Comparison of TLS implementations: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 10:12, 28 April 2024 edit Guy Harris (talk \| contribs) Extended confirmed users 79,972 edits Update some links that now go to learn.microsoft.com. ← Previous edit		Latest revision as of 00:44, 4 August 2025 edit undo Davidghook (talk \| contribs) 125 edits →Certifications
(48 intermediate revisions by 18 users not shown)
Line 1: {{Short description\|none}} {{About\|TLS libraries comparison\|cryptographic libraries comparison\|Comparison of cryptography libraries}} {{redirect\|Secure Transport\|the transportation of valuables\|~~Armoured~~Armored car (valuables)}} ~~{{Cleanup bare URLs\|date=September 2022}}~~ The [[Transport Layer Security]] (TLS) protocol provides the ability to secure communications across or inside networks. This '''comparison of TLS implementations''' compares several of the most notable [[software library\|libraries]]. There are several TLS implementations which are [[free software]] and [[Open-source software\|open source]]. Line 8: == Overview == {{sort-under}} ~~{\| class="wikitable sortable" style="text-align: left; font-size: smaller"~~ {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 129 ⟶ 130: \| Australia/EU \|- \| [[Rustls]] \| Joe Birr-Pixton, Dirkjan Ochtman, Daniel McCarney, Josh Aas, and open source contributors \| {{yes}} \| {{free\|[[Apache License\|Apache-2.0]], [[MIT License]] and [[ISC license\|ISC]]}} \| Open source contributors \| [[Rust (programming language)\|Rust]] \| {{Latest stable software release/Rustls}} \| United Kingdom \|- \| [[s2n]] \| [[Amazon.com\|Amazon]] \| {{yes}} \| {{free\|[[Apache License]] 2.0, [[GNU General Public License#Version 2\|GNU GPLv2]]+}} and commercial license \| Amazon.com, Inc. \| [[C (programming language)\|C]] \| Continuous Line 143 ⟶ 152: \| {{no}} \| {{proprietary}} \| Microsoft ~~Inc.~~Corporation \| \| Windows 11, 2021-10-05 Line 160 ⟶ 169: \| wolfSSL<ref name="wolfsslproduct">{{cite web \| url=https://www.wolfssl.com/wolfSSL/Products-wolfssl.html \| title=wolfSSL product description \| accessdate=2016-05-03}}</ref> \| {{yes}} \| {{free\|[[GNU General Public License#Version 23\|GNU ~~GPLv2~~GPLv3]]+}} and commercial license \| wolfSSL Inc.<ref name="wolfsslcompany">{{cite web \| url=https://www.wolfssl.com \| title=wolfSSL Embedded SSL/TLS \| accessdate=2016-05-03}}</ref> \| [[C (programming language)\|C]], [[Assembly language\|assembly]] Line 194 ⟶ 203: TLS 1.2 (2008) introduced a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).<ref name="TLSv1.2-changes">{{cite IETF \|rfc=5246 \|title=The Transport Layer Security (TLS) Protocol Version 1.2 \|section=1.2 \|sectionname=TLSv1.2's Major Differences from TLSv1.1}}</ref> [[Datagram Transport Layer Security]] (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012.<ref name="RFC 6347">~~RFC~~{{Cite IETF \|rfc=6347}}</ref> TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2. Line 200 ⟶ 209: Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2. {\| class="wikitable sortable sort-under mw-collapsible" style="text-align: left; font-size: smaller" \|- ! Implementation ! [[Transport Layer Security\|SSL 2.0]] (insecure)<ref name="sslv2">{{cite IETF\|draft=draft-hickman-netscape-ssl-00\|title=The SSL Protocol\|date=19 April 1995\|last1=Elgamal\|first1=Taher\|last2=Hickman\|first2=Kipp E. B.}}</ref> ! [[Transport Layer Security\|SSL 3.0]] (insecure)<ref name="auto">~~RFC~~{{cite IETF\|rfc=6101}}</ref> ! [[Transport Layer Security\|TLS 1.0]] (deprecated)<ref name="auto1">~~RFC~~{{cite IETF\|rfc=2246}}</ref> ! [[Transport Layer Security\|TLS 1.1]] (deprecated)<ref name="auto2">~~RFC~~{{cite IETF\|rfc=4346}}</ref> ! [[Transport Layer Security\|TLS 1.2]]<ref name="tls" /> ! [[Transport Layer Security\|TLS 1.3]] ! [[Datagram Transport Layer Security\|DTLS 1.0]] (deprecated)<ref name="auto3">~~RFC~~{{cite IETF\|rfc=4347}}</ref> ! [[Datagram Transport Layer Security\|DTLS 1.2]]<ref name="RFC 6347" /> ! [[Datagram Transport Layer Security\|DTLS 1.3]] \|- \| [[Botan (programming library)\|Botan]] Line 221 ⟶ 231: \| {{yes\|No}} \| {{yes}} \| {{no}} \|- \| [[BoringSSL]] Line 231 ⟶ 242: \| {{okay\|Yes}} \| {{yes}} \| {{no}} \|- \|[[Bouncy Castle (cryptography)\|Bouncy Castle]] Line 238 ⟶ 250: \| {{okay\|Yes}} \| {{yes}} \| {{Yes}} ~~\| {{Partial\|Yes}}<br /><small>(draft version)</small>~~ \| {{okay\|Yes}} \| {{yes}} \| {{no}} \|- \| [[BSAFE]] SSL-J<ref name="RSABSAFETECH">{{cite web\| title = RSA BSAFE Technical Specification Comparison Tables\| url = http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf\| access-date = 2015-01-09\| archive-url = https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf\| archive-date = 2015-09-24\| url-status = dead}}</ref> Line 250 ⟶ 263: \| {{yes}} \| {{yes\|No}} \| {{no}} \| {{no}} \|- \| [[cryptlib]] \| {{yes\|No}} \| {{yes\|~~Disabled by default at compile time~~No}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{yes}} \| \| {{yes\|No}} \| {{no}} \| {{no}} \|- Line 271 ⟶ 286: \| {{okay\|Yes}} \| {{yes}} \| {{no}} \|- \| [[Java Secure Socket Extension\|JSSE]] Line 281 ⟶ 297: \| {{okay\|Yes}} \| {{yes}} \| {{no}} \|- \| [[LibreSSL]] Line 291 ⟶ 308: \| {{okay\|Yes}} \| {{yes}}<ref name="libressl-3.3.3">{{cite web\| title = LibreSSL 3.3.3 Released\| url = https://marc.info/?l=openbsd-announce&m=162009196519308\| date = 2021-05-04\| accessdate = 2021-05-04}}</ref> \| {{no}} \|- \| [[MatrixSSL]] Line 301 ⟶ 319: \| {{okay\|Yes}} \| {{yes}} \| {{no}} \|- \| [[Mbed TLS]] Line 311 ⟶ 330: \| {{okay\|Yes}}<ref name="mbed-2.0">{{cite web \| title = mbed TLS 2.0.0 released \| url = https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released \| date = 2015-07-10 \| accessdate = 2015-07-14}}</ref> \| {{yes}}<ref name="mbed-2.0"/> \| {{no}} \|- \| [[Network Security Services\|NSS]] Line 321 ⟶ 341: \| {{okay\|Yes}}<ref name="NSS-3.14"/> \| {{yes}}<ref name="NSS-3.16.2">{{cite web\| url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes\| title=NSS 3.16.2 release notes\| date=2014-06-30\| work=Mozilla Developer Network\| publisher=Mozilla\| accessdate=2014-06-30\| archive-date=2021-12-07\| archive-url=https://web.archive.org/web/20211207015257/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes\| url-status=dead}}</ref> \| {{no}} \|- \| [[OpenSSL]] Line 331 ⟶ 352: \| {{okay\|Yes}} \| {{yes}}<ref name="openssl-1.0.2-note">{{cite web\|url=https://www.openssl.org/news/openssl-1.0.2-notes.html \|title=Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] \|accessdate=2015-01-22 \|url-status=dead \|archiveurl=https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html \|archivedate=September 4, 2014 }}</ref> \| {{no}} \|- \| [[Rustls]] \| {{yes\|No}}<ref name="rustls-features">{{cite web\|url=https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html \|title=rustls implemented and unimplemented features documentation \|accessdate=2024-08-28 }}</ref> \| {{yes\|No}}<ref name="rustls-features"/> \| {{yes\|No}}<ref name="rustls-features"/> \| {{yes\|No}}<ref name="rustls-features"/> \| {{yes}}<ref name="rustls-features"/> \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \| {{no}} \| {{no}} \|- \|- \| [[s2n]]<ref name="S2NSPEC">{{cite web\| title = S2N Readme\| website = [[GitHub]]\| url = https://github.com/awslabs/s2n/blob/master/README.md\| date = 2019-12-21}}</ref> Line 340 ⟶ 374: \| {{yes}} \| {{yes\|No}} \| {{no}} \| {{no}} \|- Line 350 ⟶ 385: \| {{No}} \| {{yes\|No}} \| {{no}} \| {{no}} \|- Line 360 ⟶ 396: \| {{No}} \| {{yes\|No}} \| {{no}} \| {{no}} \|- Line 371 ⟶ 408: \| {{No}} \| {{yes\|No}} \| {{no}} \| {{no}} \|- Line 382 ⟶ 420: \| {{okay\|Yes}}<ref name=MS2574819>{{cite web\|title=An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1\|url=http://support.microsoft.com/kb/2574819/en-us\|publisher=Microsoft\|accessdate=13 November 2012}}</ref> \| {{no}}<ref name=MS2574819 /> \| {{no}} \|- \| [[Schannel]] 8, 2012<ref name="Windows7schannel" /> Line 391 ⟶ 430: \| {{No}} \| {{okay\|Yes}} \| {{no}} \| {{no}} \|- \| [[Schannel]] 8.1, 2012R2, 10 ~~v1507~~RTM & v1511<ref name="Windows7schannel" /> \| {{Yes\|Disabled by default}} \| {{partial\|Disabled by default in MSIE 11}} Line 401 ⟶ 441: \| {{No}} \| {{okay\|Yes}} \| {{no}} \| {{no}} \|- Line 412 ⟶ 453: \| {{okay\|Yes}} \| {{yes}} \| {{no}} \|- \| [[Schannel]] 11 / 2022<ref>{{cite web \|title=Protocols in TLS/SSL (Schannel SSP) \|date=25 May 2022 \|url=https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp- \|access-date=6 November 2022}}</ref> Line 422 ⟶ 464: \| {{okay\|Yes}} \| {{yes}} \| {{no}} \|- \|[[MacOS\|Secure Transport]] Line 432 ⟶ 475: \| \| {{yes\|No}} \| {{no}} \| {{no}} \|- Line 442 ⟶ 486: \| \| {{okay\|Yes}}<ref group=lower-alpha name="secure-transport-osx" /> \| {{no}} \| {{no}} \|- Line 453 ⟶ 498: \| {{okay\|Yes}} \| {{Unknown}} \| {{no}} \|- \| Secure Transport OS X 10.13, iOS 11 Line 463 ⟶ 509: \| {{okay\|Yes}} \| {{Unknown}} \| {{no}} \|- \| [[wolfSSL]] Line 472 ⟶ 519: \| {{yes}} \| {{okay\|Yes}} \| {{yes}} \| {{yes}} \|- Line 484 ⟶ 532: \| {{yes\|Disabled by default}} <ref group=lower-alpha name="otp-22" /> \| {{yes}} \| {{no}} \|- \|- class="sortbottom" Line 495 ⟶ 544: ! [[Datagram Transport Layer Security\|DTLS 1.0]] (deprecated)<ref name="auto3" /> ! [[Datagram Transport Layer Security\|DTLS 1.2]]<ref name="RFC 6347" /> ! [[Datagram Transport Layer Security\|DTLS 1.3]] \|} {{Reflist\|group=lower-alpha\|refs= Line 512 ⟶ 562: * [[SHA-2\|Secure Hash Algorithm 2]] (SHA-256 and SHA-384) — [[message digest]] Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the [[~~Security~~United States security clearance#Secret\|Secret]] level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of [[~~Security~~United States security clearance#Top Secret\|Top Secret]] information. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 551 ⟶ 601: \| [[OpenSSL]] \| {{yes}}<ref name="openssl-1.0.2-note"/> \|- \| [[Rustls]] \| {{yes}}<ref name="rustls-features"/> \|- \| [[S2n]] Line 572 ⟶ 625: Note that certain certifications have received serious negative criticism from people who are actually involved in them.<ref>{{Cite web\|url=http://index.html/\|archiveurl=https://web.archive.org/web/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/\|url-status=dead\|title=Speeds and Feeds › Secure or Compliant, Pick One\|archivedate=December 27, 2013}}</ref> {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! rowspan="2"\|Implementation ! colspan="2"\|[[FIPS 140-1]], [[FIPS 140-2]]<ref>{{cite web\|url=http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm\|title=Search - Cryptographic Module Validation Program - CSRC\|website=csrc.nist.gov\|access-date=2014-03-18\|archive-url=https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm\|archive-date=2014-12-26\|url-status=dead}}</ref> ! ~~rowspan="2"\|~~[[~~Embedded~~ FIPS ~~Solution~~140-3]] \|- ! Level 1 ! Level 2{{Disputed inline\|FIPS140-2\|date=January 2015}} ! Level 1 \|- \| [[Botan (programming library)\|Botan]]<ref>{{cite web\|url=http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified\|title="Is botan FIPS 140 certified?" Frequently Asked Questions — Botan\|access-date=2014-11-16\|archive-url=https://web.archive.org/web/20141129042131/http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified\|archive-date=2014-11-29\|url-status=dead}}</ref> Line 587 ⟶ 641: \|- \|[[Bouncy Castle (cryptography)\|Bouncy Castle]] \|{{yes\|BC-FJA 12.0.0 (#~~2768~~4743)<br /> BC-FJA 2.1.0.1 (#~~3152~~4943)<br> BC-FNA 1.0.2 (#4416}} \| \| \|- \| [[BSAFE]] SSL-J<ref>{{cite web\|url=https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search\|title=Search - Cryptographic Module Validation Program - CSRC\|website=csrc.nist.gov\|date=11 October 2016}}</ref> \| {{yes\|Crypto-J 6.0 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1785 1785], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1786 1786])<br />Crypto-J 6.1 / 6.1.1.0.1 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2057 2057], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2058 2058])<br />Crypto-J 6.2 / 6.2.1.1 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2468 2468], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2469 2469])<br />Crypto-J 6.2.4 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3172 3172], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3184 3184])<br />Crypto-J 6.2.5 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3819 #3819], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3820 #3820])<br />Crypto-J 6.3 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4696 #4696], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4697 #4697])}} \| \| \|{{yes\|Crypto-J 7.0 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4892 4892])}} \|- \| [[cryptlib]]<ref>{{cite web\|url=http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8\|archive-url=https://web.archive.org/web/20131011085917/http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8\|url-status=dead\|archive-date=11 October 2013\|title=cryptlib\|date=11 October 2013}}</ref> Line 635 ⟶ 689: \| \| \|- \|[[Rustls]] \| \| \| {{yes\|aws-lc FIPS module<ref>{{cite web\|url=https://docs.rs/rustls/0.23.12/rustls/manual/_06_fips/index.html\|title=rustls FIPS documentation\|accessdate=2024-08-28}} </ref> ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4759 #4759])}} \|- \| [[Schannel]]<ref>{{Cite web\|url=https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140\|title=Microsoft FIPS 140 Validated Cryptographic Modules}}</ref> Line 649 ⟶ 708: \| {{yes\|wolfCrypt FIPS Module: 4.0 (#3389)<br />See details on [https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Certificate/3389 NIST certificate] for validated Operating Environments<br />wolfCrypt FIPS Module: 3.6.0 (#2425)<br />See details on [https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2425 NIST certificate] for validated Operating Environments}} \| \| {{yes\|wolfCrypt FIPS Module (#4178)<br />See details on [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4718 NIST certificate]}} ~~\| {{yes}}~~ \|- \|-class="sortbottom" Line 655 ⟶ 714: ! Level 1 ! Level 2 ! Level 1 ~~! rowspan="2"\|Embedded FIPS Solution~~ \|- ! colspan="2"\|FIPS 140-1, FIPS 140-2 ! colspan="1"\|FIPS 140-3 \|} {{Reflist \|group="notes"}} Line 663 ⟶ 723: == Key exchange algorithms (certificate-only) == This section lists the certificate verification functionality available in the various implementations. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation ! [[RSA (cryptosystem)\|RSA]]<ref name="tls">~~RFC~~{{cite IETF\|rfc=5246}}</ref> ! [[RSA (cryptosystem)\|RSA]]-EXPORT (insecure)<ref name=tls/> ! [[Diffie–Hellman key exchange\|DHE]]-[[RSA (cryptosystem)\|RSA]] ([[forward secrecy]])<ref name=tls/> ! [[Diffie–Hellman key exchange\|DHE]]-[[Digital Signature Algorithm\|DSS]] ([[forward secrecy]])<ref name=tls/> ! [[Elliptic curve Diffie–Hellman\|ECDH]]-[[Elliptic Curve DSA\|ECDSA]]<ref name="rfc4492">~~RFC~~{{cite IETF\|rfc=4492}}</ref> ! [[Elliptic curve Diffie–Hellman\|ECDHE]]-[[Elliptic Curve DSA\|ECDSA]] ([[forward secrecy]])<ref name="rfc4492"/> ! [[Elliptic curve Diffie–Hellman\|ECDH]]-[[RSA (cryptosystem)\|RSA]]<ref name="rfc4492"/> Line 703 ⟶ 763: \| {{yes}} \| {{okay\|Yes}} \| {{yes}} \| {{yes}} \| {{yes\|No}} \| {{yes}} ~~\| {{yes\|No}}~~ ~~\| {{no}}~~ \| {{yes\|No}} \|- Line 785 ⟶ 845: \| {{yes}} \| {{okay\|Yes}}<ref name="OpenSSL-GOST">{{Cite web\|url=http://cvs.openssl.org/fileview\|archiveurl=https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost\|url-status=dead\|title=OpenSSL: CVS Web Interface\|archive-date=2013-04-15\|access-date=2014-11-12}}</ref> \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \|- \| [[Schannel\|Schannel XP/2003]] Line 911 ⟶ 982: == Key exchange algorithms (alternative key-exchanges) == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation ! [[Secure Remote Password protocol\|SRP]]<ref name="srp">~~RFC~~{{cite IETF\|rfc=5054}}</ref> ! [[Secure Remote Password protocol\|SRP]]-[[Digital Signature Algorithm\|DSS]]<ref name=srp/> ! [[Secure Remote Password protocol\|SRP]]-[[RSA (cryptosystem)\|RSA]]<ref name=srp/> ! [[Pre-shared key\|PSK]]-[[RSA (cryptosystem)\|RSA]]<ref name="psk">~~RFC~~{{cite IETF\|rfc=4279}}</ref> ! [[Pre-shared key\|PSK]]<ref name=psk/> ! [[Diffie–Hellman key exchange\|DHE]]-[[Pre-shared key\|PSK]] ([[forward secrecy]])<ref name=psk/> ! [[Elliptic curve Diffie–Hellman\|ECDHE]]-[[Pre-shared key\|PSK]] ([[forward secrecy]])<ref name="ecdhepsk">~~RFC~~{{cite IETF\|rfc=5489}}</ref> ! [[Kerberos (protocol)\|KRB5]]<ref name="Kerberos">~~RFC~~{{cite IETF\|rfc=2712}}</ref> ! [[Diffie–Hellman key exchange\|DH]]-ANON<ref name=tls/> (insecure) ! [[Elliptic curve Diffie–Hellman\|ECDH]]-ANON<ref name="rfc4492"/> (insecure) Line 957 ⟶ 1,028: \| {{yes}} \| {{no}} \| {{~~unknown~~no}} \| {{Yes\|No}} \| {{Yes\|No}} Line 1,025 ⟶ 1,096: \| {{no}}<ref name="nss_srp"/> \| {{no}}<ref name="nss_srp"/> \| {{no}}<ref name="nss_psk">{{cite web \|url=https://bugzilla.mozilla.org/show_bug.cgi?~~id=306435~~id6435 \|title=Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing \|publisher=Mozilla \|accessdate=2014-01-25}}</ref> \| {{no}}<ref name="nss_psk"/> \| {{no}}<ref name="nss_psk"/> Line 1,044 ⟶ 1,115: \| {{Yes\|Disabled by default}}<ref name="OpenSSL-1.0.0">{{cite web\|url=https://www.openssl.org/news/changelog.html#x29\|title=Changes between 0.9.8n and 1.0.0 [29 Mar 2010]\|accessdate=2016-01-29}}</ref> \| {{Yes\|Disabled by default}}<ref name="OpenSSL-1.0.0"/> \|- \| [[Rustls]] \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{yes\|No}} \| {{yes\|No}} \|- \| [[Schannel]] Line 1,109 ⟶ 1,192: == Certificate verification methods == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation ! Application-defined ! PKIX path validation<ref>~~RFC~~{{cite IETF\|rfc=5280}}</ref> ! [[Revocation list\|CRL]]<ref>~~RFC~~{{cite IETF\|rfc=3280}}</ref> ! [[Online Certificate Status Protocol\|OCSP]]<ref>~~RFC~~{{cite IETF\|rfc=2560}}</ref> ! [[DNS-based Authentication of Named Entities\|DANE]] (DNSSEC)<ref>~~RFC~~{{cite IETF\|rfc=6698~~, RFC~~}}</ref><ref>{{cite IETF\|rfc=7218}}</ref> ~~! Trust on First Use (TOFU)~~ ! [[Certificate Transparency\|CT]]<ref>{{cite IETF \|title=Certificate Transparency \|rfc=6962 \|idlink=Certificate Transparency \|last1=Laurie \|authorlink1=Ben Laurie \|first1=B. \|last2=Langley \|first2=A. \|last3=Kasper \|first3=E. \|date=June 2013 \|publisher=[[Internet Engineering Task Force\|IETF]] \|access-date=2020-08-31 \|issn=2070-1721}}</ref> \|- Line 1,125 ⟶ 1,207: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,135 ⟶ 1,216: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{unknown}} \|- Line 1,143 ⟶ 1,223: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,152 ⟶ 1,231: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} \|- \| [[GnuTLS]] ~~\| {{yes}}~~ \| {{yes}} \| {{yes}} Line 1,170 ⟶ 1,247: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{no}} Line 1,179 ⟶ 1,255: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,188 ⟶ 1,263: \| {{yes}} \| {{yes}}<ref>{{cite web\|url=http://www.matrixssl.org/blog/releases/matrixssl_3_8_3\|title=MatrixSSL 3.8.3\|accessdate=2017-01-18\|archive-url=https://web.archive.org/web/20170119052959/http://www.matrixssl.org/blog/releases/matrixssl_3_8_3\|archive-date=2017-01-19\|url-status=dead}}</ref> ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,197 ⟶ 1,271: \| {{yes}} \| {{no}}<ref>{{cite web\|url=https://tls.mbed.org/tech-updates/blog/mbedtls-2.0-defaults-best-practices\|title=mbed TLS 2.0 defaults implement best practices\|accessdate=2017-01-18}}</ref> ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,207 ⟶ 1,280: \| {{yes}} \| {{no}}<ref>{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=672600\|title=Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation \|publisher=Mozilla\|accessdate=2014-06-18}}</ref> ~~\| {{no}}~~ \| {{unknown}} \|- Line 1,216 ⟶ 1,288: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{yes}} \|- \| [[Rustls]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[s2n]] Line 1,224 ⟶ 1,303: \| {{no}} <ref>{{Cite web \|title=CRL Validation · Issue #3499 · aws/s2n-tls \|url=https://github.com/aws/s2n-tls/issues/3499 \|access-date=2022-11-01 \|website=GitHub \|language=en}}</ref> \| {{unknown}} <ref>{{Cite web \|title=OCSP digest support for SHA-256 · Issue #2854 · aws/s2n-tls · GitHub \|url=https://github.com/aws/s2n-tls/issues/2854 \|access-date=2022-11-01 \|website=GitHub \|language=en}}</ref> \| \| \| {{unknown}} <ref>{{Cite web \|title=[RFC 6962] s2n Client can Validate Signed Certificate Timestamp TLS Extension · Issue #457 · aws/s2n-tls · GitHub \|url=https://github.com/aws/s2n-tls/issues/457 \|access-date=2022-11-01 \|website=GitHub \|language=en}}</ref> Line 1,234 ⟶ 1,312: \| {{yes}}<ref name="TechNet">{{cite web \|url=https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx \|title=How Certificate Revocation Works \|author=<!--Staff writer(s); no by-line.--> \|date=March 16, 2012 \|website=[[Microsoft TechNet]] \|publisher=[[Microsoft]] \|accessdate=July 10, 2013}}</ref> \| {{yes}}<ref name="TechNet" /> ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,243 ⟶ 1,320: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,252 ⟶ 1,328: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,260 ⟶ 1,335: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{no}} Line 1,272 ⟶ 1,346: ! OCSP ! DANE (DNSSEC) ~~! Trust on First Use (TOFU)~~ ! CT \|} == Encryption algorithms == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! rowspan="2"\|Implementation !! colspan="10"\|[[Block cipher]] with [[Block cipher mode of operation\|mode of operation]] !! [[Stream cipher]] !! None \|- ! [[Advanced Encryption Standard\|AES]] [[Galois/Counter Mode\|GCM]]<br /><ref name="aes-gcm"~~>RFC 5288, RFC 5289</ref~~> * {{cite IETF\|rfc=5288}} * {{cite IETF\|rfc=5289}}</ref> ! [[Advanced Encryption Standard\|AES]] [[CCM mode\|CCM]]<br /><ref name="aes-ccm">RFC 6655, RFC 7251</ref> ! [[Advanced Encryption Standard\|AES]] [[Cipher block chaining\|CBC]] ! [[Camellia (cipher)\|Camellia]] [[Galois/Counter Mode\|GCM]]<br /><ref name="camellia-gcm">~~RFC~~{{cite IETF\|rfc=6367}}</ref> ! [[Camellia (cipher)\|Camellia]] [[Cipher block chaining\|CBC]]<br /><ref name="camellia-cbc">~~RFC~~{{cite IETF\|rfc=5932~~, RFC 6367~~}}</ref><ref name="camellia-gcm"/> ! [[ARIA (cipher)\|ARIA]] [[Galois/Counter Mode\|GCM]]<br /><ref name=aria/> ! [[ARIA (cipher)\|ARIA]] [[Cipher block chaining\|CBC]]<br /><ref name="aria">~~RFC~~{{cite IETF\|rfc=6209}}</ref> ! [[SEED]] [[Cipher block chaining\|CBC]]<br /><ref name="seed-cbc">~~RFC~~{{cite IETF\|rfc=4162}}</ref> ! {{nowrap\|[[Triple DES\|3DES EDE]]}} [[Cipher block chaining\|CBC]]<br />(insecure)<ref name="sweet32.info">{{cite web\|url=https://sweet32.info/\|title=Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN\|website=sweet32.info}}</ref> ! {{nowrap\|[[GOST 28147-89]]}} [[Block cipher mode of operation#Counter (CTR)\|CNT]]<br />(proposed)<br /><ref name=gostlink/><ref group="n" name="draft">This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.</ref> ! [[ChaCha20]]-[[Poly1305]]<br /><ref name="chacha20-poly1305">~~RFC~~{{cite IETF\|rfc=7905}}</ref> ! Null<br />(insecure)<br /><ref group="n" name="NULL">authentication only, no encryption</ref> \|- Line 1,447 ⟶ 1,522: \| {{yes}}<ref name="openssl-1.1.0-note"/> \| {{yes\|Disabled by default}} \|- \| [[Rustls]] \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes}}<ref name="rustls-features"/> \| {{yes\|Not implemented}} \|- \| [[Schannel\|Schannel XP/2003]] Line 1,567 ⟶ 1,656: ! [[Advanced Encryption Standard\|AES]] [[Cipher block chaining\|CBC]] ! [[Camellia (cipher)\|Camellia]] [[Galois/Counter Mode\|GCM]]<br /><ref name="camellia-gcm"/> ! [[Camellia (cipher)\|Camellia]] [[Cipher block chaining\|CBC]]<br /><ref name="camellia-cbc"/><ref name="camellia-gcm"/> ! [[ARIA (cipher)\|ARIA]] [[Galois/Counter Mode\|GCM]]<br /><ref name=aria/> ! [[ARIA (cipher)\|ARIA]] [[Cipher block chaining\|CBC]]<br /><ref name=aria/> Line 1,581 ⟶ 1,670: === Obsolete algorithms === {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! rowspan="2"\|Implementation !! colspan="4"\|[[Block cipher]] with [[Block cipher mode of operation\|mode of operation]] !! colspan="2"\|[[Stream cipher]] Line 1,679 ⟶ 1,768: \| {{yes\|Disabled by default}} \| {{Yes\|No}}<ref name="openssl-1.1.0-note"/> \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \|- \| [[Schannel\|Schannel XP/2003]] Line 1,805 ⟶ 1,902: === Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier) === {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! applicable TLS version Line 1,947 ⟶ 2,044: \| {{yes}}<ref name="openssl-1.0.2-note"/> \| {{yes}}<ref name="openssl-1.0.2-note"/> \|- \| [[Rustls]] \| {{yes}} \| {{yes}} \| {{no}} \| {{yes}} \| {{no}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \|- \| [[Schannel\|Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10]] Line 1,999 ⟶ 2,106: ! [[ECC Brainpool\|brainpoolP384r1]]<br />(27) ! [[ECC Brainpool\|brainpoolP512r1]]<br />(28) \|} ~~=== Proposed curves ===~~ ~~{\| class="wikitable sortable" style="text-align: left; font-size: smaller"~~ \|- ~~! Implementation~~ ! M221<br />Curve2213<br /><ref name="draft-josefsson-tls-additional-curves">{{cite IETF\|draft=draft-josefsson-tls-additional-curves\|title=Additional Elliptic Curves for Transport Layer Security (TLS) Key Agreement\|first1=Josefsson\|last1=Simon\|first2=Pégourié-Gonnard\|last2=Manuel}}</ref> ~~! E222<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! Curve1174<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! E382<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! M383<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! Curve383187<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! Curve41417<br />Curve3617<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! M511<br />Curve511187<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! E521<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ \|- ~~\| [[Botan (programming library)\|Botan]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[BoringSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[BSAFE]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[GnuTLS]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Java Secure Socket Extension\|JSSE]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[LibreSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[MatrixSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Mbed TLS]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Network Security Services\|NSS]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[OpenSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Schannel\|Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[MacOS\|Secure Transport]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[wolfSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Erlang (programming language)\|Erlang]]/OTP SSL application~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\|-class="sortbottom"~~ \|- ~~! Implementation~~ ~~! M221<br />Curve2213~~ ~~! E222~~ ~~! Curve1174~~ ~~! E382~~ ~~! M383~~ ~~! Curve383187~~ ~~! Curve41417<br />Curve3617~~ ~~! M511<br />Curve511187~~ ~~! E521~~ \|} === Deprecated curves in RFC 8422 === {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,269 ⟶ 2,192: \|- \| [[Java Secure Socket Extension\|JSSE]] \| {{yes\|Notes}}{{refn\|group=lower-alpha\|name="JSSEDisableEC"\|These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.<ref>{{cite web \|title=Release Note: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default~~. (Java 7u281, 8u271, 11.0.9, 14)~~ \|url=https://bugs.openjdk.~~java.net~~org/browse/JDK-8236730 \|website=JDK Bug System (JBS) \|access-date=625 ~~January~~December ~~2022~~2024}}</ref>}}{{refn\|group=lower-alpha\|name="JSSERemoveEC"\|These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.<ref>{{cite web \|title=Release Note: Removal of Legacy Elliptic Curves ~~(Java 16)~~ \|url=https://bugs.openjdk.~~java.net~~org/browse/JDK-~~8235710~~8252601 \|website=JDK Bug System (JBS) \|access-date=625 ~~January~~December ~~2022~~2024}}</ref>}} \| {{yes\|Notes}}<ref group=lower-alpha name="JSSEDisableEC"/><ref group=lower-alpha name="JSSERemoveEC"/> \| {{yes\|Notes}}<ref group=lower-alpha name="JSSEDisableEC"/><ref group=lower-alpha name="JSSERemoveEC"/> Line 2,363 ⟶ 2,286: \| {{yes}} \| {{yes}} \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \|- \| [[Schannel\|Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10]] Line 2,448 ⟶ 2,387: \|} {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,579 ⟶ 2,518: \| {{no\|Yes}} \| {{yes}} \| {{yes\|No}} \| {{yes\|No}} \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{yes\|No}} \| {{yes\|No}} Line 2,650 ⟶ 2,601: == Data integrity == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,657 ⟶ 2,608: ! [[HMAC]]-[[SHA-2\|SHA256/384]] ! [[Authenticated encryption\|AEAD]] ! [[GOST 28147-89\|GOST 28147-89 IMIT]]<br/><ref name=gostlink/> ! [[GOST (hash function)\|GOST R 34.11-94]]<br/><ref name=gostlink/> \|- \| [[Botan (programming library)\|Botan]] \| {{~~yes\|~~No Y}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[BSAFE]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[cryptlib]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[GnuTLS]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Java Secure Socket Extension\|JSSE]] Line 2,697 ⟶ 2,648: \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[LibreSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{okay\|Yes}}<br/><ref name="libressl-2.1.2"/> \| {{okay\|Yes}}<br/><ref name="libressl-2.1.2"/> \|- \| [[MatrixSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Mbed TLS]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Network Security Services\|NSS]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}}<br/><ref name=mozilla_bug518787 /><ref name=mozilla_bug608725 /> \| {{~~yes\|~~No Y}}<br/><ref name=mozilla_bug518787 /><ref name=mozilla_bug608725 /> \|- \| [[OpenSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{okay\|Yes}}<br/><ref name="OpenSSL-GOST"/> \| {{okay\|Yes}}<br/><ref name="OpenSSL-GOST"/> \|- \| [[Rustls]] \| {{No Y}} \| {{No Y}} \| {{No Y}} \| {{yes}} \| {{No Y}} \| {{No Y}} \|- \| [[Schannel\|Schannel XP/2003, Vista/2008]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{partial\|XP SP3, 2003 SP2 via hotfix}}<br/><ref name="SHA2 and Windows">{{cite web\|url=https://techcommunity.microsoft.com/t5blog/~~core-infrastructure-and-security~~coreinfrastructureandsecurityblog/sha2-and-windows~~/ba-p~~/1128617\|title=SHA2 and Windows\|~~accessdate~~access-date=2024-0412-2825}}</ref> \| {{no}} \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \|- \| [[Schannel\|Schannel 7/2008R2, 8/2012, 8.1/2012R2]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{partial\|except ECDHE_RSA}}<br/><ref name="ms14-066" /><ref name="20141111msblog" /><ref name="win8.1aesgcm"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \|- \| [[Schannel\|Schannel 10]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}}<br/><ref name=schannel10pre/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \|- \| [[MacOS\|Secure Transport]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[wolfSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Erlang (programming language)\|Erlang]]/OTP SSL application \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \|-class="sortbottom" Line 2,800 ⟶ 2,759: == Compression == Note the [[CRIME (security exploit)\|CRIME security exploit]] takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. [[HTTP compression]] is unrelated and unaffected by this exploit, but is exploited by the related [[BREACH (security exploit)\|BREACH attack]]. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,834 ⟶ 2,793: \| [[OpenSSL]] \| {{Yes\|Disabled by default}} \|- \| [[Rustls]] \| {{yes\|No}} \|- \| [[Schannel]] Line 2,855 ⟶ 2,817: In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security {{citation needed\|date=August 2014}}. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,864 ⟶ 2,826: ! [[OpenPGP]]<br /><ref name="openpgp">RFC 6091</ref> ! Supplemental Data<br /><ref name="supdata">RFC 4680</ref> ! Session Ticket<br /><ref name="exporter">~~RFC~~{{cite IETF\|rfc=5077}}</ref> ! Keying Material Exporter<br /><ref name="sticket">~~RFC~~{{cite IETF\|rfc=5705}}</ref> ! Maximum Fragment Length<br /><ref name=tlsexts/> ! ~~Truncated~~ [[~~HMAC~~Encrypt-then-MAC]]<br /><ref name=~~tlsexts~~rfc7366/> ! ~~[[Encrypt-then-MAC]]~~TLS Fallback SCSV<br /><ref name="~~tlsEtM~~tlsfallbackscsv">~~RFC~~{{cite ~~7366~~IETF\|rfc=7507}}</ref> ~~! TLS Fallback SCSV<br /><ref name="tlsfallbackscsv">RFC 7507</ref>~~ ! Extended Master Secret<br /><ref name="extendedmastersecret">RFC 7627</ref> ! ClientHello Padding<br /><ref name="tlspadding">RFC 7685</ref> Line 2,884 ⟶ 2,845: \| {{yes}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{yes}} \| {{yes}}<ref name="Botan 1.11.10">{{cite web\|url=http://botan.randombit.net/relnotes/1_11_10.html\|title=Version 1.11.10, 2014-12-10 — Botan\|date=2014-12-10\|accessdate=2014-12-14}}</ref> Line 2,901 ⟶ 2,861: \| {{no}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 2,918 ⟶ 2,877: \| {{no}} \| {{no}}<ref name="cryptlib-maxfrag">Present, but disabled by default due to lack of use by any implementation.</ref> ~~\| {{okay\|No}}~~ \| {{yes}} \| {{yes}} Line 2,935 ⟶ 2,893: \| {{yes}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{yes}}<ref name="GnuTLS-3.4.0"/> \| {{yes}}<ref name="GnuTLS-3.4.4">{{cite web\|url=http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267\|title=gnutls 3.4.4\|accessdate=2015-08-25\|archive-url=https://web.archive.org/web/20170717020648/http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267\|archive-date=2017-07-17\|url-status=dead}}</ref> Line 2,952 ⟶ 2,909: \| {{no}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 2,969 ⟶ 2,925: \| {{yes}}? \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{partial\|Server side only}}<ref name="libressl-2.1.4">{{cite web\| title = LibreSSL 2.1.4 released\| url = https://marc.info/?l=openbsd-announce&m=142543818707898\| date = 2015-03-04\| accessdate = 2015-03-04}}</ref> Line 2,986 ⟶ 2,941: \| {{no}} \| {{yes}} ~~\| {{okay\|Yes}}~~ \| {{no}} \| {{yes}}<ref name="matrixssl_3.8.3"/> Line 3,003 ⟶ 2,957: \| {{no}} \| {{yes}} ~~\| {{okay\|Disabled by default}}<ref name="mbed-2.0"/>~~ \| {{yes}}<ref name="mbedTLS-1.3.10">{{cite web\|url=https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released\|title=mbed TLS 1.3.10 released\|date=2015-02-08\|access-date=2015-02-09\|archive-date=2015-02-09\|archive-url=https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released\|url-status=dead}}</ref> \| {{yes}}<ref name="mbedTLS-1.3.10"/> Line 3,020 ⟶ 2,973: \| {{yes}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}}<ref>{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=972145\|title=Bug 972145 - Implement the encrypt-then-MAC TLS extension \|publisher=Mozilla\|accessdate=2014-11-06}}</ref> \| {{yes}}<ref>{{cite web\|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes\|title=NSS 3.17.1 release notes\|accessdate=2014-10-17\|archive-date=2019-04-19\|archive-url=https://web.archive.org/web/20190419152214/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes\|url-status=dead}}</ref> Line 3,037 ⟶ 2,989: \| {{yes}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{yes}} \| {{yes}}<ref>{{cite web\|url=https://~~www.~~openssl-library.org/news/secadv/20141015.txt\|title=OpenSSL Security Advisory [15 Oct 2014]\|date=2014-10-15}}</ref> \| {{yes}}<ref name="openssl-1.1.0-note" /> \| {{yes}}<ref name="openssl-1.0.1g-note">{{cite web\|url=https://www.openssl.org/news/openssl-1.0.1-notes.html \|title=Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] \|date=2014-04-07 \|accessdate=2015-02-10 \|url-status=dead \|archive-url=https://web.archive.org/web/20150120120428/https://www.openssl.org/news/openssl-1.0.1-notes.html \|archive-date=2015-01-20}}</ref> \| {{yes}}<ref name="openssl3.2.0">{{cite web\|url=https://~~www.~~openssl-library.org/~~blog/blog~~post/2023/-11-06-openssl32/~~23/OpenSSL32/index.html~~\|title=OpenSSL Announces Final Release of OpenSSL 3.2.0\|date=2023-11-23\|access-date=2024-10-11}}</ref> \|- \| [[Rustls]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| {{no}} <ref>rustls does not implement earlier versions that would warrant protection against insecure downgrade</ref> \| {{yes}} \| {{no}} \| {{unknown}} \|- \| [[Schannel\|Schannel XP/2003]] Line 3,054 ⟶ 3,021: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,071 ⟶ 3,037: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} \| {{yes}}<ref name="MS15-121">{{cite web\|url=https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121\|title=Microsoft Security Bulletin MS15-121\|date=March 2023 \|accessdate=2024-04-28}}</ref> \| {{no}} \| {{unknown}} Line 3,088 ⟶ 3,053: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,102 ⟶ 3,066: \| {{no}} \| {{yes}} \| {{partial\|Client side only}}<ref name="Schannel_SessionTicket">{{cite web\|url=https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)\|title=What's New in TLS/SSL (Schannel SSP)\|date=31 August 2016 \|accessdate=2024-04-28}}</ref> \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,122 ⟶ 3,085: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,139 ⟶ 3,101: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,156 ⟶ 3,117: \| {{no}} \| {{yes}} ~~\| {{okay\|Yes}}~~ \| {{yes}}<ref name="wolfssl-4.2.0">{{cite web\|url=https://www.wolfssl.com/wolfssl-version-4-2-0-now-available/\|title=wolfSSL Version 4.2.0 is Now Available!\|date=22 October 2019\|accessdate=2021-08-13}}</ref> \| {{no}} \| {{yes}} \| {{no}} \| {{yes}}<ref name="wolfssl">{{cite web\|url=https://www.wolfssl.com/wolfssl-supports-raw-public-keys/\|title=wolfSSL supports Raw Public Keys\|date=August 2023 \|accessdate=2024-10-25}}</ref> ~~\| {{unknown}}~~ \|- \| Erlang/OTP SSL application Line 3,173 ⟶ 3,133: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{yes}} Line 3,191 ⟶ 3,150: ! Keying Material Exporter ! Maximum Fragment Length ~~! Truncated HMAC~~ ! Encrypt-then-MAC ! TLS Fallback SCSV Line 3,201 ⟶ 3,159: == Assisted cryptography == This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,208 ⟶ 3,166: ! [[VIA PadLock]] ! [[ARM architecture#ARMv8-A\|ARMv8-A]] ~~! [[Intel SGX]]~~ ~~! [http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html Intel QAT]~~ ! [[Intel SHA extensions\|Intel SHA]] ! [[NXP CAAM]] ! [[TPM 2.0]] ! [[NXP SE050]] ! [[Microchip ATECC]] ! [[STMicro STSAFE]] ! [[Maxim MAXQ]] \|- \| [[Botan (programming library)\|Botan]] Line 3,218 ⟶ 3,179: \| {{no}} \| {{yes}} \| \| {{no}} \| {{yes}}<ref>{{cite web \| url=https://botan.randombit.net/handbook/api_ref/tpm.html \| title=Trusted Platform Module (TPM) — Botan }}</ref> \| {{no}} \| {{no}} \| {{no}} \| \| {{no}} \|- \|- \| [[BSAFE]] SSL-J {{refn\|group=lower-alpha\|Pure Java implementations relies on [[Java virtual machine\|JVM]] processor optimization capabilities, such as [[OpenJDK]] support for [[AES-NI]]<ref>{{Cite web\|url=~~http~~https://openjdk.~~java.net~~org/jeps/164\|title=JEP 164: Leverage CPU Instructions for AES Cryptography\|website=openjdk.~~java.net~~org}}</ref>}}{{refn\|group=lower-alpha\|BSAFE SSL-J can be configured to run in native mode, using BSAFE Crypto-C Micro Edition to benefit from processor optimization.<ref>{{Cite web\|url=https://sso.rsasecurity.com/sso/SSO?SPEntityID=rsalink&redirectreason=permissiondenied&referer=https%3A%2F%2Fcommunity.rsa.com%2Ft5%2Frsa-bsafe-archived-resources%2Frsa-bsafe-ssl-j-6-2-5-release-notes%2Fta-p%2F566951\|title=RSA SecurID PASSCODE Request\|website=sso.rsasecurity.com}}</ref>}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{no}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{no}} \| {{no}}<ref>{{cite web \| url=https://www.dell.com/support/kbdoc/en-my/000204717/comparison-of-bsafe-tls-libraries-micro-edition-suite-vs-ssl-j \| title=Comparison of BSAFE TLS libraries: Micro Edition Suite vs SSL-J \| Dell Malaysia }}</ref> \| {{no}} \| {{no}} \| {{no}} ~~\| {{okay\|Yes}}~~ \| {{no}} \|- Line 3,240 ⟶ 3,207: \| {{no}} \| ~~\| {{no}}~~ \| \| {{yes}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[Crypto++]] Line 3,249 ⟶ 3,219: \| \| \| ~~\| {{no}}~~ \| {{yes}} \| \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[GnuTLS]] Line 3,259 ⟶ 3,232: \| {{yes}} \| {{yes}}<ref>{{Cite web\|url=https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.html\|title=[gnutls-devel] gnutls 3.5.5\|first=Nikos\|last=Mavrogiannopoulos\|date=October 9, 2016}}</ref> ~~\| {{no}}~~ ~~\| {{no}}~~ \| {{yes}} \| \| {{no}}<ref>{{cite web \| url=https://www.gnutls.org/manual/html_node/Trusted-Platform-Module.html \| title=Trusted Platform Module (GnuTLS 3.8.4) }}</ref> \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[Java Secure Socket Extension\|JSSE]] Line 3,272 ⟶ 3,248: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- Line 3,280 ⟶ 3,259: \| {{no}} \| ~~\| {{no}}~~ \| \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[MatrixSSL]] Line 3,292 ⟶ 3,274: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- Line 3,302 ⟶ 3,287: \| {{no}} \| \| {{Partial}}<ref>{{cite web \| url=https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file \| title=NXP/Plug-and-trust \| website=[[GitHub]] }}</ref> \| {{yes}}<ref>{{cite web \| url=https://github.com/ARMmbed/mbed-os-atecc608a/ \| title=ARMmbed/Mbed-os-atecc608a \| website=[[GitHub]] }}</ref> \| {{no}} \| {{no}} \|- Line 3,312 ⟶ 3,300: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[OpenSSL]] \| {{yes}}<ref>{{cite web \| url=https://habrahabr.ru/post/134725/, \| title=Подключаем Рутокен ЭЦП к OpenSSL \| date=16 December 2011 \|lang=ru}}</ref><ref>{{cite web \| url=http://forum.rutoken.ru/topic/1639/, \| title=Поддержка Рутокен ЭЦП в OpenSSL (Страница 1) — Рутокен и Open Source — Форум Рутокен \|lang=ru}}</ref><ref>{{cite web \| url=https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184 ~~{{in~~\| title=OpenSSL ГОСТ ~~lang~~\| archive-url=https://web.archive.org/web/20180623005200/https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184 \| archive-date=2018-06-23 \| url-status=dead \| lang=ru}}</ref> \| {{yes}} \| {{yes}} \| {{yes}}<ref>{{cite web\|url=http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddacb8f27ba4c8a8d51c306c150e1a8703b008f2\|title=git.openssl.org Git - openssl.git/commitdiff\|website=git.openssl.org}}</ref> \| ~~\| {{no}}~~ \| {{yes}} \| {{Partial}} \| {{Partial}}<ref>{{cite web \| url=https://github.com/tpm2-software/tpm2-openssl \| title=Tpm2-software/Tpm2-openssl \| website=[[GitHub]] }}</ref><ref>{{cite web \| url=https://docs.openssl.org/3.0/man7/provider/ \| title=Provider - OpenSSL Documentation }}</ref> \| {{Partial}}<ref>{{cite web \| url=https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file \| title=NXP/Plug-and-trust \| website=[[GitHub]] }}</ref> \| {{no}} \| {{Partial}}<ref>{{cite web \| url=https://www.st.com/en/embedded-software/stsw-stsa110-ssl.html \| title=STSW-STSA110-SSL - STSAFE-A integration within OpenSSL security stack \| website=[[STMicroelectronics]]}}</ref> \| {{no}} \|- \| [[Rustls]] \| \| {{yes}} \| \| {{yes}} \| {{yes}} \| \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[Schannel]] Line 3,332 ⟶ 3,339: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[MacOS\|Secure Transport]] \| {{no}} \| {{Yes}}<ref>{{GitHub\|https://~~opensource.apple~~github.com/~~source~~apple-oss-distributions/Security/blob/Security-55179.13/sec/Security/SecECKey.c}}</ref><ref>{{cite web \|url=http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT5396/Crypto_Officer_Role_Guide_for_FIPS_140-2_Compliance_OS_X_Mountain_Lion_v10.8.pdf \|title=Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8 \|publisher=Apple Inc. \|date=2013}}</ref> \| {{no}} \| {{Yes}} Line 3,342 ⟶ 3,352: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- Line 3,349 ⟶ 3,362: \| {{no}} \| {{yes}} ~~\| {{yes}}~~ \| {{yes}}<ref>{{cite web\|url=https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html\|title=wolfSSL Asynchronous Intel QuickAssist Support - wolfSSL\|date=18 January 2017\|publisher=}}</ref> \| \| {{yes}}<ref>{{cite web\|url=https://community.nxp.com/t5/i-MX-Processors/CAAM-support-in-wolfSSL/m-p/1013736\|title=CAAM support in wolfSSL \|date=10 March 2020\|publisher=}}</ref> \| {{yes}}<ref>{{cite web\|url=https://www.wolfssl.com/products/wolftpm/\|title=wolfTPM Portable TPM 2.0 Library}}</ref><ref>{{cite web\|url=https://www.wolfssl.com/announcing-wolfssl-tpm-support-for-the-espressif-esp32/\|title=Announcing wolfSSL TPM support for the Espressif ESP32\|date=20 June 2024\|publisher=}}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/wolfssl-ssl-tls-support-for-nxp-se050/ \| title=WolfSSL SSL/TLS Support for NXP SE050 – wolfSSL \| date=22 February 2024 }}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/blog-wolfssl-support-atecc608-crypto-coprocessor/ \| title=WolfSSL support for the ATECC608 Crypto Coprocessor – wolfSSL \| date=13 October 2021 }}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/wolfssl-support-stsafe-a100-crypto-coprocessor/ \| title=WolfSSL support for STSAFE-A100 crypto coprocessor – wolfSSL \| date=20 September 2018 }}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/support-maxq1065-wolfssl/ \| title=Support for MAXQ1065 in wolfSSL – wolfSSL \| date=29 November 2022 }}</ref> \|- \|-class="sortbottom" Line 3,360 ⟶ 3,376: ! VIA PadLock ! ARMv8-A ~~! Intel SGX~~ ~~! Intel QAT~~ ! Intel SHA ! NXP CAAM ! TPM 2.0 ! NXP SE050 ! Microchip ATECC ! STMicro STSAFE ! Maxim MAXQ \|} Line 3,370 ⟶ 3,389: == System-specific backends == This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation ! ~~[http://cryptodev-linux.org/~~ /dev/crypto] ! af_alg ~~! [http://www.chronox.de/crypto-API/crypto/userspace-if.html af_alg]~~ ! [[Cryptographic Service Provider\|Windows CSP]] ! CommonCrypto ~~! [https://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html CommonCrypto]~~ ! [[OpenSSL\|OpenSSL engine]] \|- Line 3,394 ⟶ 3,413: \|- \| [[cryptlib]] \| {{noyes}} \| {{no}} \| {{no}} Line 3,448 ⟶ 3,467: \| {{no}} \| {{yes}} \|- \| [[Rustls]] \| {{no}} \| {{yes}} <ref>{{cite web\|title=ktls integration for rustls\|website=[[GitHub]] \|accessdate=2024-08-29\|url=https://github.com/rustls/ktls}}</ref> \| {{no}} \| {{no}} \| {{no}} \|- \| [[Schannel]] Line 3,487 ⟶ 3,513: == Cryptographic module/token support == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,505 ⟶ 3,531: \|- \| [[cryptlib]] \| {{noyes}} \| {{yes\|[[PKCS 11\|PKCS #11]]}} \| User-defined label Line 3,543 ⟶ 3,569: \| {{partial\|[[PKCS 11\|PKCS #11]] (via 3rd party module)}}<ref name=libp11>{{cite web\|url=https://github.com/OpenSC/libp11\|title=libp11: PKCS#11 wrapper library\|date=19 January 2018\|publisher=\|via=GitHub}}</ref> \| RFC 7512 PKCS #11 URLs<ref name=pkcs11urls/> \|- \| [[Rustls]] \| {{no}} \| {{yes\|[[Microsoft CryptoAPI]]}} <ref>{{cite web\|url=https://github.com/rustls/rustls-cng\|title=Windows CNG bridge for rustls\|website=[[GitHub]] \|accessdate=2024-08-29}}</ref> \| Custom method \|- \| [[Schannel]] Line 3,567 ⟶ 3,598: == Code dependencies == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,600 ⟶ 3,631: \| libc<br />libnspr4<br />libsoftokn3<br />libplc4<br />libplds4 \| zlib (compression) \|- \| [[Rustls]] \| rust {{mono\|core}} library \| rust {{mono\|std}} library<br />zlib-rs (compression)<br />brotli (compression)<br />''ring'' (cryptography)<br />aws-lc-rs (cryptography)<br /> \|- \| [[OpenSSL]] Line 3,620 ⟶ 3,655: == Development environment == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,650 ⟶ 3,685: com.rsa.ssl{{cref2\|group=dev_env_footnotes\|e}}<br /> com.rsa.jsse{{cref2\|group=dev_env_footnotes\|f}} \| [[Java ~~Classloader\|Java~~class ~~classloader~~loader]] \| Javadoc, Developer's guide (HTML) \| Included Line 3,720 ⟶ 3,755: \| Included (monolithic) \| {{N/a}} \|- \| [[Rustls]] \| {{code\|rustls::}} \| cargo \| [https://docs.rs/rustls/0.23.12/rustls/ API reference] and [https://docs.rs/rustls/0.23.12/rustls/manual/ design manual] \| Two options included (pluggable) \| {{yes}}<ref>{{cite web\|url=https://github.com/rustls/rustls-openssl-compat/\|title=rustls-openssl compatibility layer\|website=[[GitHub]] \|accessdate=2024-08-29}}</ref> (subset) \|- \| [[wolfSSL]] Line 3,748 ⟶ 3,790: == Portability concerns == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,830 ⟶ 3,872: \| {{no}} \| AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, macOS, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation \|- \| [[Rustls]] \| [[Rust (programming language)]] \| None \| {{yes\|Thread-safe}} \| Platform dependent \| {{yes}} \| {{yes}} \| All supported by [[Rust (programming language)]] \|- \| [[OpenSSL]]