 Null insecure n 2 Botan Yes Yes Yes Yes Yes No No Disabled by default Disabled by default No Yes 128 Not implementedBoringSSL Yes No Yes No No No No No Yes No YesBSAFE SSL J Yes Yes Yes No No No No No Disabled by default No No Disabled by defaultcryptlib Yes No Yes No No No No No Yes No No Not implementedGnuTLS Yes Yes 39 Yes Yes Yes No No No Disabled by default 129 No Yes 130 Disabled by defaultJSSE Yes No Yes No No No No No Disabled by default 131 No Yes JDK 12 132 Disabled by defaultLibreSSL Yes 43 No Yes No Yes 85 No No No 43 Yes Yes 85 Yes 43 Disabled by defaultMatrixSSL Yes No Yes No No No No Yes Disabled by default No Yes 133 Disabled by defaultMbed TLS Yes Yes 134 Yes Yes Yes Yes 135 Yes 135 No No 47 No Yes 136 Disabled by default at compile timeNSS Yes 137 No Yes No 138 n 3 Yes 139 No No Yes 140 Yes No 87 88 Yes 141 Disabled by defaultOpenSSL Yes 142 Disabled by default 54 Yes No Disabled by default 54 Disabled by default 143 No Disabled by default 54 Disabled by default 54 Yes 89 Yes 54 Disabled by defaultSchannel XP 2003 No No 2003 only 144 No No No No No Yes No 90 No Disabled by defaultSchannel Vista 2008 2008R2 2012 No No Yes No No No No No Yes No 90 No Disabled by defaultSchannel 7 8 8 1 2012R2 Yes except ECDHE RSA 92 93 No Yes No No No No No Yes No 90 No Disabled by defaultSchannel 10 145 Yes No Yes No No No No No Yes No 90 No Disabled by defaultSecure Transport OS X 10 6 10 10 No No Yes No No No No No Yes No No Disabled by defaultSecure Transport OS X 10 11 Yes No Yes No No No No No Yes No No Disabled by defaultwolfSSL Yes Yes Yes No No No No No Yes No Yes Disabled by defaultErlang OTP SSL application Yes No Yes No No No No No Disabled by default No Experimental Disable by defaultImplementation Block cipher with mode of operation Stream cipher NoneAES GCM 120 AES CCM 121 AES CBC Camellia GCM 122 Camellia CBC 123 ARIA GCM 124 ARIA CBC 124 SEED CBC 125 3DES EDE CBC insecure 126 GOST 28147 89 CNT proposed 84 n 1 ChaCha20 Poly1305 127 Null insecure n 2 Notes a b This algorithm is not defined yet as TLS cipher suites in RFCs is proposed in drafts a b authentication only no encryption This algorithm is implemented in an NSS fork used by Pale Moon Obsolete algorithms edit Implementation Block cipher with mode of operation Stream cipherIDEA CBC n 1 insecure 147 DES CBC insecure n 1 DES 40 CBC EXPORT insecure n 2 RC2 40 CBC EXPORT insecure n 2 RC4 128 insecure n 3 RC4 40 EXPORT insecure n 4 n 2 Botan No No No No No 148 NoBoringSSL No No No No Disabled by default at compile time NoBSAFE SSL J No Disabled by default Disabled by default No Disabled by default Disabled by defaultcryptlib No Disabled by default at compile time No No Disabled by default at compile time NoGnuTLS No No No No Disabled by default 39 NoJSSE No Disabled by default Disabled by default No Disabled by default Disabled by default 149 LibreSSL Yes Yes No 43 No 43 Yes No 43 MatrixSSL Yes No No No Disabled by default NoMbed TLS No Disabled by default at compile time No No Disabled by default at compile time 48 NoNSS Yes Disabled by default Disabled by default Disabled by default Lowest priority 150 151 Disabled by defaultOpenSSL Disabled by default 54 Disabled by default No 54 No 54 Disabled by default No 54 Schannel XP 2003 No Yes Yes Yes Yes YesSchannel Vista 2008 No Disabled by default Disabled by default Disabled by default Yes Disabled by defaultSchannel 7 2008R2 No Disabled by default Disabled by default Disabled by default Lowest prioritywill be disabled soon 152 Disabled by defaultSchannel 8 2012 No Disabled by default Disabled by default Disabled by default Only as fallback Disabled by defaultSchannel 8 1 2012R2 No Disabled by default Disabled by default Disabled by default Disabled by default 152 Disabled by defaultSchannel 10 145 No Disabled by default Disabled by default Disabled by default Disabled by default 152 Disabled by defaultSecure Transport OS X 10 6 Yes Yes Yes Yes Yes YesSecure Transport OS X 10 7 Yes Un known Un known Un known Yes Un knownSecure Transport OS X 10 8 10 9 Yes Disabled by default Disabled by default Disabled by default Yes Disabled by defaultSecure Transport OS X 10 10 10 11 Yes Disabled by default Disabled by default Disabled by default Lowest priority Disabled by defaultSecure Transport macOS 10 12 Yes Disabled by default Disabled by default Disabled by default Disabled by default Disabled by defaultwolfSSL Disabled by default 153 No No No Disabled by default NoErlang OTP SSL application no Disabled by default no no Disabled by default noImplementation Block cipher with mode of operation Stream cipherIDEA CBC n 1 insecure 147 DES CBC insecure n 1 DES 40 CBC EXPORT insecure n 2 RC2 40 CBC EXPORT insecure n 2 RC4 128 insecure n 3 RC4 40 EXPORT insecure n 4 n 2 Notes a b c d IDEA and DES have been removed from TLS 1 2 146 a b c d e f 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms see Export of cryptography from the United States These weak suites are forbidden in TLS 1 1 and later a b The RC4 attacks weaken or break RC4 used in SSL TLS Use of RC4 is prohibited by RFC 7465 a b The RC4 attacks weaken or break RC4 used in SSL TLS Supported elliptic curves editThis section lists the supported elliptic curves by each implementation Defined curves in RFC 8446 for TLS 1 3 and RFC 8422 7027 for TLS 1 2 and earlier edit applicable TLS version TLS 1 3 and earlier TLS 1 2 and earlierImplementation secp256r1prime256v1NIST P 256 0x0017 154 23 155 secp384r1NIST P 384 0x0018 154 24 155 secp521r1NIST P 521 0x0019 154 25 155 X25519 0x001D 154 29 155 X448 0x001E 154 30 155 brainpoolP256r1 26 156 brainpoolP384r1 27 156 brainpoolP512r1 28 156 Botan Yes Yes Yes Yes 128 No Yes 157 Yes 157 Yes 157 BoringSSL Yes Yes Yes disabled by default Yes No No No NoBSAFE Yes Yes Yes No No No No NoGnuTLS Yes Yes Yes Yes 158 Yes 159 No No NoJSSE Yes Yes Yes Yesx25519 JDK 13 160 Ed25519 JDK 15 161 Yesx448 JDK 13 160 Ed448 JDK 15 161 No No NoLibreSSL Yes Yes Yes Yes 162 No Yes 43 Yes 43 Yes 43 MatrixSSL Yes Yes Yes TLS 1 3 only 163 No Yes Yes YesMbed TLS Yes Yes Yes Primitive only 164 Primitive only 165 Yes 166 Yes 166 Yes 166 NSS Yes Yes Yes Yes 167 No 168 169 No 170 No 170 No 170 OpenSSL Yes Yes Yes Yes 171 172 Yes 173 174 Yes 56 Yes 56 Yes 56 Schannel Vista 2008 7 2008R2 8 2012 8 1 2012R2 10 Yes Yes Yes No No No No NoSecure Transport Yes Yes Yes No No No No NowolfSSL Yes Yes Yes Yes 175 Yes 176 Yes Yes YesErlang OTP SSL application Yes Yes Yes No No Yes Yes YesImplementation secp256r1prime256v1NIST P 256 0x0017 23 secp384r1NIST P 384 0x0018 24 secp521r1NIST P 521 0x0019 25 X25519 0x001D 29 X448 0x001E 30 brainpoolP256r1 26 brainpoolP384r1 27 brainpoolP512r1 28 Proposed curves edit Implementation M221Curve2213 177 E222 177 Curve1174 177 E382 177 M383 177 Curve383187 177 Curve41417Curve3617 177 M511Curve511187 177 E521 177 Botan No No No No No No No No NoBoringSSL No No No No No No No No NoBSAFE No No No No No No No No NoGnuTLS No No No No No No No No NoJSSE No No No No No No No No NoLibreSSL No No No No No No No No NoMatrixSSL No No No No No No No No NoMbed TLS No No No No No No No No NoNSS No No No No No No No No NoOpenSSL No No No No No No No No NoSchannel Vista 2008 7 2008R2 8 2012 8 1 2012R2 10 No No No No No No No No NoSecure Transport No No No No No No No No NowolfSSL No No No No No No No No NoErlang OTP SSL application No No No No No No No No NoImplementation M221Curve2213 E222 Curve1174 E382 M383 Curve383187 Curve41417Curve3617 M511Curve511187 E521Deprecated curves in RFC 8422 edit Implementation sect163k1NIST K 163 1 83 sect163r1 2 83 sect163r2NIST B 163 3 83 sect193r1 4 83 sect193r2 5 83 sect233k1NIST K 233 6 83 sect233r1NIST B 233 7 83 sect239k1 8 83 sect283k1NIST K 283 9 83 sect283r1NIST B 283 10 83 sect409k1NIST K 409 11 83 sect409r1NIST B 409 12 83 sect571k1NIST K 571 13 83 sect571r1NIST B 571 14 83 Botan No No No No No No No No No No No No No NoBoringSSL No No No No No No No No No No No No No NoBSAFE Yes No Yes No No Yes Yes No Yes Yes Yes Yes Yes YesGnuTLS No No No No No No No No No No No No No NoJSSE Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b LibreSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes YesMatrixSSL No No No No No No No No No No No No No NoMbed TLS No No No No No No No No No No No No No NoNSS Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes YesOpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes YesSchannel Vista 2008 7 2008R2 8 2012 8 1 2012R2 10 No No No No No No No No No No No No No NoSecure Transport No No No No No No No No No No No No No NowolfSSL No No No No No No No No No No No No No NoErlang OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes YesImplementation sect163k1NIST K 163 1 sect163r1 2 sect163r2NIST B 163 3 sect193r1 4 sect193r2 5 sect233k1NIST K 233 6 sect233r1NIST B 233 7 sect239k1 8 sect283k1NIST K 283 9 sect283r1NIST B 283 10 sect409k1NIST K 409 11 sect409r1NIST B 409 12 sect571k1NIST K 571 13 sect571r1NIST B 571 14 Implementation secp160k1 15 83 secp160r1 16 83 secp160r2 17 83 secp192k1 18 83 secp192r1prime192v1NIST P 192 19 83 secp224k1 20 83 secp224r1NIST P 244 21 83 secp256k1 22 83 arbitrary prime curves 0xFF01 83 180 arbitrary char2 curves 0xFF02 83 180 Botan No No No No No No No No No NoBoringSSL No No No No No No Yes No No NoBSAFE No No No No Yes No Yes No No NoGnuTLS No No No No Yes No Yes No No NoJSSE Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b Notes a b No NoLibreSSL Yes Yes Yes Yes Yes Yes Yes Yes No NoMatrixSSL No No No No Yes No Yes No No NoMbed TLS No No No Yes Yes Yes Yes Yes No NoNSS Yes Yes Yes Yes Yes Yes Yes Yes No NoOpenSSL Yes Yes Yes Yes Yes Yes Yes Yes No NoSchannel Vista 2008 7 2008R2 8 2012 8 1 2012R2 10 No No No No No No No No No NoSecure Transport No No No No Yes No No No No NowolfSSL Yes Yes Yes Yes Yes Yes Yes Yes No NoErlang OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes No NoImplementation secp160k1 15 secp160r1 16 secp160r2 17 secp192k1 18 secp192r1prime192v1NIST P 192 19 secp224k1 20 secp224r1NIST P 244 21 secp256k1 22 arbitrary prime curves 0xFF01 arbitrary char2 curves 0xFF02 Notes a b c d e f g h i j k l m n o p q r s t u v These elliptic curves were Disabled by Default in current JDK families as part of JDK 8236730 178 a b c d e f g h i j k l m n o p q r s t u v These elliptic curves were subsequently removed in JDK 16 as part of JDK 8252601 179 Data integrity editImplementation HMAC MD5 HMAC SHA1 HMAC SHA256 384 AEAD GOST 28147 89 IMIT 84 GOST R 34 11 94 84 Botan No Yes Yes Yes No NoBSAFE Yes Yes Yes Yes No Nocryptlib Yes Yes Yes Yes No NoGnuTLS Yes Yes Yes Yes No NoJSSE Disabled by Default Yes Yes Yes No NoLibreSSL Yes Yes Yes Yes Yes 85 Yes 85 MatrixSSL Yes Yes Yes Yes No NoMbed TLS Yes Yes Yes Yes No NoNSS Yes Yes Yes Yes No 87 88 No 87 88 OpenSSL Yes Yes Yes Yes Yes 89 Yes 89 Schannel XP 2003 Vista 2008 Yes Yes XP SP3 2003 SP2 via hotfix 181 No No 90 No 90 Schannel 7 2008R2 8 2012 8 1 2012R2 Yes Yes Yes except ECDHE RSA 92 93 94 No 90 No 90 Schannel 10 Yes Yes Yes Yes 145 No 90 No 90 Secure Transport Yes Yes Yes Yes No NowolfSSL Yes Yes Yes Yes No NoErlang OTP SSL application Yes Yes Yes Yes No NoImplementation HMAC MD5 HMAC SHA1 HMAC SHA256 384 AEAD GOST 28147 89 IMIT GOST R 34 11 94Compression editNote the CRIME security exploit takes advantage of TLS compression so conservative implementations do not enable compression at the TLS level HTTP compression is unrelated and unaffected by this exploit but is exploited by the related BREACH attack Implementation DEFLATE 182 insecure Botan NoBSAFE 38 Nocryptlib NoGnuTLS Disabled by defaultJSSE NoLibreSSL No 43 MatrixSSL Disabled by defaultMbed TLS Disabled by defaultNSS Disabled by defaultOpenSSL Disabled by defaultSchannel NoSecure Transport NowolfSSL Disabled by defaultErlang OTP SSL application NoImplementation DEFLATEExtensions editIn this section the extensions each implementation supports are listed Note that the Secure Renegotiation extension is critical for HTTPS client security citation needed TLS clients not implementing it are vulnerable to attacks irrespective of whether the client implements TLS renegotiation Implementation Secure Renegotiation 183 Server Name Indication 184 ALPN 185 Certificate Status Request 184 OpenPGP 186 Supplemental Data 187 Session Ticket 188 Keying Material Exporter 189 Maximum Fragment Length 184 Truncated HMAC 184 Encrypt then MAC 190 TLS Fallback SCSV 191 Extended Master Secret 192 ClientHello Padding 193 Raw Public Keys 194 Botan Yes Yes Yes 195 No No No Yes Yes Yes No Yes Yes 196 Yes 197 No Un knownBSAFE SSL J Yes Yes No Yes No No No No Yes No No No Yes No Nocryptlib Yes Yes No No No Yes No No No 198 No Yes Yes Yes No Un knownGnuTLS Yes Yes Yes 199 Yes No 200 Yes Yes Yes Yes No Yes 39 Yes 201 Yes 39 Yes 202 Yes 203 JSSE Yes Yes 68 Yes 68 Yes No No Yes No Yes No No No Yes No NoLibreSSL Yes Yes Yes 204 Yes No No Yes Yes No No No Server side only 205 No Yes NoMatrixSSL Yes Yes Yes 206 Yes 133 No No Yes No Yes Yes No Yes 133 Yes 133 No Un knownMbed TLS Yes Yes Yes 207 No No No Yes No Yes Disabled by default 48 Yes 208 Yes 208 Yes 208 No NoNSS Yes Yes Yes 209 Yes No 210 No Yes Yes No No No 211 Yes 212 Yes 213 Yes 209 Un knownOpenSSL Yes Yes Yes 56 Yes No No Yes Yes Yes No Yes Yes 214 Yes 54 Yes 215 Yes 216 Schannel XP 2003 No No No No No Yes No No No No No No No No Un knownSchannel Vista 2008 Yes Yes No No No Yes No No No No No No Yes 217 No Un knownSchannel 7 2008R2 Yes Yes No Yes No Yes No No No No No No Yes 217 No Un knownSchannel 8 2012 Yes Yes No Yes No Yes Client side only 218 No No No No No Yes 217 No Un knownSchannel 8 1 2012R2 10 Yes Yes Yes Yes No Yes Yes 218 No No No No No Yes 217 No Un knownSecure Transport Yes Yes Un known No No Yes No No No No No No No No Un knownwolfSSL Yes Yes Yes 153 Yes No No Yes No Yes Yes Yes 219 No Yes No Un knownErlang OTP SSL application Yes Yes Yes No No No No No No No No Yes No No Un knownImplementation Secure Renegotiation Server Name Indication ALPN Certificate Status Request OpenPGP Supplemental Data Session Ticket Keying Material Exporter Maximum Fragment Length Truncated HMAC Encrypt then MAC TLS Fallback SCSV Extended Master Secret ClientHello Padding Raw Public KeysAssisted cryptography editThis section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation Implementation PKCS 11 device Intel AES NI VIA PadLock ARMv8 A Intel SGX Intel QAT Intel SHA NXP CAAMBotan Yes 220 Yes No Yes No No NoBSAFE SSL J a b Yes Yes No Yes No No Yes Nocryptlib Yes Yes Yes No NoCrypto Yes No YesGnuTLS Yes Yes Yes Yes 223 No No YesJSSE Yes Yes 224 No No No NoLibreSSL No Yes Yes No NoMatrixSSL Yes Yes No Yes No NoMbed TLS Yes Yes 225 Yes No No NoNSS Yes 226 Yes 227 No 228 No No NoOpenSSL Yes 229 Yes Yes Yes 230 No Yes PartialSchannel No Yes No No No NoSecure Transport No Yes 231 232 No Yes No NowolfSSL Yes Yes No Yes Yes Yes 233 Yes 234 Implementation PKCS 11 device Intel AES NI VIA PadLock ARMv8 A Intel SGX Intel QAT Intel SHA NXP CAAM Pure Java implementations relies on JVM processor optimization capabilities such as OpenJDK support for AES NI 221 BSAFE SSL J can be configured to run in native mode using BSAFE Crypto C Micro Edition to benefit from processor optimization 222 System specific backends editThis section lists the ability of an implementation to take advantage of the available operating system specific backends or even the backends provided by another implementation Implementation dev crypto af alg Windows CSP CommonCrypto OpenSSL engineBotan No No No No PartialBSAFE No No No No Nocryptlib No No No No NoGnuTLS Yes Yes No No NoJSSE No No Yes No NoLibreSSL No No No No No 235 MatrixSSL No No No Yes YesMbed TLS No No No No NoNSS No No No No NoOpenSSL Yes Yes No No YesSchannel No No Yes No NoSecure Transport No No No Yes NowolfSSL Yes Yes Partial No Yes 236 Erlang OTP SSL application No No No No YesImplementation dev crypto af alg Windows CSP CommonCrypto OpenSSL engineCryptographic module token support editImplementation TPM support Hardware token support Objects identified viaBotan Partial 197 PKCS 11BSAFE SSL J No Nocryptlib No PKCS 11 User defined labelGnuTLS Yes PKCS 11 RFC 7512 PKCS 11 URLs 237 JSSE No PKCS11 Java Cryptography Architecture Java Cryptography ExtensionLibreSSL Yes PKCS 11 via 3rd party module Custom methodMatrixSSL No PKCS 11Mbed TLS No PKCS 11 via libpkcs11 helper or standard hooks Custom methodNSS No PKCS 11OpenSSL Yes PKCS 11 via 3rd party module 238 RFC 7512 PKCS 11 URLs 237 Schannel No Microsoft CryptoAPI UUID User defined labelSecure TransportwolfSSL Yes PKCS 11Implementation TPM support Hardware token support Objects identified viaCode dependencies editImplementation Dependencies Optional dependenciesBotan C 20 SQLitezlib compression bzip2 compression liblzma compression boosttrousers TPM GnuTLS libcnettlegmp zlib compression p11 kit PKCS 11 trousers TPM libunbound DANE JSSE JavaMatrixSSL none zlib compression MatrixSSL open libc or newlibMbed TLS libc libpkcs11 helper PKCS 11 zlib compression NSS libclibnspr4libsoftokn3libplc4libplds4 zlib compression OpenSSL libc zlib compression wolfSSL None libczlib compression Erlang OTP SSL application libcrypto from OpenSSL Erlang OTP and its public key crypto and asn1 applications Erlang OTP inets http fetching of CRLs Implementation Dependencies Optional dependenciesDevelopment environment editImplementation Namespace Build tools API manual Crypto back end OpenSSL compatibility Layer clarify Botan Botan TLS Makefile Sphinx Included pluggable NoBouncy Castle org bouncycastle Java Development Environment Programmers reference manual PDF Included pluggable NoBSAFE SSL J com rsa asn1 a com rsa certj b com rsa jcp c com rsa jsafe d com rsa ssl e com rsa jsse f Java classloader Javadoc Developer s guide HTML Included Nocryptlib crypt makefile MSVC project workspaces Programmers reference manual PDF architecture design manual PDF Included monolithic NoGnuTLS gnutls Autoconf automake libtool Manual and API reference HTML PDF External libnettle Yes limited JSSE javax net sslsun security ssl Makefile API Reference HTML JSSE Reference Guide Java Cryptography Architecture Java Cryptography Extension NoMatrixSSL matrixSsl ps Makefile MSVC project workspaces Xcode projects for OS X and iOS API Reference PDF Integration Guide Included pluggable Yes Subset SSL read SSL write etc Mbed TLS mbedtls ssl mbedtls sha1 mbedtls md5 mbedtls x509 Makefile CMake MSVC project workspaces yotta API Reference High Level and Module Level Documentation HTML Included monolithic NoNSS CERT SEC SECKEY NSS PK11 SSL Makefile Manual HTML Included PKCS 11 based 239 Yes separate package called nss compat ossl 240 OpenSSL SSL SHA1 MD5 EVP Makefile Man pages Included monolithic wolfSSL wolfSSL CyaSSL SSL Autoconf automake libtool MSVC project workspaces XCode projects CodeWarrior projects MPLAB X projects Keil IAR Clang GCC e2Studio Manual and API Reference HTML PDF Included monolithic Yes about 60 of API Implementation Namespace Build tools API manual Crypto back end OpenSSL compatibility layer ASN 1 manipulation classes Cert J proprietary API Certificate Path manipulation classes Crypto J proprietary API JCE CMS and PKI API SSLJ proprietary API JSSE APIPortability concerns editImplementation Platform requirements Network requirements Thread safety Random seed Able to cross compile No OS bare metal Supported operating systemsBotan C 11 None Thread safe Platform dependent Yes Windows Linux macOS Android iOS FreeBSD OpenBSD Solaris AIX HP UX QNX BeOS IncludeOSBSAFE SSL J Java Java SE network components Thread safe Depends on java security SecureRandom Yes No FreeBSD Linux macOS Microsoft Windows Android AIX Solariscryptlib C89 POSIX send and recv API to supply your own replacement Thread safe Platform dependent including hardware sources Yes Yes AMX BeOS ChorusOS DOS eCos FreeRTOS OpenRTOS uItron MVS OS 2 Palm OS QNX Neutrino RTEMS Tandem NonStop ThreadX uC OS II Unix AIX FreeBSD HPUX Linux macOS Solaris etc VDK VM CMS VxWorks Win16 Win32 Win64 WinCE PocketPC etc XMKGnuTLS C89 POSIX send and recv API to supply your own replacement Thread safe needs custom mutex hooks if neither POSIX nor Windows threads are available Platform dependent Yes No Generally any POSIX platforms or Windows commonly tested platforms include Linux Win32 64 macOS Solaris OpenWRT FreeBSD NetBSD OpenBSD JSSE Java Java SE network components Thread safe Depends on java security SecureRandom Yes Java based platform independentMatrixSSL C89 None Thread safe Platform dependent Yes Yes AllMbed TLS C89 POSIX read and write API to supply your own replacement Threading layer available POSIX or own hooks Random seed set through entropy pool Yes Yes Known to work on Win32 64 Linux macOS Solaris FreeBSD NetBSD OpenBSD OpenWRT iPhone iOS Xbox Android eCos SeggerOS RISC OSNSS C89 NSPR 241 NSPR 241 PR Send and PR Recv API to supply your own replacement Thread safe Platform dependent 242 Yes but cumbersome No AIX Android FreeBSD NetBSD OpenBSD BeOS HP UX IRIX Linux macOS OS 2 Solaris OpenVMS Amiga DE Windows WinCE Sony PlayStationOpenSSL C89 None Thread safe Platform dependent Yes No Unix like DOS with djgpp Windows OpenVMS NetWare eCoswolfSSL C89 POSIX send and recv API to supply your own replacement Thread safe Random seed set through wolfCrypt Yes Yes Win32 64 Linux macOS Solaris ThreadX VxWorks FreeBSD NetBSD OpenBSD embedded Linux Yocto Project OpenEmbedded WinCE Haiku OpenWRT iPhone iOS Android Nintendo Wii and Gamecube through DevKitPro QNX MontaVista NonStop TRON ITRON µITRON eCos Micrium µC OS III FreeRTOS SafeRTOS NXP Freescale MQX Nucleus TinyOS HP UX AIX ARC MQX Keil RTX TI RTOS uTasker embOS INtime Mbed uT Kernel RIOT CMSIS RTOS FROSTED Green Hills INTEGRITY TOPPERS PetaLinux Apache mynewtImplementation Platform requirements Network requirements Thread safety Random seed Able to cross compile No OS bare metal Supported operating systemsSee also editSCTP with DTLS support DCCP with DTLS support SRTP with DTLS support DTLS SRTP and Secure Real Time Transport Control Protocol SRTCP References edit Botan Release Notes Retrieved 2023 10 09 Release Notes bouncycastle org 2023 11 13 Retrieved 2023 11 18 Java LTS Resources bouncycastle org 2024 01 22 Retrieved 2024 01 22 Java FIPS Resources bouncycastle org 2023 09 28 Retrieved 2022 09 29 The Legion of the Bouncy Castle C Cryptography APIs 2024 02 05 Retrieved 2024 02 06 C NET FIPS Resources bouncycastle org 2023 02 28 Retrieved 2023 02 28 Dell BSAFE SSL J 6 5 1 Release Advisory Dell Dell BSAFE SSL J 7 2 Release Advisory Dell Dell BSAFE Micro Edition Suite 4 6 2 Release Advisory Dell BSAFE Micro Edition Suite 5 0 2 1 Release Advisory Gutmann Peter 2019 Downloading cryptlib University of Auckland School of Computer Science Retrieved 2019 08 07 gnutls help gnutls 3 8 3 JDK Releases Oracle Corporation Retrieved 2022 12 09 JDK Releases Oracle Corporation Retrieved 2024 01 17 Brent Cook 9 March 2024 LibreSSL 3 8 3 Released Retrieved 10 March 2024 The features listed are for the closed source version MatrixSSL 4 2 2 Open release 2019 09 11 Retrieved 2020 03 20 Release 3 5 2 26 January 2024 a b NSS Release versions Mozilla Wiki Retrieved 7 November 2022 Release OpenSSL 3 2 1 wolfSSL product description Retrieved 2016 05 03 wolfSSL Embedded SSL TLS Retrieved 2016 05 03 wolfSSL ChangeLog 2023 10 31 Retrieved 2023 10 31 Prohibiting Secure Sockets Layer SSL Version 2 0 doi 10 17487 RFC6176 RFC 6176 Vaudenay Serge 2001 CBC Padding Security Flaws in SSL IPsec WTLS PDF Encrypt then MAC for Transport Layer Security TLS and Datagram Transport Layer Security doi 10 17487 RFC7366 RFC 7366 Rizzo Duong BEAST Countermeasures Archived from the original on 2016 03 11 Moller Bodo Duong Thai Kotowicz Krzysztof September 2014 This POODLE Bites Exploiting The SSL 3 0 Fallback PDF Retrieved 15 October 2014 TLSv1 2 s Major Differences from TLSv1 1 The Transport Layer Security TLS Protocol Version 1 2 sec 1 2 doi 10 17487 RFC5246 RFC 5246 a b c RFC 6347 a b Elgamal Taher Hickman Kipp E B 19 April 1995 The SSL Protocol I D draft hickman netscape ssl 00 a b RFC 6101 a b RFC 2246 a b RFC 4346 a b c d e f g h i j k l RFC 5246 a b RFC 4347 Version 1 11 13 2015 01 11 Botan 2015 01 11 Archived from the original on 2015 01 09 Retrieved 2015 01 16 a b c RSA BSAFE Technical Specification Comparison Tables PDF Archived from the original PDF on 2015 09 24 Retrieved 2015 01 09 a b c d e f gnutls devel GnuTLS 3 4 0 released 2015 04 08 Retrieved 2015 04 16 gnutls devel GnuTLS 3 6 3 2018 07 16 Retrieved 2018 09 16 Java SE Development Kit 8 Update 31 Release Notes Retrieved 2024 01 14 a b Release Note Disable TLS 1 0 and 1 1 Retrieved 2024 01 14 a b c d e f g h i j k l m OpenBSD 5 6 Released 2014 11 01 Retrieved 2015 01 20 LibreSSL 2 3 0 Released 2015 09 23 Retrieved 2015 09 24 LibreSSL 3 3 3 Released 2021 05 04 Retrieved 2021 05 04 MatrixSSL News Archived from the original on 2015 02 14 Retrieved 2014 11 09 a b c d Mbed TLS 3 0 0 branch released GitHub 2021 07 07 Retrieved 2021 08 13 a b c d mbed TLS 2 0 0 released 2015 07 10 Retrieved 2015 07 14 NSS 3 19 release notes Mozilla Developer Network Mozilla Archived from the original on 2015 06 05 Retrieved 2015 05 06 a b NSS 3 14 release notes Mozilla Developer Network Mozilla Archived from the original on 2013 01 17 Retrieved 2012 10 27 NSS 3 15 1 release notes Mozilla Developer Network Mozilla Retrieved 2013 08 10 NSS 3 39 release notes Mozilla Developer Network Mozilla 2018 08 31 Archived from the original on 2021 12 07 Retrieved 2018 09 15 NSS 3 16 2 release notes Mozilla Developer Network Mozilla 2014 06 30 Archived from the original on 2021 12 07 Retrieved 2014 06 30 a b c d e f g h i j k l m OpenSSL 1 1 0 Series Release Notes www openssl org Archived from the original on 2018 03 17 Retrieved 2016 09 03 a b Major changes between OpenSSL 1 0 0h and OpenSSL 1 0 1 14 Mar 2012 2012 03 14 Archived from the original on December 5 2014 Retrieved 2015 01 20 a b c d e f Major changes between OpenSSL 1 0 1l and OpenSSL 1 0 2 22 Jan 2015 Archived from the original on September 4 2014 Retrieved 2015 01 22 S2N Readme GitHub 2019 12 21 TLS Cipher Suites Windows msdn microsoft com 14 July 2023 a b TLS Cipher Suites in Windows Vista Windows msdn microsoft com 25 October 2021 a b c Cipher Suites in TLS SSL Schannel SSP Windows msdn microsoft com 14 July 2023 a b An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1 Microsoft Retrieved 13 November 2012 Protocols in TLS SSL Schannel SSP Microsoft 2022 05 25 Retrieved 2023 11 18 Protocols in TLS SSL Schannel SSP 25 May 2022 Retrieved 6 November 2022 badger the 1 3 stuff is apparently in iOS 11 and macOS 10 13 2018 03 09 Retrieved 2018 03 09 wolfssl wolfSSL 3 6 6 Released 2015 08 20 Retrieved 2015 08 24 wolfssl wolfSSL 3 13 0 Released 2017 12 21 Retrieved 2022 01 17 Erlang Standards Compliance a b c Security Enhancements in JDK 8 docs oracle com Bug 663320 NSA Suite B TLS Implement RFC6460 NSA Suite B profile for TLS Mozilla Retrieved 2014 05 19 Introducing Compliance to Suite B Cryptography 18 September 2012 Speeds and Feeds Secure or Compliant Pick One Archived from the original on December 27 2013 Search Cryptographic Module Validation Program CSRC csrc nist gov Archived from the original on 2014 12 26 Retrieved 2014 03 18 Is botan FIPS 140 certified Frequently Asked Questions Botan Archived from the original on 2014 11 29 Retrieved 2014 11 16 Search Cryptographic Module Validation Program CSRC csrc nist gov 11 October 2016 cryptlib 11 October 2013 Archived from the original on 11 October 2013 B 5 Certification GnuTLS 3 7 7 Retrieved 26 September 2022 Matrix SSL Toolkit PDF Is mbed TLS FIPS certified Mbed TLS documentation Mbed TLS documentation FIPS Validation MozillaWiki wiki mozilla org OpenSSL and FIPS 140 2 Archived from the original on 2013 05 28 Retrieved 2014 11 15 Microsoft FIPS 140 Validated Cryptographic Modules wolfCrypt FIPS 140 2 Information wolfSSL Embedded SSL TLS Library a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah RFC 4492 a b c d e f GOST 28147 89 Cipher Suites for Transport Layer Security TLS I D draft chudov cryptopro cptls 04 a b c d e LibreSSL 2 1 2 released 2014 12 09 Retrieved 2015 01 20 NSS 3 20 release notes Mozilla 2015 08 19 Archived from the original on 2021 12 07 Retrieved 2015 08 20 a b c d Mozilla org Bug 518787 Add GOST crypto algorithm support in NSS Retrieved 2014 07 01 a b c d Mozilla org Bug 608725 Add Russian GOST cryptoalgorithms to NSS and Thunderbird Retrieved 2014 07 01 a b c d OpenSSL CVS Web Interface Archived from the original on 2013 04 15 Retrieved 2014 11 12 a b c d e f g h i j k l m n o Extensions to support GOST in Schannel might be available citation needed a b c d Microsoft Security Advisory 3174644 14 October 2022 a b c Microsoft Security Bulletin MS14 066 Critical Section Update FAQ Microsoft November 11 2014 Retrieved 11 November 2014 a b c Thomlinson Matt November 11 2014 Hundreds of Millions of Microsoft Customers Now Benefit from Best in Class Encryption Microsoft Security Retrieved 11 November 2014 a b Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8 1 and Windows Server 2012 R2 support microsoft com a b c d e f RFC 5054 a b c d e f RFC 4279 a b RFC 5489 a b RFC 2712 RSA BSAFE SSL J 6 2 4 Release Notes 2018 09 05 Archived from the original on 2018 09 10 a b c LibreSSL 2 0 4 released Retrieved 2014 08 04 a b c Bug 405155 add support for TLS SRP rfc5054 Mozilla Retrieved 2014 01 25 a b c d Bug 306435 Mozilla browsers should support the new IETF TLS PSK protocol to help reduce phishing Mozilla Retrieved 2014 01 25 Bug 1170510 Implement NSS server side support for DH anon Mozilla Retrieved 2015 06 03 Bug 236245 Update ECC TLS to conform to RFC 4492 Mozilla Retrieved 2014 06 09 Changes between 0 9 6h and 0 9 7 31 Dec 2002 Retrieved 2016 01 29 a b Changes between 0 9 8n and 1 0 0 29 Mar 2010 Retrieved 2016 01 29 wolfSSL Formerly CyaSSL Release 3 9 0 03 18 2016 2016 03 18 Retrieved 2016 04 05 RFC 5280 RFC 3280 RFC 2560 RFC 6698 RFC 7218 Laurie B Langley A Kasper E June 2013 Certificate Transparency IETF doi 10 17487 RFC6962 ISSN 2070 1721 RFC 6962 Retrieved 2020 08 31 MatrixSSL 3 8 3 Archived from the original on 2017 01 19 Retrieved 2017 01 18 mbed TLS 2 0 defaults implement best practices Retrieved 2017 01 18 Bug 672600 Use DNSSEC DANE chain stapled into TLS handshake in certificate chain validation Mozilla Retrieved 2014 06 18 CRL Validation Issue 3499 aws s2n tls GitHub Retrieved 2022 11 01 OCSP digest support for SHA 256 Issue 2854 aws s2n tls GitHub GitHub Retrieved 2022 11 01 RFC 6962 s2n Client can Validate Signed Certificate Timestamp TLS Extension Issue 457 aws s2n tls GitHub GitHub Retrieved 2022 11 01 a b How Certificate Revocation Works Microsoft TechNet Microsoft March 16 2012 Retrieved July 10 2013 a b RFC 5288 RFC 5289 a b RFC 6655 RFC 7251 a b RFC 6367 a b RFC 5932 RFC 6367 a b c d RFC 6209 a b RFC 4162 a b Sweet32 Birthday attacks on 64 bit block ciphers in TLS and OpenVPN sweet32 info a b RFC 7905 a b Version 1 11 12 2015 01 02 Botan 2015 01 02 Retrieved 2015 01 09 gnutls 3 6 0 2017 09 21 Retrieved 2018 01 07 gnutls 3 4 12 2016 05 20 Archived from the original on 2016 10 13 Retrieved 2016 05 29 Java SE DevelopmentK Kit 10 10 0 1 Release Notes 2018 04 17 Retrieved 2024 01 14 JDK 12 Release Notes Retrieved 2024 01 14 a b c d Changes in 3 8 3 GitHub Retrieved 2016 06 19 permanent dead link PolarSSL 1 3 8 release notes Archived from the original on 2014 07 14 a b Mbed TLS 2 11 0 2 7 4 and 2 1 13 released Retrieved 2018 08 30 Mbed TLS 2 12 0 2 7 5 and 2 1 14 released Retrieved 2018 08 30 NSS 3 25 release notes Mozilla Developer Network Mozilla Archived from the original on 2021 12 07 Retrieved 2016 07 01 Bug 940119 libssl does not support any TLS ECDHE CAMELLIA GCM cipher suites Mozilla Retrieved 2013 11 19 NSS 3 12 is released Retrieved 2013 11 19 NSS 3 12 3 Release Notes Mozilla Developer Network Mozilla Archived from the original on 2023 04 02 Retrieved 2023 04 01 NSS 3 23 release notes Mozilla Developer Network Mozilla Archived from the original on 2021 04 14 Retrieved 2016 03 09 openssl CHANGES at OpenSSL 1 0 1 stable openssl openssl GitHub Retrieved 2015 01 20 span, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.