| 释义 |
- Overview
- Protocol support
- NSA Suite B Cryptography
- Certifications
- Key exchange algorithms (certificate-only)
- Key exchange algorithms (alternative key-exchanges)
- Certificate verification methods
- Encryption algorithms Obsolete algorithms
- Supported elliptic curves
- Data integrity
- Compression
- Extensions
- Assisted cryptography
- System-specific backends
- Cryptographic module/token support
- Code dependencies
- Development environment
- Portability concerns
- See also
- References
The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source. All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol. Overview | Implementation | Developed by | Open source | Software license | Copyright owner | Written in | Latest stable version, release date | Origin |
|---|
| Botan | Jack Lloyd | {{yes}} | Simplified BSD License}} | Jack Lloyd | C++ | {{Latest stable software release/Botan}} | US (Vermont) | |
| BoringSSL | Google | {{yes}} | OpenSSL-SSLeay dual-license, ISC license}} | Eric Young, Tim Hudson, Sun, OpenSSL project, Google, and others | C, C++, Go, assembly | ?? | Australia/EU | | Bouncy Castle | The Legion of the Bouncy Castle Inc. | {{Yes}} | MIT License}} | Legion of the Bouncy Castle Inc. | Java, C# | {{Latest stable software release/Bouncy Castle}} | Australia | | cryptlib | Peter Gutmann | {{yes}} | Sleepycat License}} and commercial license | Peter Gutmann | C | {{Latest stable software release/cryptlib}} | NZ | | GnuTLS | GnuTLS project | {{yes}} | GNU LGPLv2.1+}} | Free Software Foundation | C | {{Latest stable software release/GnuTLS}} | EU (Greece and Sweden) | | Java Secure Socket Extension (JSSE) | Oracle | {{Yes}} | GNU GPLv2}} and commercial license | Oracle | Java | {{Latest stable software release/Java (software platform)}} | US | | LibreSSL | OpenBSD Project | {{yes}} | Apache License 1.0, 4-clause BSD License, ISC License, and some are public domain}} | Eric Young, Tim Hudson, Sun, OpenSSL project, OpenBSD Project, and others | C, assembly | {{Latest stable software release/LibreSSL}} | Canada | | MatrixSSL[1] | PeerSec Networks | {{yes}} | GNU GPLv2+}} and commercial license | PeerSec Networks | C | {{Latest stable software release/MatrixSSL}} | US | | mbed TLS (previously PolarSSL) | ARM | {{yes}} | Apache License 2.0, GNU GPLv2+}} and commercial license | ARM Holdings | C | {{Latest stable software release/mbed TLS}} | EU (Netherlands) | | Network Security Services (NSS) | Mozilla, AOL, Red Hat, Sun, Oracle, Google and others | {{yes}} | MPL 2.0}} | NSS contributors | C, assembly | {{Latest stable software release/Network Security Services}} | US | | OpenSSL | OpenSSL project | {{yes}} | OpenSSL-SSLeay dual-license}} | Eric Young, Tim Hudson, Sun, OpenSSL project, and others | C, assembly | {{Latest stable software release/OpenSSL}} | Australia/EU | | RSA BSAFE SSL-J | RSA Security | {{no}} | {{proprietary}} | RSA Security | Java | 6.2.4 | Australia | | RSA BSAFE Micro-Edition Suite | RSA Security | {{no}} | {{proprietary}} | RSA Security | C, assembly | 4.1.6.1 | Australia | | S2n | Amazon | {{yes}} | Apache License 2.0, GNU GPLv2+}} and commercial license | Amazon, Inc. | C | Continuous | US | | SChannel | Microsoft | {{no}} | {{proprietary}} | Microsoft Inc. | Windows 10, 2015-07-29 | US | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | Apple Inc. | {{Yes}} | APSL 2.0}} | Apple Inc. | 57337.20.44 (OS X 10.11.2), 2015-12-08 | US | | wolfSSL (previously CyaSSL) | wolfSSL[2] | {{yes}} | GNU GPLv2+}} and commercial license | wolfSSL Inc.[3] | C | {{Latest stable software release/wolfSSL}} | US | | Erlang/OTP SSL application | Ericsson | {{yes}} | Apache License 2.0}} | Ericsson | Erlang | OTP-21, 2018-06-19 | Sweden | |
| Implementation | Developed by | Open source | Software license | Copyright owner | Written in | Latest stable version, release date | Origin |
|---|
Protocol support Several versions of the TLS protocol exist. SSL 2.0 is a deprecated[4] protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.[5] TLS 1.1 (2006) fixed only one of the problems, by switching to random initialization vectors (IV) for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC7366.[6] A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011,[7] so from a security perspective, all existing version of TLS 1.0, 1.1 and 1.2 provide equivalent strength in the base protocol and are suitable for 128-bit security according to NIST SP800-57 up to at least 2030. In 2014, the POODLE vulnerability of SSL 3.0 was discovered, which takes advantage the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.[8] TLS 1.2 (2008) introduced a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).[9] Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012.[10]Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. With the exception of the predictable IVs (for which an easy workaround exists) all currently known vulnerabilities affect all version of TLS 1.0/1.1/1.2 alike.[11] | Implementation | SSL 2.0 (insecure)[12] | SSL 3.0 (insecure)[13] | TLS 1.0[14] | TLS 1.1[15] | TLS 1.2[16] | TLS 1.3 | DTLS 1.0[16] | DTLS 1.2[10] |
|---|
| Botan | No}} | No}}[17] | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | BoringSSL | {{yes}} | {{yes}} | {{yes}} | Yes}}
(draft version) | {{yes}} | {{yes}} | | Bouncy Castle | No}} | No}} | {{yes}} | {{yes}} | {{yes}} | Yes}}
(draft version) | {{yes}} | {{yes}} | | cryptlib | No}} | Disabled by default at compile time}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | GnuTLS | No}}{{cref2|group=protocolsupport|a}} | Disabled by default}}[18] | {{yes}} | {{yes}} | {{yes}} | Yes}}[19] | {{yes}} | {{yes}} | | JSSE | No}}{{cref2|group=protocolsupport|a}} | Disabled by default}}[20] | {{yes}} | {{yes}} | {{yes}} | Yes
(JDK 11+)}}[21] | {{yes}} | {{yes}} | | LibreSSL | No}}[22] | No}}[23] | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | MatrixSSL | No}} | Disabled by default at compile time}}[24] | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | mbed TLS | No}} | Disabled by default}}[27] | {{yes}} | {{yes}} | {{yes}} | {{yes}}[25] | {{yes}}[25] | | NSS | No}}{{cref2|group=protocolsupport|b}} | Disabled by default}}[26] | {{yes}} | {{yes}}[27] | {{yes}}[28] | {{yes}}[29] | {{yes}}[27] | {{yes}}[30] | | OpenSSL | No}}[36] | Disabled by default}} | {{yes}} | {{yes}}[31] | {{yes}}[31] | {{yes}} | {{yes}} | {{yes}}[32] | | RSA BSAFE[33] | No}} | Disabled by default}} | {{yes}} | {{yes}} | {{yes}} | Not yet}} | {{no}} | {{no}} | | S2n[34] | No}} | Disabled by default}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | SChannel XP, 2003[35] | Disabled by default in MSIE 7}} | Enabled by default}} | Enabled by default in MSIE 7}} | {{no}} | {{no}} | {{no}} | {{no}} | | SChannel Vista[36] | Disabled by default}} | Enabled by default}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | |
| SChannel 2008[36] | Disabled by default}} | Enabled by default}} | {{yes}} | Disabled by default (KB4019276)}} | Disabled by default (KB4019276)}} | {{no}} | {{no}} | | SChannel 7, 2008R2[37] | Disabled by default}} | Disabled by default in MSIE 11}} | {{yes}} | Enabled by default in MSIE 11}} | Enabled by default in MSIE 11}} | {{yes}}[38] | {{no}}[38] | | SChannel 8, 2012[37] | Disabled by default}} | Enabled by default}} | {{yes}} | Disabled by default}} | Disabled by default}} | {{yes}} | {{no}} | | SChannel 8.1, 2012R2, 10 v1507 & v1511[37] | Disabled by default}} | Disabled by default in MSIE 11}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | SChannel 10 v1607 / 2016[39] | No}} | Disabled by default}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.2-10.7, iOS 1-4 | Yes}} | Yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.8-10.10, iOS 5-8 | No}}{{cref2|group=protocolsupport|c}} | Yes}} | {{yes}} | group=protocolsupport|c}} | group=protocolsupport|c}} | group=protocolsupport|c}} | {{no}} | | Secure Transport OS X 10.11, iOS 9 | No}} | No}}{{cref2|group=protocolsupport|c}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{Unknown}} | | Secure Transport OS X 10.13, iOS 11 | No}} | No}}{{cref2|group=protocolsupport|c}} | {{yes}} | {{yes}} | {{yes}} | Yes}}
(draft version)[40] | {{yes}} | {{Unknown}} | | wolfSSL | No}} | Disabled by default}}[41] | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | Erlang/OTP SSL application | No}} | Disabled by default}} | {{yes}} | {{yes}} | {{yes}} | Not yet}} | {{yes}} | {{yes}} | |
| Implementation | SSL 2.0 (insecure)[12] | SSL 3.0 (insecure)[13] | TLS 1.0[14] | TLS 1.1[15] | TLS 1.2[16] | TLS 1.3 | DTLS 1.0[16] | DTLS 1.2[10] |
|---|
{{cnote2 begin | liststyle=lower-alpha}}{{cnote2 | group=protocolsupport | a | SSL 2.0 client hello is supported even though SSL 2.0 is not supported or is disabled because of the backward compatibilities.}}{{cnote2 | group=protocolsupport | b | Server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages.[42]}}{{cnote2 | group=protocolsupport | c | Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later.[43]}}[44]{{cnote2 end}} NSA Suite B Cryptography Required components for NSA Suite B Cryptography (RFC 6460) are: - Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. For traffic flow, AES should be used with either the Counter Mode (CTR) for low bandwidth traffic or the Galois/Counter Mode (GCM) mode of operation for high bandwidth traffic (see Block cipher modes of operation) — symmetric encryption
- Elliptic Curve Digital Signature Algorithm (ECDSA) — digital signatures
- Elliptic Curve Diffie–Hellman (ECDH) — key agreement
- Secure Hash Algorithm 2 (SHA-256 and SHA-384) — message digest
Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information. | Implementation | TLS 1.2 Suite B |
|---|
| Botan | {{yes}} | | Bouncy Castle | {{yes}} | | cryptlib | {{yes}} | | GnuTLS | {{yes}} | | JSSE | {{yes}}[45] | | LibreSSL | {{yes}} | | MatrixSSL | {{yes}} | | mbed TLS | {{yes}} | | NSS | {{no}}[46] | | OpenSSL | {{yes}}[32] | | RSA BSAFE | {{yes}}[33] | | S2n | | SChannel | {{yes}}[47] | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{no}} | | wolfSSL | {{yes}} | |
| Implementation | TLS 1.2 Suite B |
|---|
Certifications Note that certain certifications have received serious negative criticism from people who are actually involved in them.[48] | Implementation | FIPS 140-1, FIPS 140-2[49] | Common Criteria | Embedded FIPS Solution |
|---|
| Level 1 | FIPS140-2|date=January 2015 |
|---|
| Botan[50] | | Bouncy Castle | BC-FJA 1.0.0 (#2768)
BC-FJA 1.0.1 (#3152)}} | | cryptlib[51] | | GnuTLS[52] | Red Hat Enterprise Linux GnuTLS Cryptographic Module (#2780)}} | | JSSE | | LibreSSL[22] | no support | | MatrixSSL[53] | SafeZone FIPS Cryptographic Module: 1.1 (#2389)}} | | mbed TLS[54] | | NSS[55] | Network Security Services: 3.2.2 (#247)
Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837)}} | Netscape Security Module: 1 (#7[56]), 1.01 (#47[57])
Network Security Services: 3.2.2 (#248[58])
Network Security Services Cryptographic Module: 3.11.4 (#814[59]), 3.12.4 (#1279, #1280[60])}} | | OpenSSL[61] | OpenSSL FIPS Object Module: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051)
2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)}} | | RSA BSAFE Micro-Edition Suite[62] | Crypto-C ME 3.0.0.1 (#1092)
Crypto-C ME 4.0.1 / 4.0.2.5 (#2047, #2056, #2097, #2217)
Crypto-C ME 4.1 / 4.1.0.1 / 4.1.2 / 4.1.3.2 (#2294, #2300)}} | {{yes}} | | RSA BSAFE SSL-J[63] | Crypto-J 6.0 (#1785, #1786)
Crypto-J 6.1 / 6.1.1.0.1 (#2057, #2058)
Crypto-J 6.2 / 6.2.1.1 (#2468, #2469)
Crypto-J 6.2.4 (#3172, #3184)}} | {{yes}} | | SChannel[64] | Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8
See details on [https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140 Microsoft FIPS 140 Validated Cryptographic Modules]}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | Apple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701)
Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016)
Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7 , #2020, #2021)}} | | wolfSSL[65] | wolfCrypt FIPS Module: 4.0 (#3389)
See details on [https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Certificate/3389 NIST certificate] for validated Operating Environments
wolfCrypt FIPS Module: 3.6.0 (#2425)
See details on [https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2425 NIST certificate] for validated Operating Environments
}} | {{yes}} | |
| Implementation | Level 1 | Level 2 | Common Criteria | Embedded FIPS Solution |
|---|
| FIPS 140-1, FIPS 140-2 |
|---|
1. ^The features listed are for the closed source version
2. ^{{cite web | url=https://www.wolfssl.com/wolfSSL/Products-wolfssl.html | title=wolfSSL product description | accessdate=2016-05-03}}
3. ^{{cite web | url=https://www.wolfssl.com | title=wolfSSL Embedded SSL/TLS | accessdate=2016-05-03}}
4. ^[//tools.ietf.org/html/rfc6176 RFC6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0]
5. ^{{cite web|url=http://infoscience.epfl.ch/record/52417/files/IC_TECH_REPORT_200150.pdf|title="CBC-Padding: Security Flaws in SSL, IPsec, WTLS,...", Serge Vaudenay, 2001|publisher=}}
6. ^[//tools.ietf.org/html/rfc7366 RFC7366: Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security]
7. ^{{cite web|url=https://www.educatedguesswork.org/2011/11/rizzoduong_beast_countermeasur.html|title=Rizzo/Duong BEAST Countermeasures|publisher=}}
8. ^{{cite web | url=https://www.openssl.org/~bodo/ssl-poodle.pdf | title=This POODLE Bites: Exploiting The SSL 3.0 Fallback | date=September 2014 | accessdate=15 October 2014 |author1=Möller, Bodo |author2=Duong, Thai |author3=Kotowicz, Krzysztof }}
9. ^[//tools.ietf.org/html/rfc5246#section-1.2 TLSv1.2's Major Differences from TLSv1.1]
10. ^1 2 RFC 6347
11. ^{{cite web | title = Bard attack | citeseerx = 10.1.1.61.5887 }}
12. ^1 {{cite web|url=https://tools.ietf.org/html/draft-hickman-netscape-ssl-00|title=draft-hickman-netscape-ssl-00|website=tools.ietf.org}}
13. ^1 RFC 6101
14. ^1 RFC 2246
15. ^1 RFC 4346
16. ^1 RFC 4347
17. ^{{cite web|url=http://botan.randombit.net/relnotes/1_11_13.html|title=Version 1.11.13, 2015-01-11 — Botan|date=2015-01-11|accessdate=2015-01-16|deadurl=yes|archiveurl=https://web.archive.org/web/20150109154102/http://botan.randombit.net/relnotes/1_11_13.html|archivedate=2015-01-09|df=}}
18. ^1 2 3 4 5 {{cite web|url=http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html|title=[gnutls-devel] GnuTLS 3.4.0 released|date=2015-04-08|accessdate=2015-04-16}}
19. ^{{cite web|url=https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008584.html|title=[gnutls-devel] GnuTLS 3.6.3| date=2018-07-16|accessdate=2018-09-16}}
20. ^{{cite web|url=http://www.oracle.com/technetwork/java/javase/8u31-relnotes-2389094.html|title=Java™ SE Development Kit 8, Update 31 Release Notes|accessdate=2015-01-22}}
21. ^{{cite web|url=https://bugs.openjdk.java.net/browse/JDK-8145252|title=JEP 332: Transport Layer Security (TLS) 1.3|accessdate=2018-08-27}}
22. ^1 2 3 4 5 6 7 8 9 10 11 12 {{cite web|url=https://marc.info/?l=openbsd-announce&m=141486254309079|title=OpenBSD 5.6 Released|date=2014-11-01|accessdate=2015-01-20}}
23. ^{{cite web| title = LibreSSL 2.3.0 Released| url = https://marc.info/?l=openbsd-announce&m=144304330731220| date = 2015-09-23| accessdate = 2015-09-24}}
24. ^{{cite web|url=http://www.matrixssl.org/news.html|title=MatrixSSL - News|accessdate=2014-11-09|deadurl=yes|archiveurl=https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html|archivedate=2015-02-14|df=}}
25. ^1 2 3 4 {{cite web | title = mbed TLS 2.0.0 released | url = https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released | date = 2015-07-10 | accessdate = 2015-07-14}}
26. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes|work=Mozilla Developer Network|title=NSS 3.19 release notes|publisher=Mozilla|accessdate=2015-05-06}}
27. ^1 {{cite web|url=https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes|work=Mozilla Developer Network|title=NSS 3.14 release notes|publisher=Mozilla|accessdate=2012-10-27}}
28. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes|work=Mozilla Developer Network|title=NSS 3.15.1 release notes|publisher=Mozilla|accessdate=2013-08-10}}
29. ^{{cite web| url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes#Notable_Changes_in_NSS_3.39| title=NSS 3.39 release notes| date=2018-08-31| work=Mozilla Developer Network| publisher=Mozilla| accessdate=2018-09-15}}
30. ^{{cite web| url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes| title=NSS 3.16.2 release notes| date=2014-06-30| work=Mozilla Developer Network| publisher=Mozilla| accessdate=2014-06-30}}
31. ^1 {{cite web|title=Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] |url=https://www.openssl.org/news/openssl-1.0.1-notes.html |date=2012-03-14 |accessdate=2015-01-20 |deadurl=yes |archiveurl=https://web.archive.org/web/20141205180836/http://www.openssl.org/news/openssl-1.0.1-notes.html |archivedate=December 5, 2014 }}
32. ^1 2 3 4 5 {{cite web|url=https://www.openssl.org/news/openssl-1.0.2-notes.html |title=Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] |accessdate=2015-01-22 |deadurl=yes |archiveurl=https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html |archivedate=September 4, 2014 }}
33. ^1 2 {{cite web| title = RSA BSAFE Technical Specification Comparison Tables| url = http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf}}
34. ^{{cite web| title = S2N Readme| url = https://github.com/awslabs/s2n/blob/master/README.md}}
35. ^{{cite web|url=http://msdn.microsoft.com/en-us/library/aa380512.aspx|title=TLS Cipher Suites (Windows)|website=msdn.microsoft.com}}
36. ^1 {{cite web|url=http://msdn.microsoft.com/en-us/library/ff468651.aspx|title=TLS Cipher Suites in Windows Vista (Windows)|website=msdn.microsoft.com}}
37. ^1 2 {{cite web|url=http://msdn.microsoft.com/en-us/library/aa374757.aspx|title=Cipher Suites in TLS/SSL (Schannel SSP) (Windows)|website=msdn.microsoft.com}}
38. ^1 {{cite web|title=An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1|url=http://support.microsoft.com/kb/2574819/en-us|publisher=Microsoft|accessdate=13 November 2012}}
39. ^{{Cite web |date=2017-03-21 |url=https://technet.microsoft.com/en-us/windows-server-docs/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server-2016 |title=TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016 |publisher=Microsoft |accessdate=2017-03-29 |deadurl=yes |archiveurl=https://web.archive.org/web/20170330011044/https://technet.microsoft.com/en-us/windows-server-docs/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server-2016 |archivedate=2017-03-30 |df= }}
40. ^{{cite web|url=https://twitter.com/bagder/status/972234259774820352|title=@badger: the 1.3 stuff is apparently in iOS 11 and macOS 10.13.|date=2018-03-09|accessdate=2018-03-09}}
41. ^{{cite web|url=http://wolfssl.com/wolfSSL/Blog/Entries/2015/8/24_wolfSSL_3.6.6_is_Now_Available.html|title=[wolfssl] wolfSSL 3.6.6 Released|date=2015-08-20|accessdate=2015-08-24}}
42. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes|work=Mozilla Developer Network|title=NSS 3.24 release notes|publisher=Mozilla|accessdate=2016-06-19}}
43. ^{{cite web|url=https://developer.apple.com/library/ios/technotes/tn2287/|work=iOS Developer Library|title=Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues|publisher=Apple Inc.|accessdate=2012-05-03}}
44. ^{{cite web|url=https://dev.ssllabs.com/ssltest/clients.html|title=Qualys SSL Labs - Projects / User Agent Capabilities|website=dev.ssllabs.com}}
45. ^1 2 {{cite web|url=http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html|title=Security Enhancements in JDK 8|website=docs.oracle.com}}
46. ^{{cite web |url=https://bugzilla.mozilla.org/show_bug.cgi?id=663320 |title=Bug 663320 - (NSA-Suite-B-TLS) Implement RFC6460 (NSA Suite B profile for TLS) |publisher=Mozilla |accessdate=2014-05-19}}
47. ^ https://technet.microsoft.com/en-us/library/dd566200(v=ws.10).aspx
48. ^"Secure or Compliant, Pick One" Steve Marquess blog {{webarchive |url=https://web.archive.org/web/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/ |date=December 27, 2013 }}
49. ^{{cite web|url=http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm|title=Search - Cryptographic Module Validation Program - CSRC|website=csrc.nist.gov}}
50. ^{{cite web|url=http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified|title="Is botan FIPS 140 certified?" Frequently Asked Questions — Botan|publisher=}}
51. ^{{cite web|url=https://web.archive.org/web/20131011085917/http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8|title=cryptlib|date=11 October 2013|publisher=}}
52. ^"While, as a free software project, we are not actively pursuing this kind of certification, GnuTLS has been FIPS-140-2 certified in several systems by third parties." GnuTLS 3.5.6 B.5 Certification
53. ^{{cite web|url=http://cdn2.hubspot.net/hub/327778/file-618993629-pdf/Matrix+SSL-3.pdf|title=Matrix SSL Toolkit|publisher=}}
54. ^{{cite web|url=https://polarssl.org/kb/generic/is-polarssl-fips-certified|title=Is mbed TLS FIPS certified? - Knowledge Base|first=ARM|last=Limited|website=polarssl.org}}
55. ^{{cite web|url=https://wiki.mozilla.org/FIPS_Validation|title=FIPS Validation - MozillaWiki|website=wiki.mozilla.org}}
56. ^with Sun Sparc 5 w/ Sun Solaris v 2.4SE (ITSEC-rated)
57. ^with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated)
58. ^with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1
59. ^with these platforms; Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU, Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU
60. ^with these platforms; Red Hat Enterprise Linux v5 running on an IBM System x3550, Red Hat Enterprise Linux v5 running on an HP ProLiant DL145, Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation, Sun Solaris 10 5/08 running on a Sun W2100z workstation
61. ^{{cite web|url=https://www.openssl.org/docs/fips/fipsnotes.html|title=OpenSSL and FIPS 140-2|publisher=}}
62. ^{{cite web|url=https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search|title=Search - Cryptographic Module Validation Program - CSRC|website=csrc.nist.gov}}
63. ^{{cite web|url=https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search|title=Search - Cryptographic Module Validation Program - CSRC|website=csrc.nist.gov}}
64. ^[https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140 Microsoft FIPS 140 Validated Cryptographic Modules]
65. ^{{cite web|url=http://www.wolfssl.com/yaSSL/fips.html|title=wolfCrypt FIPS 140-2 Information - wolfSSL Embedded SSL/TLS Library|publisher=}}
66. ^1 2 3 4 5 6 7 8 9 10 11 RFC 5246
67. ^1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 RFC 4492
68. ^1 2 3 4 5 [//tools.ietf.org/html/draft-chudov-cryptopro-cptls-04 draft-chudov-cryptopro-cptls-04 - GOST 28147-89 Cipher Suites for Transport Layer Security (TLS)]
69. ^1 2 3 Extensions to support JSSE in SChannel might be available.{{citation needed|date=November 2014}}
70. ^1 2 3 4 {{cite web|title = LibreSSL 2.1.2 released|url = https://marc.info/?l=openbsd-announce&m=141809396501638| date = 2014-12-09| accessdate = 2015-01-20}}
71. ^{{cite web | url = https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes | title = NSS 3.20 release notes | publisher = Mozilla | date = 2015-08-19 | accessdate = 2015-08-20}}
72. ^1 2 3 {{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=518787|title=Bug 518787 - Add GOST crypto algorithm support in NSS |author=Mozilla.org|accessdate=2014-07-01}}
73. ^1 2 3 {{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=608725|title=Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird |author=Mozilla.org|accessdate=2014-07-01}}
74. ^1 2 3 openssl/engines/ccgost/README.gost{{dead link|date=January 2018 |bot=TheDragonFire |fix-attempted=yes }}
75. ^1 2 3 4 5 6 7 8 9 10 11 12 13 14 Extensions to support GOST in SChannel might be available.{{citation needed|date=November 2014}}
76. ^https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644
77. ^1 2 {{cite web | url=https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC | title=Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ) | publisher=Microsoft | date=November 11, 2014 | accessdate=11 November 2014}}
78. ^1 2 {{cite web | url=http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/ | title=Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption | publisher=Microsoft Security | date=November 11, 2014 | accessdate=11 November 2014 | author=Thomlinson, Matt}}
79. ^1 Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2
80. ^https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644
81. ^https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644
82. ^https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644
83. ^1 2 3 4 5 RFC 5054
84. ^1 2 3 4 5 RFC 4279
85. ^1 RFC 5489
86. ^1 RFC 2712
87. ^1 2 {{cite web |url=https://marc.info/?l=openbsd-tech&m=140710904403657 |title=LibreSSL 2.0.4 released |accessdate=2014-08-04}}
88. ^1 2 {{cite web |url=https://bugzilla.mozilla.org/show_bug.cgi?id=405155 |title=Bug 405155 - add support for TLS-SRP, rfc5054 |publisher=Mozilla |accessdate=2014-01-25}}
89. ^1 2 3 {{cite web |url=https://bugzilla.mozilla.org/show_bug.cgi?id=306435 |title=Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing |publisher=Mozilla |accessdate=2014-01-25}}
90. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1170510|title=Bug 1170510 - Implement NSS server side support for DH_anon |publisher=Mozilla|accessdate=2015-06-03}}
91. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=236245|title=Bug 236245 - Update ECC/TLS to conform to RFC 4492 |publisher=Mozilla|accessdate=2014-06-09}}
92. ^{{cite web|url=https://www.openssl.org/news/changelog.html#x58|title=Changes between 0.9.6h and 0.9.7 [31 Dec 2002]|accessdate=2016-01-29}}
93. ^1 {{cite web|url=https://www.openssl.org/news/changelog.html#x29|title=Changes between 0.9.8n and 1.0.0 [29 Mar 2010]|accessdate=2016-01-29}}
94. ^{{cite web|url=https://community.rsa.com/docs/DOC-95884|title=RSA BSAFE SSL-J 6.2.4 Release Notes|date=2018-09-05}}
95. ^{{cite web|url=https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html|title=wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016)|date=2016-03-18|accessdate=2016-04-05}}
96. ^1 RFC 5280
97. ^1 RFC 3280
98. ^1 RFC 2560
99. ^1 RFC 6698, RFC 7218
100. ^{{cite web|url=http://www.matrixssl.org/blog/releases/matrixssl_3_8_3|title=MatrixSSL 3.8.3|accessdate=2017-01-18}}
101. ^{{cite web|url=https://tls.mbed.org/tech-updates/blog/mbedtls-2.0-defaults-best-practices|title=mbed TLS 2.0 defaults implement best practices|accessdate=2017-01-18}}
102. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=672600|title=Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation |publisher=Mozilla|accessdate=2014-06-18}}
103. ^1 {{cite web |url=https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx |title=How Certificate Revocation Works |author= |date=March 16, 2012 |website=Microsoft TechNet |publisher=Microsoft |accessdate=July 10, 2013}}
104. ^1 RFC 5288, RFC 5289
105. ^1 RFC 6655, RFC 7251
106. ^1 RFC 6367
107. ^1 RFC 5932, RFC 6367
108. ^1 2 3 RFC 6209
109. ^1 RFC 4162
110. ^1 {{cite web|url=https://sweet32.info/|title=Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN|website=sweet32.info}}
111. ^1 This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.
112. ^1 RFC 7905
113. ^1 authentication only, no encryption
114. ^1 {{cite web|url=http://botan.randombit.net/relnotes/1_11_12.html|title=Version 1.11.12, 2015-01-02 — Botan|date=2015-01-02|accessdate=2015-01-09}}
115. ^{{cite web|url=https://lwn.net/Articles/731694/|title=gnutls 3.6.0|date=2017-09-21|accessdate=2018-01-07}}
116. ^{{cite web|url=http://permalink.gmane.org/gmane.network.gnutls.general/4131|title=gnutls 3.4.12|date=2016-05-20|accessdate=2016-05-29}}
117. ^{{cite web|url=http://www.oracle.com/technetwork/java/javase/10-0-1-relnotes-4308875.html|title=JDK 10.0.1 Release Notes|date=2018-04-18|accessdate=2018-08-27}}
118. ^1 2 3 {{cite web|url=https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383|title=Changes in 3.8.3|accessdate=2016-06-19}}
119. ^{{cite web|url=https://polarssl.org/tech-updates/releases/polarssl-1.3.8-released:|title=PolarSSL 1.3.8 release notes|publisher=}}
120. ^1 {{cite web|url=https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released|title=Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released|accessdate=2018-08-30}}
121. ^{{cite web|url=https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released|title=Mbed TLS 2.12.0, 2.7.5 and 2.1.14 released|accessdate=2018-08-30}}
122. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes|work=Mozilla Developer Network|title=NSS 3.25 release notes|publisher=Mozilla|accessdate=2016-07-01}}
123. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=940119|title=Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites|publisher=Mozilla|accessdate=2013-11-19}}
124. ^This algorithm is implemented in an NSS fork used by Pale Moon.
125. ^{{cite web|url=https://groups.google.com/forum/?hl=ja#!searchin/mozilla.dev.tech.crypto/camellia/mozilla.dev.tech.crypto/3NTvSYkF9MQ/O7Aj7oeiff8J|title=NSS 3.12 is released|accessdate=2013-11-19}}
126. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/release_notes.html/NSS_3.12.3_release_notes.html|work=Mozilla Developer Network|title=NSS 3.12.3 Release Notes|publisher=Mozilla|accessdate=2014-07-01}}
127. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes|work=Mozilla Developer Network|title=NSS 3.23 release notes|publisher=Mozilla|accessdate=2016-03-09}}
128. ^{{cite web|url=https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES|title=openssl/CHANGES at OpenSSL_1_0_1-stable · openssl/openssl|accessdate=2015-01-20}}
129. ^1 2 3 4 5 6 7 8 9 10 11 {{cite web|url=https://www.openssl.org/news/openssl-1.1.0-notes.html|title=/news/openssl-1.1.0-notes.html|first=OpenSSL Foundation,|last=Inc.|website=www.openssl.org}}
130. ^Hofix 984963: TLS AES cipher suites for Microsoft Windows 2003
131. ^1 2 {{cite web|url=https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview|title=Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview|website=dev.ssllabs.com}}
132. ^RFC 5469
133. ^https://sweet32.info
134. ^1 2 3 4 5 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later.
135. ^1 The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465.
136. ^1 The RC4 attacks weaken or break RC4 used in SSL/TLS.
137. ^{{cite web|url=http://botan.randombit.net/relnotes/1_11_15.html|title=Version 1.11.15, 2015-03-08 — Botan|date=2015-03-08|accessdate=2015-03-11}}
138. ^{{cite web|url=http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html|title=Java Cryptography Architecture Oracle Providers Documentation|website=docs.oracle.com}}
139. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes|work=Mozilla Developer Network|title=NSS 3.15.3 release notes|publisher=Mozilla|accessdate=2014-07-13}}
140. ^{{cite web|url=https://www.mozilla.org/security/announce/2013/mfsa2013-103.html|work=Mozilla|title=MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities|publisher=Mozilla|accessdate=2014-07-13}}
141. ^1 2 {{cite web|url=https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/|title=RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog|website=blogs.windows.com}}
142. ^1 {{cite web|url=https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html|title=wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)|date=2015-10-26|accessdate=2015-11-19}}
143. ^https://sweet32.info
144. ^1 2 3 Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes {{cite book|author=Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart|title=A cross-protocol attack on the TLS protocol. Proceedings of the 2012 ACM conference on Computer and communications security|year=2012|isbn=978-1-4503-1651-4|url=https://www.cosic.esat.kuleuven.be/publications/article-2216.pdf|pages=62–72}}
145. ^1 2 RFC 7027
146. ^{{cite web|url=https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis|title=Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier|first1=Josefsson,|last1=Simon|first2=Nir,|last2=Yoav|first3=Pégourié-Gonnard,|last3=Manuel|website=tools.ietf.org}}
147. ^{{cite web|url=https://tools.ietf.org/html/draft-ietf-tls-curve25519|title=Curve25519 and Curve448 for Transport Layer Security (TLS)|first1=Josefsson,|last1=Simon|first2=Pégourié-Gonnard,|last2=Manuel|website=tools.ietf.org}}
148. ^1 2 3 4 5 6 7 8 9 {{cite web|url=https://tools.ietf.org/html/draft-josefsson-tls-additional-curves|title=Additional Elliptic Curves for Transport Layer Security (TLS) Key Agreement|first1=Josefsson,|last1=Simon|first2=Pégourié-Gonnard,|last2=Manuel|website=tools.ietf.org}}
149. ^1 2 {{cite web|url=http://botan.randombit.net/relnotes/1_11_5.html|title=Version 1.11.5, 2013-11-10 — Botan|date=2013-11-10|accessdate=2015-01-23}}
150. ^{{cite web|url=http://nmav.gnutls.org/2016/05/gnutls-3-5-0.html|title="An overview of the new features in GnuTLS 3.5.0"|date=2016-05-02|accessdate=2016-12-09}}
151. ^{{cite web|url=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.1-relnotes.txt|title=LibreSSL 2.5.1 release notes |publisher=OpenBSD|date=2017-01-31|accessdate=2017-02-23}}
152. ^{{cite web|url=https://github.com/matrixssl/matrixssl/blob/4-0-0-open/doc/CHANGES_v4.0.md|title=MatrixSSL 4.0 changelog|accessdate=2018-09-18}}
153. ^1 2 {{cite web|url=https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released|title=PolarSSL 1.3.1 released|date=2013-10-15|accessdate=2015-01-23}}
154. ^{{cite web|url=https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released|title=PolarSSL 1.3.3 released|date=2013-12-31|accessdate=2015-01-23}}
155. ^{{cite web|url=https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released|title=Mbed TLS 2.9.0, 2.7.3 and 2.1.12 released|accessdate=2018-08-30}}
156. ^1 2 {{cite web |url=https://bugzilla.mozilla.org/show_bug.cgi?id=943639 |title=Bug 943639 - Support for Brainpool ECC Curve (rfc5639) |publisher=Mozilla |accessdate=2014-01-25}}
157. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=957105|title=Bug 957105 - Add support for curve25519 Key Exchange and UMAC MAC support for TLS |publisher=Mozilla|accessdate=2017-02-23}}
158. ^{{cite web | url = https://www.openssl.org/news/cl110.txt | title = OpenSSL 1.1.0x Release Notes | date = 25 August 2016 | access-date = 18 May 2018}}
159. ^{{cite web | url = https://github.com/openssl/openssl/issues/487 | title = OpenSSL GitHub Issue #487 Tracker | date = 2 December 2015 | access-date = 18 May 2018}}
160. ^{{cite web | url = https://www.openssl.org/news/cl111.txt | title = OpenSSL 1.1.1x Release Notes | date = 1 May 2018 | access-date = 18 May 2018}}
161. ^{{cite web | url = https://github.com/openssl/openssl/issues/5049 | title = OpenSSL GitHub Issue #5049 Tracker | date = 9 January 2018 | access-date = 18 May 2018}}
162. ^{{cite web|url=https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html|title=wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)|date=2015-03-30|accessdate=2015-11-19}}
163. ^{{cite web|url=http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx|title=SHA2 and Windows|accessdate=2014-09-08}}
164. ^RFC 3749
165. ^RFC 5746
166. ^1 2 3 RFC 6066
167. ^RFC 7301
168. ^RFC 6091
169. ^RFC 4680
170. ^RFC 5077
171. ^RFC 5705
172. ^RFC 7366
173. ^RFC 7507
174. ^RFC 7627
175. ^RFC 7685
176. ^RFC 7250
177. ^{{cite web|url=https://botan.randombit.net/news.html#version-1-11-16-2015-03-29|title=Version 1.11.16, 2015-03-29 — Botan|date=2016-03-29|accessdate=2016-09-08}}
178. ^{{cite web|url=http://botan.randombit.net/relnotes/1_11_10.html|title=Version 1.11.10, 2014-12-10 — Botan|date=2014-12-10|accessdate=2014-12-14}}
179. ^1 {{cite web|url=http://botan.randombit.net/news.html#version-1-11-26-2016-01-04|title=Version 1.11.26, 2016-01-04 — Botan|date=2016-01-04|accessdate=2016-02-25}}
180. ^Present, but disabled by default due to lack of use by any implementation.
181. ^{{cite web|url=http://article.gmane.org/gmane.network.gnutls.general/3136|title=gnutls 3.2.0|accessdate=2015-01-26}}
182. ^https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008309.html
183. ^{{cite web|url=http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267|title=gnutls 3.4.4|accessdate=2015-08-25}}
184. ^{{cite web|url=https://gnutls.org/manual/html_node/Priority-Strings.html|title=%DUMBFW priority keyword|accessdate=2017-04-30}}
185. ^{{cite web| title = LibreSSL 2.1.3 released| url = https://marc.info/?l=openbsd-announce&m=142193407304782| date = 2015-01-22| accessdate = 2015-01-22}}
186. ^{{cite web| title = LibreSSL 2.1.4 released| url = https://marc.info/?l=openbsd-announce&m=142543818707898| date = 2015-03-04| accessdate = 2015-03-04}}
187. ^{{cite web |title = MatrixSSL - News |url = http://www.matrixssl.org/news.html |date = 2014-12-04 |accessdate = 2015-01-26 |deadurl = yes |archiveurl = https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html |archivedate = 2015-02-14 |df = }}
188. ^{{cite web|title=Download overview - PolarSSL|url=https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released|date=2014-04-11 |accessdate=2015-01-26}}
189. ^1 2 {{cite web|url=https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released|title=mbed TLS 1.3.10 released|date=2015-02-08|accessdate=2015-02-09}}
190. ^1 {{cite web|url=https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes|work=Mozilla Developer Network|title=NSS 3.15.5 release notes|publisher=Mozilla|accessdate=2015-01-26}}
191. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=961416|title=Bug 961416 - Support RFC6091 - Using OpenPGP Keys for Transport Layer Security Authentication (TLS1.2) |publisher=Mozilla|accessdate=2014-06-18}}
192. ^{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=972145|title=Bug 972145 - Implement the encrypt-then-MAC TLS extension |publisher=Mozilla|accessdate=2014-11-06}}
193. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes|title=NSS 3.17.1 release notes|accessdate=2014-10-17}}
194. ^{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes|title=NSS 3.21 release notes|accessdate=2015-11-14}}
195. ^http://www.openssl.org/news/secadv_20141015.txt
196. ^{{cite web|url=https://www.openssl.org/news/openssl-1.1.0-notes.htm|title=OpenSSL 1.1.0 Release Notesl}}
197. ^{{cite web|url=https://www.openssl.org/news/openssl-1.0.1-notes.html |title=Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] |date=2014-04-07 |accessdate=2015-02-10 |deadurl=yes |archiveurl=https://web.archive.org/web/20150120120428/https://www.openssl.org/news/openssl-1.0.1-notes.html |archivedate=2015-01-20 |df= }}
198. ^1 2 3 {{cite web|url=https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121|title=Microsoft Security Bulletin MS15-121|accessdate=2017-11-29}}
199. ^1 {{cite web|url=https://technet.microsoft.com/en-us/library/hh831771.aspx|title=What's New in TLS/SSL (Schannel SSP)|accessdate=2014-06-18}}
200. ^{{cite web|url=https://botan.randombit.net/news.html#version-1-11-31-2016-08-30|title=Version 1.11.31, 2015-08-30 — Botan|date=2016-08-30|accessdate=2016-09-08}}
201. ^https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.html
202. ^{{cite web|url=https://stackoverflow.com/questions/14259671/java-ssl-provider-with-aes-ni-support|title=Java SSL provider with AES-NI support|website=stackoverflow.com}}
203. ^{{cite web | url=https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released | title=We've incorporated support for AES-NI in our AES and GCM modules | date=2013-12-31 | accessdate=2014-01-07}}
204. ^Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens
205. ^{{cite web | url=https://bugzilla.mozilla.org/show_bug.cgi?id=706024 | title=Bug 706024 - AES-NI enhancements to NSS on Sandy Bridge systems | accessdate=2013-09-28}}
206. ^{{cite web | url=https://bugzilla.mozilla.org/show_bug.cgi?id=479744 | title=Bug 479744 - RFE : VIA Padlock ACE support (hardware RNG, AES, SHA1 and SHA256) | accessdate=2014-04-11}}
207. ^https://habrahabr.ru/post/134725/, http://forum.rutoken.ru/topic/1639/, https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184 {{ru icon}}
208. ^{{cite web|url=http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddacb8f27ba4c8a8d51c306c150e1a8703b008f2|title=git.openssl.org Git - openssl.git/commitdiff|website=git.openssl.org}}
209. ^https://opensource.apple.com/source/Security/Security-55179.13/sec/Security/SecECKey.c
210. ^http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT5396/Crypto_Officer_Role_Guide_for_FIPS_140-2_Compliance_OS_X_Mountain_Lion_v10.8.pdf
211. ^{{cite web|url=https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html|title=wolfSSL Asynchronous Intel QuickAssist Support - wolfSSL|date=18 January 2017|publisher=}}
212. ^{{cite web| title = LibreSSL 2.2.1 Released| url = http://marc.info/?l=openbsd-announce&m=143635991232240| date = 2015-07-08| accessdate = 2016-01-30}}
213. ^1 [//tools.ietf.org/html/rfc7512 RFC 7512]
214. ^{{cite web|url=https://github.com/OpenSC/libp11|title=libp11: PKCS#11 wrapper library|date=19 January 2018|publisher=|via=GitHub}}
215. ^On the fly replaceable/augmentable.
216. ^{{cite web|url=http://fedoraproject.org/wiki/Nss_compat_ossl|title=Nss compat ossl - Fedora Project Wiki|website=fedoraproject.org}}
217. ^1 {{cite web|url=https://www.mozilla.org/projects/nspr/|title=NSPR|website=Mozilla Developer Network}}
218. ^For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For other platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions it uses to determine randomness.
Key exchange algorithms (certificate-only) This section lists the certificate verification functionality available in the various implementations. | Implementation | RSA[66] | RSA-EXPORT (insecure)[66] | DHE-RSA (forward secrecy)[66] | DHE-DSS (forward secrecy)[66] | ECDH-ECDSA[67] | ECDHE-ECDSA (forward secrecy)[67] | ECDH-RSA[67] | ECDHE-RSA (forward secrecy)[67] | GOST R 34.10-94, 34.10-2001[68] |
|---|
| Botan | Disabled by default}} | No}} | {{yes}} | Disabled by default}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}} | | cryptlib | {{yes}} | No}} | {{yes}} | Yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | | GnuTLS | {{yes}} | No}} | {{yes}} | Disabled by default}}[18] | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}} | | JSSE | {{yes}} | Disabled by default}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}}[69] | | LibreSSL | {{yes}} | No}}[22] | {{yes}} | Yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}}[70] | | MatrixSSL | {{yes}} | No}} | {{yes}} | No}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | mbed TLS | {{yes}} | No}} | {{yes}} | No}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | NSS | {{yes}} | Disabled by default}} | {{Yes}}[71] | Yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}}[72][73] | | OpenSSL | {{yes}} | No}}[36] | {{yes}} | Disabled by default}}[36] | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}}[74] | | RSA BSAFE | {{yes}} | No}} | {{yes}} | Yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | SChannel XP/2003 | {{yes}} | Yes}} | {{no}} | XP: Max 1024 bits
2003: 1024 bits only}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}}[75] | | SChannel Vista/2008 | {{yes}} | Disabled by default}} | {{no}} | 1024 bits by default}}[76] | {{no}} | {{yes}} | {{no}} | except AES_GCM}} | {{no}}[75] | | SChannel 8/2012 | {{yes}} | Disabled by default}} | AES_GCM only}}[77][78][79] | 1024 bits by default}}[80] | {{no}} | {{yes}} | {{no}} | except AES_GCM}} | {{no}}[75] | | SChannel 7/2008R2, 8.1/2012R2 | {{yes}} | Disabled by default}} | {{yes}} | 2048 bits by default}}[81] | {{no}} | {{yes}} | {{no}} | except AES_GCM}} | {{no}}[75] | | SChannel 10 | {{yes}} | Disabled by default}} | {{yes}} | 2048 bits by default}}[82] | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}}[75] | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.6 | {{yes}} | Yes}} | except AES_GCM}} | Yes}} | {{yes}} | except AES_GCM}} | {{yes}} | except AES_GCM}} | {{no}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.8-10.10 | {{yes}} | No}} | except AES_GCM}} | No}} | {{yes}} | except AES_GCM}} | {{yes}} | except AES_GCM}} | {{no}} | | Secure Transport OS X 10.11 | {{yes}} | No}} | {{yes}} | No}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}} | | wolfSSL | {{yes}} | No}} | {{yes}} | No}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | Erlang/OTP SSL application | {{yes}} | No}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | |
| Implementation | RSA[66] | RSA-EXPORT (insecure)[66] | DHE-RSA (forward secrecy)[66] | DHE-DSS (forward secrecy)[66] | ECDH-ECDSA[67] | ECDHE-ECDSA (forward secrecy)[67] | ECDH-RSA[67] | ECDHE-RSA (forward secrecy)[67] | GOST R 34.10-94, 34.10-2001[68] |
|---|
Key exchange algorithms (alternative key-exchanges) | Implementation | SRP[83] | SRP-DSS[83] | SRP-RSA[83] | PSK-RSA[84] | PSK[84] | DHE-PSK (forward secrecy)[84] | ECDHE-PSK (forward secrecy)[85] | KRB5[86] | DH-ANON[66] (insecure) | ECDH-ANON[67] (insecure) |
|---|
| Botan | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | Disabled by default}} | Disabled by default}} | | cryptlib | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{no}} | {{unknown}} | No}} | No}} | | GnuTLS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | Disabled by default}} | Disabled by default}} | | JSSE | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{unknown}} | Disabled by default in Java 8}} | Disabled by default in Java 8}} | | LibreSSL | {{no}}[87] | {{no}}[87] | {{no}}[87] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | Yes}} | | MatrixSSL | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | Disabled by default}} | No}} | | mbed TLS | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | No}} | No}} | | NSS | {{no}}[88] | {{no}}[88] | {{no}}[88] | {{no}}[89] | {{no}}[89] | {{no}}[89] | {{no}}[89] | {{no}} | Client side only, disabled by default}}[90] | Disabled by default}}[91] | | OpenSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{Yes}}[92] | Disabled by default}}[93] | Disabled by default}}[93] | | RSA BSAFE Micro Edition Suite | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Disabled by default}} | Disabled by default}} | | RSA BSAFE SSL-J | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}}[94] | {{no}} | {{no}} | {{no}} | Disabled by default}} | Disabled by default}} | | SChannel | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | No}} | No}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{unknown}} | Yes}} | Yes}} | | wolfSSL | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}}[95] | {{no}} | No}} | No}} | | Erlang/OTP SSL application | Disabled by default}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | {{No}} | {{No}} | Disabled by default}} | Disabled by default}} | |
| Implementation | SRP[83] | SRP-DSS[83] | SRP-RSA[83] | PSK-RSA[84] | PSK[84] | DHE-PSK (forward secrecy)[84] | ECDHE-PSK (forward secrecy)[85] | KRB5[86] | DH-ANON[66] (insecure) | ECDH-ANON[67] (insecure) |
|---|
Certificate verification methods | Implementation | Application-defined | PKIX path validation[96] | CRL[97] | OCSP[98] | DANE (DNSSEC)[99] | Trust on First Use (TOFU) |
|---|
| Botan | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | Bouncy Castle | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | cryptlib | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | GnuTLS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | JSSE | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | LibreSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | MatrixSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}}[100] | {{no}} | {{no}} | | mbed TLS | {{yes}} | {{yes}} | {{yes}} | {{yes}}[101] | {{no}} | {{no}} | | NSS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}}[102] | {{no}} | | OpenSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | | RSA BSAFE | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | SChannel | {{unknown}} | {{yes}} | {{yes}}[103] | {{yes}}[103] | {{no}} | {{no}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | wolfSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | Erlang/OTP SSL application | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | |
| Implementation | Application-defined | PKIX path validation[96] | CRL[97] | OCSP[98] | DANE (DNSSEC)[99] | Trust on First Use (TOFU) |
|---|
Encryption algorithms | Implementation | Block cipher with mode of operation | Stream cipher | None |
|---|
AES GCM
[104] | AES CCM
[105] | AES CBC | Camellia GCM
[106] | Camellia CBC
[107] | ARIA GCM
[181] | ARIA CBC
[108] | SEED CBC
[109] | 3DES EDE CBC
(insecure)[110] | GOST 28147-89 CNT
(proposed)
[68][111] | ChaCha20-Poly1305
[112] | Null
(insecure)
[113] |
|---|
| Botan | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | Disabled by default}} | Disabled by default}} | {{no}} | {{yes}}[114] | Not implemented}} | | BoringSSL | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}} | {{yes}} | | cryptlib | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}} | {{no}} | Not implemented}} | | GnuTLS | {{yes}} | {{yes}}[18] | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | Disabled by default}}[115] | {{no}} | {{yes}}[116] | Disabled by default}} | | JSSE | {{Yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Disabled by default}}[117] | {{no}}[69] | {{no}} | Disabled by default}} | | LibreSSL | {{yes}}[22] | {{no}} | {{yes}} | {{no}} | {{yes}}[70] | {{no}} | {{no}} | {{no}}[22] | Yes}} | {{yes}}[70] | {{yes}}[22] | Disabled by default}} | | MatrixSSL | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | Disabled by default}} | {{no}} | {{yes}}[118] | Disabled by default}} | | mbed TLS | {{yes}} | {{yes}} [119] | {{yes}} | {{yes}} | {{yes}} | {{yes}}[120] | {{yes}}[120] | {{no}} | Yes}} | {{no}} | {{yes}}[121] | Disabled by default at compile time}} | | NSS | {{yes}}[122] | {{no}} | {{yes}} | {{no}}[123][124] | {{yes}}[125] | {{no}} | {{no}} | {{yes}}[126] | Yes}} | {{no}}[72][73] | {{yes}}[127] | Disabled by default}} | | OpenSSL | {{yes}}[128] | Disabled by default}}[36] | {{yes}} | {{no}} | Disabled by default}}[129] | {{no}} | {{no}} | Disabled by default}}[129] | Disabled by default}}[129] | {{yes}}[74] | {{yes}}[129] | Disabled by default}} | | RSA BSAFE Micro-Edition Suite | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | Lowest priority}} | {{no}} | {{no}} | Disabled by default}} | | RSA BSAFE SSL-J | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Disabled by default}} | {{no}} | {{no}} | Disabled by default}} | | SChannel XP/2003 | {{no}} | {{no}} | 2003 only}}[130] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}}[75] | {{no}} | Disabled by default}} | | SChannel Vista/2008, 2008R2, 2012 | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}}[75] | {{no}} | Disabled by default}} | | SChannel 7, 8, 8.1/2012R2 | Yes except ECDHE_RSA}}
[77][78] | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}}[75] | {{no}} | Disabled by default}} | | Schannel 10[131] | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}}[75] | {{no}} | Disabled by default}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.6 - 10.10 | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}} | {{no}} | Disabled by default}} | | Secure Transport OS X 10.11 | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}} | {{no}} | Disabled by default}} | | wolfSSL | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | Yes}} | {{no}} | {{yes}} | Disabled by default}} | | Erlang/OTP SSL application | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | Disabled by default}} | {{no}} | Experimental}} | Disable by default}} | | Implementation | Block cipher with mode of operation | Stream cipher | None |
|---|
AES GCM
[104] | AES CCM
[105] | AES CBC | Camellia GCM
[106] | Camellia CBC
[107] | ARIA GCM
[108] | ARIA CBC
[108] | SEED CBC
[109] | 3DES EDE CBC
(insecure)[110] | GOST 28147-89 CNT
(proposed)
[68][111] | ChaCha20-Poly1305
[112] | Null
(insecure)
[113] |
|---|
- Notes
{{Reflist|group="n"}} Obsolete algorithms | Implementation | Block cipher with mode of operation | Stream cipher |
|---|
| {{refn>group="n"|name="removal_from_tls1.2"|IDEA and DES have been removed from TLS 1.2.[132](insecure)[133] DES CBC
(insecure)
| DES-40 CBC
(EXPORT, insecure)
[134] | RC2-40 CBC
(EXPORT, insecure)
[134] | RC4-128
(insecure)
[135] | RC4-40
(EXPORT, insecure)
[136][134] |
|---|
| Botan | No}} | No}} | No}} | No}} | No}}[137] | No}} | | BoringSSL | No}} | No}} | No}} | No}} | Disabled by default at compile time}} | No}} | | cryptlib | No}} | Disabled by default at compile time}} | No}} | No}} | Disabled by default at compile time}} | No}} | | GnuTLS | No}} | No}} | No}} | No}} | Disabled by default}}[18] | No}} | | JSSE | No}} | Disabled by default}} | Disabled by default}} | No}} | Disabled by default}} | Disabled by default}} [138] | | LibreSSL | Yes}} | Yes}} | No}}[22] | No}}[22] | Yes}} | No}}[22] | | MatrixSSL | Yes}} | No}} | No}} | No}} | Disabled by default}} | No}} | | mbed TLS | No}} | Disabled by default at compile time}} | No}} | No}} | Disabled by default at compile time}}[25] | No}} | | NSS | Yes}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Lowest priority}}[139][140] | Disabled by default}} | | OpenSSL | Disabled by default}}[129] | Disabled by default}} | No}}[129] | No}}[129] | Disabled by default}} | No}}[129] | | RSA BSAFE Micro-Edition Suite | No}} | No}} | No}} | No}} | Disabled by default}} | No}} | | RSA BSAFE SSL-J | No}} | Disabled by default}} | Disabled by default}} | No}} | Disabled by default}} | Disabled by default}} | | SChannel XP/2003 | No}} | Yes}} | Yes}} | Yes}} | Yes}} | Yes}} | | SChannel Vista/2008 | No}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Yes}} | Disabled by default}} | | SChannel 7/2008R2 | No}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Lowest priority
will be disabled soon}}[141] | Disabled by default}} | | SChannel 8/2012 | No}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Only as fallback}} | Disabled by default}} | | SChannel 8.1/2012R2 | No}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Disabled by default}}[141] | Disabled by default}} | | Schannel 10[131] | No}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Disabled by default}}[141] | Disabled by default}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.6 | Yes}} | Yes}} | Yes}} | Yes}} | Yes}} | Yes}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.7 | Yes}} | {{unknown}} | {{unknown}} | {{unknown}} | Yes}} | {{unknown}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.8-10.9 | Yes}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Yes}} | Disabled by default}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] OS X 10.10-10.11 | Yes}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Lowest priority}} | Disabled by default}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] macOS 10.12 | Yes}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | Disabled by default}} | | wolfSSL | Disabled by default}}[142] | No}} | No}} | No}} | Disabled by default}} | No}} | | Erlang/OTP SSL application | no}} | Disabled by default}} | no}} | no}} | Disabled by default}} | no}} | |
|
| Implementation | Block cipher with mode of operation | Stream cipher |
|---|
IDEA CBC
| DES CBC
(insecure)
| DES-40 CBC
(EXPORT, insecure)
[134] | RC2-40 CBC
(EXPORT, insecure)
[134] | RC4-128
(insecure)
[135] | RC4-40
(EXPORT, insecure)
[136][134] |
|---|
|
- Notes
{{Reflist|group="n"}} Supported elliptic curves This section lists the supported elliptic curves by each implementation. | Implementation | | {{nowrap>NIST K-163
(1)[67] sect163r1
(2)[67] | | {{nowrap>NIST B-163
(3)[67] sect193r1
(4)[67] | sect193r2
(5)[67] | | {{nowrap>NIST K-233
(6)[67] | {{nowrap>NIST B-233
(7)[67] sect239k1
(8)[67] | | {{nowrap>NIST K-283
(9)[67] | {{nowrap>NIST B-283
(10)[67] | {{nowrap>NIST K-409
(11)[67] | {{nowrap>NIST B-409
(12)[67] | {{nowrap>NIST K-571
(13)[67] | {{nowrap>NIST B-571
(14)[67]
|---|
| Botan | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | BoringSSL | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | GnuTLS | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | JSSE | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | LibreSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | MatrixSSL | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | mbed TLS | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | NSS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | OpenSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | RSA BSAFE | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | | SChannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | wolfSSL | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | Erlang/OTP SSL application | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | |
|
| Implementation | | {{nowrap>NIST K-163
(1)[67] sect163r1
(2)[67] | | {{nowrap>NIST B-163
(3)[67] sect193r1
(4)[67] | sect193r2
(5)[67] | | {{nowrap>NIST K-233
(6)[67] | {{nowrap>NIST B-233
(7)[67] sect239k1
(8)[67] | | {{nowrap>NIST K-283
(9)[67] | {{nowrap>NIST B-283
(10)[67] | {{nowrap>NIST K-409
(11)[67] | {{nowrap>NIST B-409
(12)[67] | {{nowrap>NIST K-571
(13)[67] | {{nowrap>NIST B-571
(14)[67]
|---|
| Implementation | secp160k1
(15)[67] | secp160r1
(16)[67] | secp160r2
(17)[67] | secp192k1
(18)[67] | | prime192v1
{{nowrap>NIST P-192
(19)[67] secp224k1
(20)[67] | | {{nowrap>NIST P-244
(21)[67] secp256k1
(22)[67] | | prime256v1
{{nowrap>NIST P-256
(23)[67] | {{nowrap>NIST P-384
(24)[67] | {{nowrap>NIST P-521
(25)[67] arbitrary prime curves
(0xFF01)[67][144] | arbitrary char2 curves
(0xFF02)[67][144] |
|---|
| Botan | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | BoringSSL | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{yes}} | {{yes}} (disabled by default) | No}} | No}} | | GnuTLS | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | JSSE | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | LibreSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | MatrixSSL | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | mbed TLS | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | NSS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | OpenSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | RSA BSAFE | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | SChannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | No}} | No}} | | wolfSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | No}} | No}} | | Erlang/OTP SSL application | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}} | no}} | no}} | |
| Implementation | secp160k1
(15)[67] | secp160r1
(16)[67] | secp160r2
(17)[67] | secp192k1
(18)[67] | | prime192v1
{{nowrap>NIST P-192
(19)[67] secp224k1
(20)[67] | | {{nowrap>NIST P-244
(21)[67] secp256k1
(22)[67] | | prime256v1
{{nowrap>NIST P-256
(23)[67] | {{nowrap>NIST P-384
(24)[67] | {{nowrap>NIST P-521
(25)[67] arbitrary prime curves
(0xFF01)[67][144] | arbitrary char2 curves
(0xFF02)[67][144] |
|---|
| Implementation | brainpoolP256r1
(26)[145] | brainpoolP384r1
(27)[145] | brainpoolP512r1
(28)[145] | X25519
[146] | | {{nowrap>Ed448-Goldilocks
[147] M221
Curve2213
[148] | E222
[148] | Curve1174
[148] | E382
[148] | M383
[148] | Curve383187
[148] | Curve41417
Curve3617
[148] | M511
Curve511187
[148] | E521
[148] |
|---|
| Botan | {{yes}}[149] | {{yes}}[149] | {{yes}}[149] | {{yes}}[114] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | BoringSSL | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | GnuTLS | {{no}} | {{no}} | {{no}} | {{yes}}[150] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | JSSE | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | LibreSSL | {{yes}}[22] | {{yes}}[22] | {{yes}}[22] | {{yes}}[151] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | MatrixSSL | {{yes}} | {{yes}} | {{yes}} | TLS 1.3 only}}[152] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | mbed TLS | {{yes}}[153] | {{yes}}[153] | {{yes}}[153] | Primitive only}}[154] | Primitive only}}[155] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | NSS | {{no}}[156] | {{no}}[156] | {{no}}[156] | {{yes}}[157] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | OpenSSL | {{yes}}[32] | {{yes}}[32] | {{yes}}[32] | {{yes}}[158][159] | {{yes}}[160][161] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | RSA BSAFE | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | SChannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | wolfSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}}[162] | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | Erlang/OTP SSL application | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | |
|
| Implementation | brainpoolP256r1
(26) | brainpoolP384r1
(27) | brainpoolP512r1
(28) | Curve25519 | | {{nowrap>Ed448-Goldilocks M221
Curve2213 | E222 | Curve1174 | E382 | M383 | Curve383187 | Curve41417
Curve3617 | M511
Curve511187 | E521
[148] |
|---|
Data integrity | Implementation | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA256/384 | AEAD | GOST 28147-89 IMIT[68] | GOST R 34.11-94[68] |
|---|
| Botan | {{no}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | cryptlib | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | GnuTLS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | JSSE | {{Yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}}[69] | {{no}}[69] | | LibreSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}}[70] | {{yes}}[70] | | MatrixSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | mbed TLS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | NSS | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}}[72][73] | {{no}}[72][73] | | OpenSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{yes}}[74] | {{yes}}[74] | | RSA BSAFE | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | SChannel XP/2003, Vista/2008 | {{yes}} | {{yes}} | XP SP3, 2003 SP2 via hotfix}}[163] | {{no}} | {{no}}[75] | {{no}}[75] | | SChannel 7/2008R2, 8/2012, 8.1/2012R2 | {{yes}} | {{yes}} | {{yes}} | except ECDHE_RSA}}[77][78][79] | {{no}}[75] | {{no}}[75] | | SChannel 10 | {{yes}} | {{yes}} | {{yes}} | {{yes}}[131] | {{no}}[75] | {{no}}[75] | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | | wolfSSL | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | Erlang/OTP SSL application | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | |
| Implementation | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA256/384 | AEAD | GOST 28147-89 IMIT | GOST R 34.11-94 |
|---|
Compression Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack. | Implementation | DEFLATE[164]
(insecure) |
|---|
| Botan | No}} | | cryptlib | No}} | | GnuTLS | Disabled by default}} | | JSSE | No}} | | LibreSSL | No}}[22] | | MatrixSSL | Disabled by default}} | | mbed TLS | Disabled by default}} | | NSS | Disabled by default}} | | OpenSSL | Disabled by default}} | | RSA BSAFE[33] | No}} | | SChannel | No}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | No}} | | wolfSSL | Disabled by default}} | | Erlang/OTP SSL application | No}} | |
| Implementation | DEFLATE |
|---|
Extensions In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security {{citation needed|date=August 2014}}. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation. | Implementation | Secure Renegotiation
[165] | Server Name Indication
[166] | ALPN
[167] | Certificate Status Request
[166] | OpenPGP
[168] | Supplemental Data
[169] | Session Ticket
[170] | Keying Material Exporter
[171] | Maximum Fragment Length
[166] | Truncated HMAC
[166] | Encrypt-then-MAC
[172] | TLS Fallback SCSV
[173] | Extended Master Secret
[174] | ClientHello Padding
[175] | Raw Public Keys
[176] |
|---|
| Botan | {{yes}} | {{yes}} | {{yes}}[177] | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | {{yes}} | No}} | {{yes}} | {{yes}}[178] | {{yes}}[179] | {{no}} | {{unknown}} | | cryptlib | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}}[180] | No}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{unknown}} | | GnuTLS | {{yes}} | {{yes}} | {{yes}}[181] | {{yes}} | Deprecated}}[182] | {{yes}} | {{yes}} | {{yes}} | {{yes}} | No}} | {{yes}}[18] | {{yes}}[183] | {{yes}}[18] | {{yes}}[184] | {{no}} | | JSSE | {{yes}} | {{Yes}}[45] | {{Yes}}[45] | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | No}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | | LibreSSL | {{yes}} | {{yes}} | {{yes}}[185] | {{yes}} | {{no}} | {{no}}? | {{yes}} | {{yes}}? | {{no}} | No}} | {{no}} | Server side only}}[186] | {{no}} | {{yes}} | {{unknown}} | | MatrixSSL | {{yes}} | {{yes}} | {{yes}}[187] | {{yes}}[118] | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | Yes}} | {{no}} | {{yes}}[118] | {{yes}}[118] | {{no}} | {{unknown}} | | mbed TLS | {{yes}} | {{yes}} | {{yes}}[188] | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | Disabled by default}}[25] | {{yes}}[189] | {{yes}}[189] | {{yes}}[189] | {{no}} | {{no}} | | NSS | {{yes}} | {{yes}} | {{yes}}[190] | {{yes}} | {{no}}[191] | {{no}} | {{yes}} | {{yes}} | {{no}} | No}} | {{no}}[192] | {{yes}}[193] | {{yes}}[194] | {{yes}}[190] | {{unknown}} | | OpenSSL | {{yes}} | {{yes}} | {{yes}}[32] | {{yes}} | {{no}} | {{no}}? | {{yes}} | {{yes}} | {{yes}} | No}} | {{yes}} | {{yes}}[195] | {{yes}}[196] | {{yes}}[197] | {{unknown}} | | RSA BSAFE Micro-Edition Suite | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | Yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | RSA BSAFE SSL-J | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | Yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | SChannel XP/2003 | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | No}} | {{no}} | {{no}} | {{no}} | {{no}} | {{unknown}} | | SChannel Vista/2008 | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | No}} | {{no}} | {{no}} | {{yes}}[198] | {{no}} | {{unknown}} | | SChannel 7/2008R2 | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | No}} | {{no}} | {{no}} | {{yes}}[198] | {{no}} | {{unknown}} | | SChannel 8/2012 | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{no}} | {{yes}} | Client side only}}[199] | {{no}} | {{no}} | No}} | {{no}} | {{no}} | {{yes}}[198] | {{no}} | {{unknown}} | | SChannel 8.1/2012R2, 10 | {{yes}} | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{yes}}[199] | {{no}} | {{no}} | No}} | {{no}} | {{no}} | {{yes}}[198] | {{no}} | {{unknown}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{yes}} | {{yes}} | {{unknown}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | No}} | {{no}} | {{no}} | {{no}} | {{no}} | {{unknown}} | | wolfSSL | {{yes}} | {{yes}} | {{yes}}[142] | {{yes}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{yes}} | Yes}} | {{no}} | {{no}} | {{yes}} | {{no}} | {{unknown}} | | Erlang/OTP SSL application | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | No}} | {{no}} | {{yes}} | {{no}} | {{no}} | {{unknown}} | |
| Implementation | Secure Renegotiation | Server Name Indication | ALPN | Certificate Status Request | OpenPGP | Supplemental Data | Session Ticket | Keying Material Exporter | Maximum Fragment Length | Truncated HMAC | Encrypt-then-MAC | TLS Fallback SCSV | Extended Master Secret | ClientHello Padding |
|---|
Assisted cryptography This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation. | Implementation | PKCS #11 device | Intel AES-NI | VIA PadLock | ARMv8-A | Intel SGX | Intel QAT |
|---|
| Botan | {{yes}}[200] | {{yes}} | {{no}} | {{yes}} | {{no}} | {{no}} | | cryptlib | {{yes}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | GnuTLS | {{yes}} | {{yes}} | {{yes}} | {{yes}}[201] | {{no}} | {{no}} | | JSSE | {{yes}} | {{yes}}[202] | {{no}} | {{no}} | {{no}} | | LibreSSL | {{no}} | {{yes}} | {{yes}} | {{no}} | {{no}} | | MatrixSSL | {{yes}} | {{yes}} | {{no}} | {{yes}} | {{no}} | | mbed TLS | {{yes}} | {{yes}}[203] | {{yes}} | {{no}} | {{no}} | | NSS | {{yes}}[204] | {{yes}}[205] | {{no}}[206] | {{no}} | {{no}} | | OpenSSL | {{yes}}[207] | {{yes}} | {{yes}} | {{yes}}[208] | {{no}} | | RSA BSAFE | {{yes}} | {{yes}} | {{no}} | {{no}} | | SChannel | {{no}} | {{yes}} | {{no}} | {{no}} | {{no}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{no}} | {{Yes}}[209][210] | {{no}} | {{Yes}} | {{no}} | | wolfSSL | {{no}} | {{yes}} | {{no}} | {{yes}} | {{yes}} | {{yes}}[211] | |
| Implementation | PKCS #11 device | Intel AES-NI | VIA PadLock | ARMv8-A | Intel SGX | Intel QAT |
|---|
System-specific backends This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation. | Implementation | [https://web.archive.org/web/20120320070655/http://home.gna.org/cryptodev-linux/ /dev/crypto] | af_alg | Windows CSP | [https://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html CommonCrypto] | OpenSSL engine |
|---|
| Botan | {{no}} | {{no}} | {{no}} | {{no}} | {{partial}} | | cryptlib | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | GnuTLS | {{yes}} | {{no}} | {{no}} | {{no}} | {{no}} | | JSSE | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | | LibreSSL | {{no}} | {{no}} | {{no}} | {{no}} | {{no}}[212] | | MatrixSSL | {{no}} | {{no}} | {{no}} | {{yes}} | {{yes}} | | mbed TLS | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | NSS | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | OpenSSL | {{yes}} | {{yes}} | {{no}} | {{no}} | {{yes}} | | RSA BSAFE | {{no}} | {{no}} | {{no}} | {{no}} | {{no}} | | SChannel | {{no}} | {{no}} | {{yes}} | {{no}} | {{no}} | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | {{no}} | {{no}} | {{no}} | {{yes}} | {{no}} | | wolfSSL | {{yes}} | {{yes}} | {{partial}} | {{no}} | {{no}} | | Erlang/OTP SSL application | {{no}} | {{no}} | {{no}} | {{no}} | {{yes}} | |
| Implementation | /dev/crypto | af_alg | Windows CSP | CommonCrypto | OpenSSL engine |
|---|
Cryptographic module/token support | Implementation | TPM support | Hardware token support | Objects identified via |
|---|
| Botan | {{partial}}[179] | PKCS11}} | | cryptlib | {{no}} | PKCS11}} | User-defined label | | GnuTLS | {{yes}} | PKCS11}} | RFC7512 PKCS #11 URLs[213] | | JSSE | {{no}} | PKCS11 Java Cryptography Architecture,
Java Cryptography Extension}} | | LibreSSL | {{yes}} | PKCS11 (via 3rd party module)}} | Custom method | | MatrixSSL | {{no}} | PKCS11}} | | mbed TLS | {{no}} | PKCS11 (via libpkcs11-helper) or standard hooks}} | Custom method | | NSS | {{no}} | PKCS11}} | | OpenSSL | {{yes}} | PKCS11 (via 3rd party module)}}[214] | RFC7512 PKCS #11 URLs[213] | | RSA BSAFE Micro-Edition Suite | {{no}} | PKCS11 (via 3rd party module)}} | User-defined label | | RSA BSAFE SSL-J | {{no}} | {{no}} | | SChannel | {{no}} | Microsoft CryptoAPI}} | UUID, User-defined label | | [https://developer.apple.com/library/mac/documentation/Security/Reference/secureTransportRef/index.html Secure Transport] | | wolfSSL | {{no}} | {{no}} | |
| Implementation | TPM support | Hardware token support | Objects identified via |
|---|
Code dependencies | Implementation | Dependencies | Optional
dependencies |
|---|
| Botan | C++11 | sqlite, zlib (compression), bzip2 (compression), liblzma (compression), boost, openssl (crypto backend), trousers (TPM) | | GnuTLS | libc
nettle
gmp | zlib (compression)
p11-kit (PKCS #11)
trousers (TPM) | | JSSE | Java | | MatrixSSL | none | zlib (compression) | | MatrixSSL-open | libc or newlib | | mbed TLS | libc | libpkcs11-helper (PKCS #11)
zlib (compression) | | NSS | libc
libnspr4
libsoftokn3
libplc4
libplds4 | zlib (compression) | | OpenSSL | libc | zlib (compression)
| | wolfSSL | None | libc, zlib (compression) | | Erlang/OTP ssl application | libcrypto (from OpenSSL), Erlang/OTP and its public_key, crypto and asn1 applications | Erlang/OTP -inets (http fetching of CRLs) | |
| Implementation | Dependencies | Optional
dependencies |
|---|
Development environment | Implementation | Namespace | Build tools | API manual | Crypto back-end | OpenSSL compatibility Layer|date=November 2013 |
|---|
| Botan | Botan::TLS | Makefile | Sphinx | Included (pluggable) | {{no}} | | Bouncy Castle | org.bouncycastle | Java Development Environment | Programmers reference manual (PDF) | Included (pluggable) | {{no}} | | cryptlib | crypt* | makefile, MSVC project workspaces | Programmers reference manual (PDF), architecture design manual (PDF) | Included (monolithic) | {{no}} | | GnuTLS | gnutls_* | Autoconf, automake, libtool | Manual and API reference (HTML, PDF) | External, libnettle | {{yes}} (limited) | | JSSE | javax.net.ssl | Makefile | API Reference (HTML) +{{Javadoc:SE-guide|security/jsse/JSSERefGuide.html|JSSE Reference Guide}} | Java Cryptography Architecture,
Java Cryptography Extension | {{No}} | | MatrixSSL | matrixSsl_*
ps* | Makefile, MSVC project workspaces, Xcode projects for OS X and iOS | API Reference (PDF), Integration Guide | Included (pluggable) | {{yes}} (Subset: SSL_read, SSL_write, etc.) | | mbed TLS | mbedtls_ssl_*
mbedtls_sha1_*
mbedtls_md5_*
mbedtls_x509*
... | Makefile, CMake, MSVC project workspaces, yotta | API Reference + High Level and Module Level Documentation (HTML) | Included (monolithic) | {{no}} | | NSS | CERT_*
SEC_*
SECKEY_*
NSS_*
PK11_*
SSL_*
... | Makefile | Manual (HTML) | Included, PKCS#11 based[215] | {{yes}} (separate package called nss_compat_ossl[216]) | | OpenSSL | SSL_*
SHA1_*
MD5_*
EVP_*
... | Makefile | Man pages | Included (monolithic) | {{N/a}} | | RSA BSAFE Micro-Edition Suite | R_* | Makefile | Developer's guide | Included | {{no}} | | RSA BSAFE SSL-J | com.rsa.* | Java classloader | Javadoc, Developer's guide (HTML) | Included | {{no}} | | wolfSSL | CyaSSL_*
SSL_* | Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC | Manual and API Reference (HTML, PDF) | Included (monolithic) | {{yes}} (about 10% of API) | |
| Implementation | Namespace | Build tools | API manual | Crypto back-end | OpenSSL compatibility layer |
|---|
Portability concerns | Implementation | Platform requirements | Network requirements | Thread safety | Random seed | Able to cross-compile | No OS (bare metal) | Supported operating systems |
|---|
| Botan | C++11 | None | Thread-safe}} | Platform-dependent | {{yes}} | Windows, Linux, macOS, Android, iOS, FreeBSD, OpenBSD, Solaris, AIX, HP-UX, QNX, BeOS, IncludeOS | | cryptlib | C89 | POSIX send() and recv(). API to supply your own replacement | Thread-safe}} | Platform-dependent, including hardware sources | {{yes}} | {{yes}} | AMX, BeOS, ChorusOS, DOS, eCos, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK | | GnuTLS | C89 | POSIX send() and recv(). API to supply your own replacement. | Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available.}} | Platform dependent | {{yes}} | {{no}} | Generally any POSIX platforms or Windows, commonly tested platforms include GNU/Linux, Win32/64, OS X, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD. | | JSSE | Java | Java SE network components | Thread-safe}} | Depends on java.security.SecureRandom | {{yes}} | Java based, platform-independent | | MatrixSSL | C89 | None | Thread-safe}} | Platform dependent | {{yes}} | {{yes}} | All | | mbed TLS | C89 | POSIX read() and write(). API to supply your own replacement. | Threading layer available (POSIX or own hooks)}} | Random seed set through entropy pool | {{yes}} | {{yes}} | Known to work on: Win32/64, Linux, OS X, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, SeggerOS | | NSS | C89, NSPR[217] | NSPR[217] PR_Send() and PR_Recv(). API to supply your own replacement. | Thread-safe}} | Platform dependent[218] | {{yes}} (but cumbersome) | {{no}} | AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, OS X, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation | | OpenSSL | C89 | None | Thread-safe}} | Platform dependent | {{yes}} | {{no}} | Unix, DOS (with djgpp), Windows, OpenVMS, MacOS, NetWare, eCos | | wolfSSL | C89 | POSIX send() and recv(). API to supply your own replacement. | Thread-safe, needs mutex hooks if PThreads or WinThreads not available, can be turned off}} | Random seed set through wolfCrypt | {{yes}} | {{yes}} | Win32/64, Linux, OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Project, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium µC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, Keil RTX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, TOPPERS, PetaLinux, Apache mynewt | |
| Implementation | Platform requirements | Network requirements | Thread safety | Random seed | Able to cross-compile | No OS (bare metal) | Supported operating systems |
|---|
See also- SCTP — with DTLS support
- DCCP — with DTLS support
- SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)
References {{Reflist|30em}}{{SSL/TLS}}{{DEFAULTSORT:Comparison Of TLS implementations}} 3 : Cryptographic software|Security software comparisons|Transport Layer Security implementation |