Comparison of TLS implementations: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:45, 21 July 2024 edit Mikeblas (talk \| contribs) Administrators 82,151 edits m add cites ← Previous edit		Latest revision as of 00:44, 4 August 2025 edit undo Davidghook (talk \| contribs) 125 edits →Certifications
(37 intermediate revisions by 15 users not shown)
Line 2: {{About\|TLS libraries comparison\|cryptographic libraries comparison\|Comparison of cryptography libraries}} {{redirect\|Secure Transport\|the transportation of valuables\|Armored car (valuables)}} ~~{{Cleanup bare URLs\|date=September 2022}}~~ The [[Transport Layer Security]] (TLS) protocol provides the ability to secure communications across or inside networks. This '''comparison of TLS implementations''' compares several of the most notable [[software library\|libraries]]. There are several TLS implementations which are [[free software]] and [[Open-source software\|open source]]. Line 8: == Overview == {{sort-under}} ~~{\| class="wikitable sortable" style="text-align: left; font-size: smaller"~~ {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 129 ⟶ 130: \| Australia/EU \|- \| [[Rustls]] \| Joe Birr-Pixton, Dirkjan Ochtman, Daniel McCarney, Josh Aas, and open source contributors \| {{yes}} \| {{free\|[[Apache License\|Apache-2.0]], [[MIT License]] and [[ISC license\|ISC]]}} \| Open source contributors \| [[Rust (programming language)\|Rust]] \| {{Latest stable software release/Rustls}} \| United Kingdom \|- \| [[s2n]] \| [[Amazon.com\|Amazon]] \| {{yes}} \| {{free\|[[Apache License]] 2.0, [[GNU General Public License#Version 2\|GNU GPLv2]]+}} and commercial license \| Amazon.com, Inc. \| [[C (programming language)\|C]] \| Continuous Line 143 ⟶ 152: \| {{no}} \| {{proprietary}} \| Microsoft ~~Inc.~~Corporation \| \| Windows 11, 2021-10-05 Line 160 ⟶ 169: \| wolfSSL<ref name="wolfsslproduct">{{cite web \| url=https://www.wolfssl.com/wolfSSL/Products-wolfssl.html \| title=wolfSSL product description \| accessdate=2016-05-03}}</ref> \| {{yes}} \| {{free\|[[GNU General Public License#Version 23\|GNU ~~GPLv2~~GPLv3]]+}} and commercial license \| wolfSSL Inc.<ref name="wolfsslcompany">{{cite web \| url=https://www.wolfssl.com \| title=wolfSSL Embedded SSL/TLS \| accessdate=2016-05-03}}</ref> \| [[C (programming language)\|C]], [[Assembly language\|assembly]] Line 200 ⟶ 209: Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2. {\| class="wikitable sortable sort-under mw-collapsible" style="text-align: left; font-size: smaller" \|- ! Implementation Line 211 ⟶ 220: ! [[Datagram Transport Layer Security\|DTLS 1.0]] (deprecated)<ref name="auto3">{{cite IETF\|rfc=4347}}</ref> ! [[Datagram Transport Layer Security\|DTLS 1.2]]<ref name="RFC 6347" /> ! [[Datagram Transport Layer Security\|DTLS 1.3]]~~{{fact\|date=July 2024}}~~ \|- \| [[Botan (programming library)\|Botan]] Line 241 ⟶ 250: \| {{okay\|Yes}} \| {{yes}} \| {{Yes}} ~~\| {{Partial\|Yes}}<br /><small>(draft version)</small>~~ \| {{okay\|Yes}} \| {{yes}} Line 259 ⟶ 268: \| [[cryptlib]] \| {{yes\|No}} \| {{yes\|~~Disabled by default at compile time~~No}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{yes}} \| \| {{yes\|No}} \| {{no}} Line 344 ⟶ 353: \| {{yes}}<ref name="openssl-1.0.2-note">{{cite web\|url=https://www.openssl.org/news/openssl-1.0.2-notes.html \|title=Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] \|accessdate=2015-01-22 \|url-status=dead \|archiveurl=https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html \|archivedate=September 4, 2014 }}</ref> \| {{no}} \|- \| [[Rustls]] \| {{yes\|No}}<ref name="rustls-features">{{cite web\|url=https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html \|title=rustls implemented and unimplemented features documentation \|accessdate=2024-08-28 }}</ref> \| {{yes\|No}}<ref name="rustls-features"/> \| {{yes\|No}}<ref name="rustls-features"/> \| {{yes\|No}}<ref name="rustls-features"/> \| {{yes}}<ref name="rustls-features"/> \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \| {{no}} \| {{no}} \|- \|- \| [[s2n]]<ref name="S2NSPEC">{{cite web\| title = S2N Readme\| website = [[GitHub]]\| url = https://github.com/awslabs/s2n/blob/master/README.md\| date = 2019-12-21}}</ref> Line 523 ⟶ 544: ! [[Datagram Transport Layer Security\|DTLS 1.0]] (deprecated)<ref name="auto3" /> ! [[Datagram Transport Layer Security\|DTLS 1.2]]<ref name="RFC 6347" /> ! [[Datagram Transport Layer Security\|DTLS 1.3]]~~{{fact\|date=July 2024}}~~ \|} {{Reflist\|group=lower-alpha\|refs= Line 541 ⟶ 562: * [[SHA-2\|Secure Hash Algorithm 2]] (SHA-256 and SHA-384) — [[message digest]] Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the [[~~Security~~United States security clearance#Secret\|Secret]] level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of [[~~Security~~United States security clearance#Top Secret\|Top Secret]] information. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 580 ⟶ 601: \| [[OpenSSL]] \| {{yes}}<ref name="openssl-1.0.2-note"/> \|- \| [[Rustls]] \| {{yes}}<ref name="rustls-features"/> \|- \| [[S2n]] Line 601 ⟶ 625: Note that certain certifications have received serious negative criticism from people who are actually involved in them.<ref>{{Cite web\|url=http://index.html/\|archiveurl=https://web.archive.org/web/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/\|url-status=dead\|title=Speeds and Feeds › Secure or Compliant, Pick One\|archivedate=December 27, 2013}}</ref> {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! rowspan="2"\|Implementation ! colspan="2"\|[[FIPS 140-1]], [[FIPS 140-2]]<ref>{{cite web\|url=http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm\|title=Search - Cryptographic Module Validation Program - CSRC\|website=csrc.nist.gov\|access-date=2014-03-18\|archive-url=https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm\|archive-date=2014-12-26\|url-status=dead}}</ref> ! [[FIPS 140-3]] ~~! rowspan="2"\|[[Embedded FIPS Solution]]~~ \|- ! Level 1 Line 613 ⟶ 636: \|- \| [[Botan (programming library)\|Botan]]<ref>{{cite web\|url=http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified\|title="Is botan FIPS 140 certified?" Frequently Asked Questions — Botan\|access-date=2014-11-16\|archive-url=https://web.archive.org/web/20141129042131/http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified\|archive-date=2014-11-29\|url-status=dead}}</ref> \| \| \| Line 619 ⟶ 641: \|- \|[[Bouncy Castle (cryptography)\|Bouncy Castle]] \|{{yes\|BC-FJA 12.0.0 (#~~2768~~4743)<br /> BC-FJA 2.1.0.1 (#~~3152~~4943)<br> BC-FNA 1.0.2 (#4416}} \| \| \| Line 627 ⟶ 648: \| {{yes\|Crypto-J 6.0 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1785 1785], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1786 1786])<br />Crypto-J 6.1 / 6.1.1.0.1 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2057 2057], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2058 2058])<br />Crypto-J 6.2 / 6.2.1.1 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2468 2468], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2469 2469])<br />Crypto-J 6.2.4 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3172 3172], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3184 3184])<br />Crypto-J 6.2.5 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3819 #3819], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3820 #3820])<br />Crypto-J 6.3 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4696 #4696], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4697 #4697])}} \| \|{{yes\|Crypto-J 7.0 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4892 4892])}} \| \| \|- \| [[cryptlib]]<ref>{{cite web\|url=http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8\|archive-url=https://web.archive.org/web/20131011085917/http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8\|url-status=dead\|archive-date=11 October 2013\|title=cryptlib\|date=11 October 2013}}</ref> \| \| \| Line 638 ⟶ 657: \| [[GnuTLS]]<ref>{{cite web \|title=B.5 Certification \|url=https://www.gnutls.org/manual/gnutls.html#Certification \|website=GnuTLS 3.7.7 \|access-date=26 September 2022}}</ref> \| {{yes\|Red Hat Enterprise Linux GnuTLS Cryptographic Module (#2780)}} \| \| \| \|- \| [[Java Secure Socket Extension\|JSSE]] \| \| \| Line 650 ⟶ 667: \| [[LibreSSL]]<ref name="OpenBSD5.6"/> \| no support \| \| \| Line 656 ⟶ 672: \| [[MatrixSSL]]<ref>{{cite web\|url=http://cdn2.hubspot.net/hub/327778/file-618993629-pdf/Matrix+SSL-3.pdf\|title=Matrix SSL Toolkit\|publisher=}}</ref> \| {{yes\|SafeZone FIPS Cryptographic Module: 1.1 (#2389)}} \| \| \| \|- \| [[Mbed TLS]]<ref>{{cite web\|url=https://mbed-tls.readthedocs.io/en/latest/kb/generic/is-mbedtls-fips-certified/\|title=Is mbed TLS FIPS certified? - Mbed TLS documentation\|website=Mbed TLS documentation}}</ref> \| \| \| Line 669 ⟶ 683: \| {{yes\|Network Security Services: 3.2.2 (#247)<br />Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837)}} \| {{yes\|Netscape Security Module: 1 (#7<ref group="notes">with Sun [[Sparc]] 5 w/ Sun [[Solaris (operating system)\|Solaris]] v 2.4SE (ITSEC-rated)</ref>), 1.01 (#47<ref group="notes">with Sun [[Ultra 5/10\|Ultra-5]] w/ Sun [[Trusted Solaris]] version 2.5.1 (ITSEC-rated)</ref>)<br />Network Security Services: 3.2.2 (#248<ref group="notes">with [[Solaris (operating system)\|Solaris]] v8.0 with [[AdminSuite]] 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN [[SPARC]] [[Ultra 1\|Ultra-1]]</ref>)<br />Network Security Services Cryptographic Module: 3.11.4 (#814<ref group="notes">with these platforms; [[Red Hat Enterprise Linux]] Version 4 Update 1 AS on [[IBM System x\|IBM xSeries 336]] with Intel Xeon CPU, [[Trusted Solaris]] 8 4/01 on [[Sun Blade (workstation)\|Sun Blade 2500 Workstation]] with [[UltraSPARC IIIi]] CPU</ref>), 3.12.4 (#1279, #1280<ref group="notes">with these platforms; [[Red Hat Enterprise Linux]] v5 running on an [[IBM System x]]3550, [[Red Hat Enterprise Linux]] v5 running on an [[ProLiant\|HP ProLiant DL145]], Sun [[Solaris 10]] 5/08 running on a Sun [[Sun Blade (workstation)\|SunBlade 2000 workstation]], Sun [[Solaris 10]] 5/08 running on a [[Sun Java Workstation\|Sun W2100z workstation]]</ref>)}} \| \| \|- Line 676 ⟶ 689: \| \| \|- \|[[Rustls]] \| \| \| {{yes\|aws-lc FIPS module<ref>{{cite web\|url=https://docs.rs/rustls/0.23.12/rustls/manual/_06_fips/index.html\|title=rustls FIPS documentation\|accessdate=2024-08-28}} </ref> ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4759 #4759])}} \|- \| [[Schannel]]<ref>{{Cite web\|url=https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140\|title=Microsoft FIPS 140 Validated Cryptographic Modules}}</ref> \| {{yes\|Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8<br />See details on [https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140 Microsoft FIPS 140 Validated Cryptographic Modules]}} \| \| \| \|- Line 687 ⟶ 703: \| {{yes\|Apple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701)<br />Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016)<br />Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7, #2020, #2021)}} \| \| \| \|- Line 694 ⟶ 709: \| \| {{yes\|wolfCrypt FIPS Module (#4178)<br />See details on [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4718 NIST certificate]}} ~~\| {{yes}}~~ \|- \|-class="sortbottom" Line 701 ⟶ 715: ! Level 2 ! Level 1 ~~! rowspan="2"\|Embedded FIPS Solution~~ \|- ! colspan="2"\|FIPS 140-1, FIPS 140-2 Line 710 ⟶ 723: == Key exchange algorithms (certificate-only) == This section lists the certificate verification functionality available in the various implementations. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 750 ⟶ 763: \| {{yes}} \| {{okay\|Yes}} \| {{yes~~\|No~~}} \| {{yes}} \| {{yes\|No}} \| {{noyes}} \| {{yes\|No}} \|- Line 832 ⟶ 845: \| {{yes}} \| {{okay\|Yes}}<ref name="OpenSSL-GOST">{{Cite web\|url=http://cvs.openssl.org/fileview\|archiveurl=https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost\|url-status=dead\|title=OpenSSL: CVS Web Interface\|archive-date=2013-04-15\|access-date=2014-11-12}}</ref> \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \|- \| [[Schannel\|Schannel XP/2003]] Line 958 ⟶ 982: == Key exchange algorithms (alternative key-exchanges) == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 1,004 ⟶ 1,028: \| {{yes}} \| {{no}} \| {{~~unknown~~no}} \| {{Yes\|No}} \| {{Yes\|No}} Line 1,091 ⟶ 1,115: \| {{Yes\|Disabled by default}}<ref name="OpenSSL-1.0.0">{{cite web\|url=https://www.openssl.org/news/changelog.html#x29\|title=Changes between 0.9.8n and 1.0.0 [29 Mar 2010]\|accessdate=2016-01-29}}</ref> \| {{Yes\|Disabled by default}}<ref name="OpenSSL-1.0.0"/> \|- \| [[Rustls]] \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \| {{yes\|No}} \| {{yes\|No}} \|- \| [[Schannel]] Line 1,156 ⟶ 1,192: == Certificate verification methods == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 1,164 ⟶ 1,200: ! [[Online Certificate Status Protocol\|OCSP]]<ref>{{cite IETF\|rfc=2560}}</ref> ! [[DNS-based Authentication of Named Entities\|DANE]] (DNSSEC)<ref>{{cite IETF\|rfc=6698}}</ref><ref>{{cite IETF\|rfc=7218}}</ref> ~~! Trust on First Use (TOFU)~~ ! [[Certificate Transparency\|CT]]<ref>{{cite IETF \|title=Certificate Transparency \|rfc=6962 \|idlink=Certificate Transparency \|last1=Laurie \|authorlink1=Ben Laurie \|first1=B. \|last2=Langley \|first2=A. \|last3=Kasper \|first3=E. \|date=June 2013 \|publisher=[[Internet Engineering Task Force\|IETF]] \|access-date=2020-08-31 \|issn=2070-1721}}</ref> \|- Line 1,172 ⟶ 1,207: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,182 ⟶ 1,216: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{unknown}} \|- Line 1,190 ⟶ 1,223: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,199 ⟶ 1,231: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} \|- \| [[GnuTLS]] ~~\| {{yes}}~~ \| {{yes}} \| {{yes}} Line 1,217 ⟶ 1,247: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{no}} Line 1,226 ⟶ 1,255: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,235 ⟶ 1,263: \| {{yes}} \| {{yes}}<ref>{{cite web\|url=http://www.matrixssl.org/blog/releases/matrixssl_3_8_3\|title=MatrixSSL 3.8.3\|accessdate=2017-01-18\|archive-url=https://web.archive.org/web/20170119052959/http://www.matrixssl.org/blog/releases/matrixssl_3_8_3\|archive-date=2017-01-19\|url-status=dead}}</ref> ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,244 ⟶ 1,271: \| {{yes}} \| {{no}}<ref>{{cite web\|url=https://tls.mbed.org/tech-updates/blog/mbedtls-2.0-defaults-best-practices\|title=mbed TLS 2.0 defaults implement best practices\|accessdate=2017-01-18}}</ref> ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,254 ⟶ 1,280: \| {{yes}} \| {{no}}<ref>{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=672600\|title=Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation \|publisher=Mozilla\|accessdate=2014-06-18}}</ref> ~~\| {{no}}~~ \| {{unknown}} \|- Line 1,263 ⟶ 1,288: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{yes}} \|- \| [[Rustls]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[s2n]] Line 1,271 ⟶ 1,303: \| {{no}} <ref>{{Cite web \|title=CRL Validation · Issue #3499 · aws/s2n-tls \|url=https://github.com/aws/s2n-tls/issues/3499 \|access-date=2022-11-01 \|website=GitHub \|language=en}}</ref> \| {{unknown}} <ref>{{Cite web \|title=OCSP digest support for SHA-256 · Issue #2854 · aws/s2n-tls · GitHub \|url=https://github.com/aws/s2n-tls/issues/2854 \|access-date=2022-11-01 \|website=GitHub \|language=en}}</ref> \| \| \| {{unknown}} <ref>{{Cite web \|title=[RFC 6962] s2n Client can Validate Signed Certificate Timestamp TLS Extension · Issue #457 · aws/s2n-tls · GitHub \|url=https://github.com/aws/s2n-tls/issues/457 \|access-date=2022-11-01 \|website=GitHub \|language=en}}</ref> Line 1,281 ⟶ 1,312: \| {{yes}}<ref name="TechNet">{{cite web \|url=https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx \|title=How Certificate Revocation Works \|author=<!--Staff writer(s); no by-line.--> \|date=March 16, 2012 \|website=[[Microsoft TechNet]] \|publisher=[[Microsoft]] \|accessdate=July 10, 2013}}</ref> \| {{yes}}<ref name="TechNet" /> ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,290 ⟶ 1,320: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,299 ⟶ 1,328: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{unknown}} Line 1,307 ⟶ 1,335: \| {{yes}} \| {{yes}} ~~\| {{no}}~~ \| {{no}} \| {{no}} Line 1,319 ⟶ 1,346: ! OCSP ! DANE (DNSSEC) ~~! Trust on First Use (TOFU)~~ ! CT \|} == Encryption algorithms == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! rowspan="2"\|Implementation !! colspan="10"\|[[Block cipher]] with [[Block cipher mode of operation\|mode of operation]] !! [[Stream cipher]] !! None Line 1,496 ⟶ 1,522: \| {{yes}}<ref name="openssl-1.1.0-note"/> \| {{yes\|Disabled by default}} \|- \| [[Rustls]] \| {{yes}}<ref name="rustls-features"/> \| {{yes\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes}}<ref name="rustls-features"/> \| {{yes\|Not implemented}} \|- \| [[Schannel\|Schannel XP/2003]] Line 1,630 ⟶ 1,670: === Obsolete algorithms === {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! rowspan="2"\|Implementation !! colspan="4"\|[[Block cipher]] with [[Block cipher mode of operation\|mode of operation]] !! colspan="2"\|[[Stream cipher]] Line 1,728 ⟶ 1,768: \| {{yes\|Disabled by default}} \| {{Yes\|No}}<ref name="openssl-1.1.0-note"/> \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \|- \| [[Schannel\|Schannel XP/2003]] Line 1,854 ⟶ 1,902: === Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier) === {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! applicable TLS version Line 1,996 ⟶ 2,044: \| {{yes}}<ref name="openssl-1.0.2-note"/> \| {{yes}}<ref name="openssl-1.0.2-note"/> \|- \| [[Rustls]] \| {{yes}} \| {{yes}} \| {{no}} \| {{yes}} \| {{no}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \|- \| [[Schannel\|Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10]] Line 2,048 ⟶ 2,106: ! [[ECC Brainpool\|brainpoolP384r1]]<br />(27) ! [[ECC Brainpool\|brainpoolP512r1]]<br />(28) \|} ~~=== Proposed curves ===~~ ~~{\| class="wikitable sortable" style="text-align: left; font-size: smaller"~~ \|- ~~! Implementation~~ ! M221<br />Curve2213<br /><ref name="draft-josefsson-tls-additional-curves">{{cite IETF\|draft=draft-josefsson-tls-additional-curves\|title=Additional Elliptic Curves for Transport Layer Security (TLS) Key Agreement\|first1=Josefsson\|last1=Simon\|first2=Pégourié-Gonnard\|last2=Manuel}}</ref> ~~! E222<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! Curve1174<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! E382<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! M383<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! Curve383187<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! Curve41417<br />Curve3617<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! M511<br />Curve511187<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ ~~! E521<br /><ref name="draft-josefsson-tls-additional-curves"/>~~ \|- ~~\| [[Botan (programming library)\|Botan]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[BoringSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[BSAFE]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[GnuTLS]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Java Secure Socket Extension\|JSSE]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[LibreSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[MatrixSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Mbed TLS]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Network Security Services\|NSS]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[OpenSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Schannel\|Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[MacOS\|Secure Transport]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[wolfSSL]]~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\| [[Erlang (programming language)\|Erlang]]/OTP SSL application~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ ~~\| {{okay\|No}}~~ \|- ~~\|-class="sortbottom"~~ \|- ~~! Implementation~~ ~~! M221<br />Curve2213~~ ~~! E222~~ ~~! Curve1174~~ ~~! E382~~ ~~! M383~~ ~~! Curve383187~~ ~~! Curve41417<br />Curve3617~~ ~~! M511<br />Curve511187~~ ~~! E521~~ \|} === Deprecated curves in RFC 8422 === {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,318 ⟶ 2,192: \|- \| [[Java Secure Socket Extension\|JSSE]] \| {{yes\|Notes}}{{refn\|group=lower-alpha\|name="JSSEDisableEC"\|These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.<ref>{{cite web \|title=Release Note: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default~~. (Java 7u281, 8u271, 11.0.9, 14)~~ \|url=https://bugs.openjdk.~~java.net~~org/browse/JDK-8236730 \|website=JDK Bug System (JBS) \|access-date=625 ~~January~~December ~~2022~~2024}}</ref>}}{{refn\|group=lower-alpha\|name="JSSERemoveEC"\|These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.<ref>{{cite web \|title=Release Note: Removal of Legacy Elliptic Curves ~~(Java 16)~~ \|url=https://bugs.openjdk.~~java.net~~org/browse/JDK-~~8235710~~8252601 \|website=JDK Bug System (JBS) \|access-date=625 ~~January~~December ~~2022~~2024}}</ref>}} \| {{yes\|Notes}}<ref group=lower-alpha name="JSSEDisableEC"/><ref group=lower-alpha name="JSSERemoveEC"/> \| {{yes\|Notes}}<ref group=lower-alpha name="JSSEDisableEC"/><ref group=lower-alpha name="JSSERemoveEC"/> Line 2,412 ⟶ 2,286: \| {{yes}} \| {{yes}} \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \| {{okay\|No}} \|- \| [[Schannel\|Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10]] Line 2,497 ⟶ 2,387: \|} {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,628 ⟶ 2,518: \| {{no\|Yes}} \| {{yes}} \| {{yes\|No}} \| {{yes\|No}} \|- \| [[Rustls]] \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{yes\|No}} \| {{okay\|No}} \| {{yes\|No}} \| {{yes\|No}} Line 2,699 ⟶ 2,601: == Data integrity == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,706 ⟶ 2,608: ! [[HMAC]]-[[SHA-2\|SHA256/384]] ! [[Authenticated encryption\|AEAD]] ! [[GOST 28147-89\|GOST 28147-89 IMIT]]<br/><ref name=gostlink/> ! [[GOST (hash function)\|GOST R 34.11-94]]<br/><ref name=gostlink/> \|- \| [[Botan (programming library)\|Botan]] \| {{~~yes\|~~No Y}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[BSAFE]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[cryptlib]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[GnuTLS]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Java Secure Socket Extension\|JSSE]] Line 2,746 ⟶ 2,648: \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[LibreSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{okay\|Yes}}<br/><ref name="libressl-2.1.2"/> \| {{okay\|Yes}}<br/><ref name="libressl-2.1.2"/> \|- \| [[MatrixSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Mbed TLS]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Network Security Services\|NSS]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}}<br/><ref name=mozilla_bug518787 /><ref name=mozilla_bug608725 /> \| {{~~yes\|~~No Y}}<br/><ref name=mozilla_bug518787 /><ref name=mozilla_bug608725 /> \|- \| [[OpenSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{okay\|Yes}}<br/><ref name="OpenSSL-GOST"/> \| {{okay\|Yes}}<br/><ref name="OpenSSL-GOST"/> \|- \| [[Rustls]] \| {{No Y}} \| {{No Y}} \| {{No Y}} \| {{yes}} \| {{No Y}} \| {{No Y}} \|- \| [[Schannel\|Schannel XP/2003, Vista/2008]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{partial\|XP SP3, 2003 SP2 via hotfix}}<br/><ref name="SHA2 and Windows">{{cite web\|url=https://techcommunity.microsoft.com/t5blog/~~core-infrastructure-and-security~~coreinfrastructureandsecurityblog/sha2-and-windows~~/ba-p~~/1128617\|title=SHA2 and Windows\|~~accessdate~~access-date=2024-0412-2825}}</ref> \| {{no}} \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \|- \| [[Schannel\|Schannel 7/2008R2, 8/2012, 8.1/2012R2]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{partial\|except ECDHE_RSA}}<br/><ref name="ms14-066" /><ref name="20141111msblog" /><ref name="win8.1aesgcm"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \|- \| [[Schannel\|Schannel 10]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}}<br/><ref name=schannel10pre/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \| {{~~yes\|~~No Y}}<br/><ref name="GOST-extensions-Schannel"/> \|- \| [[MacOS\|Secure Transport]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[wolfSSL]] \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \| [[Erlang (programming language)\|Erlang]]/OTP SSL application \| {{~~no\|~~Yes N}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{yes}} \| {{~~yes\|~~No Y}} \| {{~~yes\|~~No Y}} \|- \|-class="sortbottom" Line 2,849 ⟶ 2,759: == Compression == Note the [[CRIME (security exploit)\|CRIME security exploit]] takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. [[HTTP compression]] is unrelated and unaffected by this exploit, but is exploited by the related [[BREACH (security exploit)\|BREACH attack]]. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,883 ⟶ 2,793: \| [[OpenSSL]] \| {{Yes\|Disabled by default}} \|- \| [[Rustls]] \| {{yes\|No}} \|- \| [[Schannel]] Line 2,904 ⟶ 2,817: In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security {{citation needed\|date=August 2014}}. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 2,916 ⟶ 2,829: ! Keying Material Exporter<br /><ref name="sticket">{{cite IETF\|rfc=5705}}</ref> ! Maximum Fragment Length<br /><ref name=tlsexts/> ~~! Truncated [[HMAC]]<br /><ref name=tlsexts/>~~ ! [[Encrypt-then-MAC]]<br /><ref name=rfc7366/> ! TLS Fallback SCSV<br /><ref name="tlsfallbackscsv">{{cite IETF\|rfc=7507}}</ref> Line 2,933 ⟶ 2,845: \| {{yes}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{yes}} \| {{yes}}<ref name="Botan 1.11.10">{{cite web\|url=http://botan.randombit.net/relnotes/1_11_10.html\|title=Version 1.11.10, 2014-12-10 — Botan\|date=2014-12-10\|accessdate=2014-12-14}}</ref> Line 2,950 ⟶ 2,861: \| {{no}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 2,967 ⟶ 2,877: \| {{no}} \| {{no}}<ref name="cryptlib-maxfrag">Present, but disabled by default due to lack of use by any implementation.</ref> ~~\| {{okay\|No}}~~ \| {{yes}} \| {{yes}} Line 2,984 ⟶ 2,893: \| {{yes}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{yes}}<ref name="GnuTLS-3.4.0"/> \| {{yes}}<ref name="GnuTLS-3.4.4">{{cite web\|url=http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267\|title=gnutls 3.4.4\|accessdate=2015-08-25\|archive-url=https://web.archive.org/web/20170717020648/http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267\|archive-date=2017-07-17\|url-status=dead}}</ref> Line 3,001 ⟶ 2,909: \| {{no}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,018 ⟶ 2,925: \| {{yes}}? \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{partial\|Server side only}}<ref name="libressl-2.1.4">{{cite web\| title = LibreSSL 2.1.4 released\| url = https://marc.info/?l=openbsd-announce&m=142543818707898\| date = 2015-03-04\| accessdate = 2015-03-04}}</ref> Line 3,035 ⟶ 2,941: \| {{no}} \| {{yes}} ~~\| {{okay\|Yes}}~~ \| {{no}} \| {{yes}}<ref name="matrixssl_3.8.3"/> Line 3,052 ⟶ 2,957: \| {{no}} \| {{yes}} ~~\| {{okay\|Disabled by default}}<ref name="mbed-2.0"/>~~ \| {{yes}}<ref name="mbedTLS-1.3.10">{{cite web\|url=https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released\|title=mbed TLS 1.3.10 released\|date=2015-02-08\|access-date=2015-02-09\|archive-date=2015-02-09\|archive-url=https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released\|url-status=dead}}</ref> \| {{yes}}<ref name="mbedTLS-1.3.10"/> Line 3,069 ⟶ 2,973: \| {{yes}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}}<ref>{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=972145\|title=Bug 972145 - Implement the encrypt-then-MAC TLS extension \|publisher=Mozilla\|accessdate=2014-11-06}}</ref> \| {{yes}}<ref>{{cite web\|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes\|title=NSS 3.17.1 release notes\|accessdate=2014-10-17\|archive-date=2019-04-19\|archive-url=https://web.archive.org/web/20190419152214/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes\|url-status=dead}}</ref> Line 3,086 ⟶ 2,989: \| {{yes}} \| {{yes}} ~~\| {{okay\|No}}~~ \| {{yes}} \| {{yes}}<ref>{{cite web\|url=https://~~www.~~openssl-library.org/news/secadv/20141015.txt\|title=OpenSSL Security Advisory [15 Oct 2014]\|date=2014-10-15}}</ref> \| {{yes}}<ref name="openssl-1.1.0-note" /> \| {{yes}}<ref name="openssl-1.0.1g-note">{{cite web\|url=https://www.openssl.org/news/openssl-1.0.1-notes.html \|title=Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] \|date=2014-04-07 \|accessdate=2015-02-10 \|url-status=dead \|archive-url=https://web.archive.org/web/20150120120428/https://www.openssl.org/news/openssl-1.0.1-notes.html \|archive-date=2015-01-20}}</ref> \| {{yes}}<ref name="openssl3.2.0">{{cite web\|url=https://~~www.~~openssl-library.org/~~blog/blog~~post/2023/-11-06-openssl32/~~23/OpenSSL32/index.html~~\|title=OpenSSL Announces Final Release of OpenSSL 3.2.0\|date=2023-11-23\|access-date=2024-10-11}}</ref> \|- \| [[Rustls]] \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| {{no}} <ref>rustls does not implement earlier versions that would warrant protection against insecure downgrade</ref> \| {{yes}} \| {{no}} \| {{unknown}} \|- \| [[Schannel\|Schannel XP/2003]] Line 3,103 ⟶ 3,021: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,120 ⟶ 3,037: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} \| {{yes}}<ref name="MS15-121">{{cite web\|url=https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121\|title=Microsoft Security Bulletin MS15-121\|date=March 2023 \|accessdate=2024-04-28}}</ref> \| {{no}} \| {{unknown}} Line 3,137 ⟶ 3,053: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,151 ⟶ 3,066: \| {{no}} \| {{yes}} \| {{partial\|Client side only}}<ref name="Schannel_SessionTicket">{{cite web\|url=https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)\|title=What's New in TLS/SSL (Schannel SSP)\|date=31 August 2016 \|accessdate=2024-04-28}}</ref> \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,171 ⟶ 3,085: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,188 ⟶ 3,101: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{no}} Line 3,205 ⟶ 3,117: \| {{no}} \| {{yes}} ~~\| {{okay\|Yes}}~~ \| {{yes}}<ref name="wolfssl-4.2.0">{{cite web\|url=https://www.wolfssl.com/wolfssl-version-4-2-0-now-available/\|title=wolfSSL Version 4.2.0 is Now Available!\|date=22 October 2019\|accessdate=2021-08-13}}</ref> \| {{no}} \| {{yes}} \| {{no}} \| {{yes}}<ref name="wolfssl">{{cite web\|url=https://www.wolfssl.com/wolfssl-supports-raw-public-keys/\|title=wolfSSL supports Raw Public Keys\|date=August 2023 \|accessdate=2024-10-25}}</ref> ~~\| {{unknown}}~~ \|- \| Erlang/OTP SSL application Line 3,222 ⟶ 3,133: \| {{no}} \| {{no}} ~~\| {{okay\|No}}~~ \| {{no}} \| {{yes}} Line 3,240 ⟶ 3,150: ! Keying Material Exporter ! Maximum Fragment Length ~~! Truncated HMAC~~ ! Encrypt-then-MAC ! TLS Fallback SCSV Line 3,250 ⟶ 3,159: == Assisted cryptography == This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,257 ⟶ 3,166: ! [[VIA PadLock]] ! [[ARM architecture#ARMv8-A\|ARMv8-A]] ~~! [[Intel SGX]]~~ ~~! [http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html Intel QAT]~~ ! [[Intel SHA extensions\|Intel SHA]] ! [[NXP CAAM]] ! [[TPM 2.0]] ! [[NXP SE050]] ! [[Microchip ATECC]] ! [[STMicro STSAFE]] ! [[Maxim MAXQ]] \|- \| [[Botan (programming library)\|Botan]] Line 3,267 ⟶ 3,179: \| {{no}} \| {{yes}} \| \| {{no}} \| {{yes}}<ref>{{cite web \| url=https://botan.randombit.net/handbook/api_ref/tpm.html \| title=Trusted Platform Module (TPM) — Botan }}</ref> \| {{no}} \| {{no}} \| {{no}} \| \| {{no}} \|- \|- \| [[BSAFE]] SSL-J {{refn\|group=lower-alpha\|Pure Java implementations relies on [[Java virtual machine\|JVM]] processor optimization capabilities, such as [[OpenJDK]] support for [[AES-NI]]<ref>{{Cite web\|url=~~http~~https://openjdk.~~java.net~~org/jeps/164\|title=JEP 164: Leverage CPU Instructions for AES Cryptography\|website=openjdk.~~java.net~~org}}</ref>}}{{refn\|group=lower-alpha\|BSAFE SSL-J can be configured to run in native mode, using BSAFE Crypto-C Micro Edition to benefit from processor optimization.<ref>{{Cite web\|url=https://sso.rsasecurity.com/sso/SSO?SPEntityID=rsalink&redirectreason=permissiondenied&referer=https%3A%2F%2Fcommunity.rsa.com%2Ft5%2Frsa-bsafe-archived-resources%2Frsa-bsafe-ssl-j-6-2-5-release-notes%2Fta-p%2F566951\|title=RSA SecurID PASSCODE Request\|website=sso.rsasecurity.com}}</ref>}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{no}} \| {{okay\|Yes}} \| {{okay\|Yes}} \| {{no}} \| {{no}}<ref>{{cite web \| url=https://www.dell.com/support/kbdoc/en-my/000204717/comparison-of-bsafe-tls-libraries-micro-edition-suite-vs-ssl-j \| title=Comparison of BSAFE TLS libraries: Micro Edition Suite vs SSL-J \| Dell Malaysia }}</ref> \| {{no}} \| {{no}} \| {{no}} ~~\| {{okay\|Yes}}~~ \| {{no}} \|- Line 3,289 ⟶ 3,207: \| {{no}} \| ~~\| {{no}}~~ \| \| {{yes}} \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[Crypto++]] Line 3,298 ⟶ 3,219: \| \| \| ~~\| {{no}}~~ \| {{yes}} \| \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[GnuTLS]] Line 3,308 ⟶ 3,232: \| {{yes}} \| {{yes}}<ref>{{Cite web\|url=https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.html\|title=[gnutls-devel] gnutls 3.5.5\|first=Nikos\|last=Mavrogiannopoulos\|date=October 9, 2016}}</ref> ~~\| {{no}}~~ ~~\| {{no}}~~ \| {{yes}} \| \| {{no}}<ref>{{cite web \| url=https://www.gnutls.org/manual/html_node/Trusted-Platform-Module.html \| title=Trusted Platform Module (GnuTLS 3.8.4) }}</ref> \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[Java Secure Socket Extension\|JSSE]] Line 3,321 ⟶ 3,248: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- Line 3,329 ⟶ 3,259: \| {{no}} \| ~~\| {{no}}~~ \| \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[MatrixSSL]] Line 3,341 ⟶ 3,274: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- Line 3,351 ⟶ 3,287: \| {{no}} \| \| {{Partial}}<ref>{{cite web \| url=https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file \| title=NXP/Plug-and-trust \| website=[[GitHub]] }}</ref> \| {{yes}}<ref>{{cite web \| url=https://github.com/ARMmbed/mbed-os-atecc608a/ \| title=ARMmbed/Mbed-os-atecc608a \| website=[[GitHub]] }}</ref> \| {{no}} \| {{no}} \|- Line 3,361 ⟶ 3,300: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[OpenSSL]] \| {{yes}}<ref>{{cite web \| url=https://habrahabr.ru/post/134725/, \| title=Подключаем Рутокен ЭЦП к OpenSSL \| date=16 December 2011 \|lang=ru}}</ref><ref>{{cite web \| url=http://forum.rutoken.ru/topic/1639/, \| title=Поддержка Рутокен ЭЦП в OpenSSL (Страница 1) — Рутокен и Open Source — Форум Рутокен \|lang=ru}}</ref><ref>{{cite web \| url=https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184 ~~{{in~~\| title=OpenSSL ГОСТ ~~lang~~\| archive-url=https://web.archive.org/web/20180623005200/https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184 \| archive-date=2018-06-23 \| url-status=dead \| lang=ru}}</ref> \| {{yes}} \| {{yes}} \| {{yes}}<ref>{{cite web\|url=http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddacb8f27ba4c8a8d51c306c150e1a8703b008f2\|title=git.openssl.org Git - openssl.git/commitdiff\|website=git.openssl.org}}</ref> \| ~~\| {{no}}~~ \| {{yes}} \| {{Partial}} \| {{Partial}}<ref>{{cite web \| url=https://github.com/tpm2-software/tpm2-openssl \| title=Tpm2-software/Tpm2-openssl \| website=[[GitHub]] }}</ref><ref>{{cite web \| url=https://docs.openssl.org/3.0/man7/provider/ \| title=Provider - OpenSSL Documentation }}</ref> \| {{Partial}}<ref>{{cite web \| url=https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file \| title=NXP/Plug-and-trust \| website=[[GitHub]] }}</ref> \| {{no}} \| {{Partial}}<ref>{{cite web \| url=https://www.st.com/en/embedded-software/stsw-stsa110-ssl.html \| title=STSW-STSA110-SSL - STSAFE-A integration within OpenSSL security stack \| website=[[STMicroelectronics]]}}</ref> \| {{no}} \|- \| [[Rustls]] \| \| {{yes}} \| \| {{yes}} \| {{yes}} \| \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[Schannel]] Line 3,381 ⟶ 3,339: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- \| [[MacOS\|Secure Transport]] \| {{no}} \| {{Yes}}<ref>{{GitHub\|https://~~opensource.apple~~github.com/~~source~~apple-oss-distributions/Security/blob/Security-55179.13/sec/Security/SecECKey.c}}</ref><ref>{{cite web \|url=http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT5396/Crypto_Officer_Role_Guide_for_FIPS_140-2_Compliance_OS_X_Mountain_Lion_v10.8.pdf \|title=Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8 \|publisher=Apple Inc. \|date=2013}}</ref> \| {{no}} \| {{Yes}} Line 3,391 ⟶ 3,352: \| {{no}} \| \| {{no}} \| {{no}} \| {{no}} \| {{no}} \|- Line 3,398 ⟶ 3,362: \| {{no}} \| {{yes}} ~~\| {{yes}}~~ \| {{yes}}<ref>{{cite web\|url=https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html\|title=wolfSSL Asynchronous Intel QuickAssist Support - wolfSSL\|date=18 January 2017\|publisher=}}</ref> \| \| {{yes}}<ref>{{cite web\|url=https://community.nxp.com/t5/i-MX-Processors/CAAM-support-in-wolfSSL/m-p/1013736\|title=CAAM support in wolfSSL \|date=10 March 2020\|publisher=}}</ref> \| {{yes}}<ref>{{cite web\|url=https://www.wolfssl.com/products/wolftpm/\|title=wolfTPM Portable TPM 2.0 Library}}</ref><ref>{{cite web\|url=https://www.wolfssl.com/announcing-wolfssl-tpm-support-for-the-espressif-esp32/\|title=Announcing wolfSSL TPM support for the Espressif ESP32\|date=20 June 2024\|publisher=}}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/wolfssl-ssl-tls-support-for-nxp-se050/ \| title=WolfSSL SSL/TLS Support for NXP SE050 – wolfSSL \| date=22 February 2024 }}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/blog-wolfssl-support-atecc608-crypto-coprocessor/ \| title=WolfSSL support for the ATECC608 Crypto Coprocessor – wolfSSL \| date=13 October 2021 }}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/wolfssl-support-stsafe-a100-crypto-coprocessor/ \| title=WolfSSL support for STSAFE-A100 crypto coprocessor – wolfSSL \| date=20 September 2018 }}</ref> \| {{yes}}<ref>{{cite web \| url=https://www.wolfssl.com/support-maxq1065-wolfssl/ \| title=Support for MAXQ1065 in wolfSSL – wolfSSL \| date=29 November 2022 }}</ref> \|- \|-class="sortbottom" Line 3,409 ⟶ 3,376: ! VIA PadLock ! ARMv8-A ~~! Intel SGX~~ ~~! Intel QAT~~ ! Intel SHA ! NXP CAAM ! TPM 2.0 ! NXP SE050 ! Microchip ATECC ! STMicro STSAFE ! Maxim MAXQ \|} Line 3,419 ⟶ 3,389: == System-specific backends == This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation. {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation ! ~~[http://cryptodev-linux.org/~~ /dev/crypto] ! af_alg ~~! [http://www.chronox.de/crypto-API/crypto/userspace-if.html af_alg]~~ ! [[Cryptographic Service Provider\|Windows CSP]] ! CommonCrypto ~~! [https://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html CommonCrypto]~~ ! [[OpenSSL\|OpenSSL engine]] \|- Line 3,443 ⟶ 3,413: \|- \| [[cryptlib]] \| {{noyes}} \| {{no}} \| {{no}} Line 3,497 ⟶ 3,467: \| {{no}} \| {{yes}} \|- \| [[Rustls]] \| {{no}} \| {{yes}} <ref>{{cite web\|title=ktls integration for rustls\|website=[[GitHub]] \|accessdate=2024-08-29\|url=https://github.com/rustls/ktls}}</ref> \| {{no}} \| {{no}} \| {{no}} \|- \| [[Schannel]] Line 3,536 ⟶ 3,513: == Cryptographic module/token support == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,554 ⟶ 3,531: \|- \| [[cryptlib]] \| {{noyes}} \| {{yes\|[[PKCS 11\|PKCS #11]]}} \| User-defined label Line 3,592 ⟶ 3,569: \| {{partial\|[[PKCS 11\|PKCS #11]] (via 3rd party module)}}<ref name=libp11>{{cite web\|url=https://github.com/OpenSC/libp11\|title=libp11: PKCS#11 wrapper library\|date=19 January 2018\|publisher=\|via=GitHub}}</ref> \| RFC 7512 PKCS #11 URLs<ref name=pkcs11urls/> \|- \| [[Rustls]] \| {{no}} \| {{yes\|[[Microsoft CryptoAPI]]}} <ref>{{cite web\|url=https://github.com/rustls/rustls-cng\|title=Windows CNG bridge for rustls\|website=[[GitHub]] \|accessdate=2024-08-29}}</ref> \| Custom method \|- \| [[Schannel]] Line 3,616 ⟶ 3,598: == Code dependencies == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,649 ⟶ 3,631: \| libc<br />libnspr4<br />libsoftokn3<br />libplc4<br />libplds4 \| zlib (compression) \|- \| [[Rustls]] \| rust {{mono\|core}} library \| rust {{mono\|std}} library<br />zlib-rs (compression)<br />brotli (compression)<br />''ring'' (cryptography)<br />aws-lc-rs (cryptography)<br /> \|- \| [[OpenSSL]] Line 3,669 ⟶ 3,655: == Development environment == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,699 ⟶ 3,685: com.rsa.ssl{{cref2\|group=dev_env_footnotes\|e}}<br /> com.rsa.jsse{{cref2\|group=dev_env_footnotes\|f}} \| [[Java ~~Classloader\|Java~~class ~~classloader~~loader]] \| Javadoc, Developer's guide (HTML) \| Included Line 3,769 ⟶ 3,755: \| Included (monolithic) \| {{N/a}} \|- \| [[Rustls]] \| {{code\|rustls::}} \| cargo \| [https://docs.rs/rustls/0.23.12/rustls/ API reference] and [https://docs.rs/rustls/0.23.12/rustls/manual/ design manual] \| Two options included (pluggable) \| {{yes}}<ref>{{cite web\|url=https://github.com/rustls/rustls-openssl-compat/\|title=rustls-openssl compatibility layer\|website=[[GitHub]] \|accessdate=2024-08-29}}</ref> (subset) \|- \| [[wolfSSL]] Line 3,797 ⟶ 3,790: == Portability concerns == {\| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller" \|- ! Implementation Line 3,879 ⟶ 3,872: \| {{no}} \| AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, macOS, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation \|- \| [[Rustls]] \| [[Rust (programming language)]] \| None \| {{yes\|Thread-safe}} \| Platform dependent \| {{yes}} \| {{yes}} \| All supported by [[Rust (programming language)]] \|- \| [[OpenSSL]]