Content deleted Content added
Guy Harris (talk | contribs) Use the Wayback Machine for a link that now requires a login. Mark all three references as being in Russian. |
Davidghook (talk | contribs) |
||
| (13 intermediate revisions by 6 users not shown) | |||
Line 2:
{{About|TLS libraries comparison|cryptographic libraries comparison|Comparison of cryptography libraries}}
{{redirect|Secure Transport|the transportation of valuables|Armored car (valuables)}}
The [[Transport Layer Security]] (TLS) protocol provides the ability to secure communications across or inside networks. This '''comparison of TLS implementations''' compares several of the most notable [[software library|libraries]]. There are several TLS implementations which are [[free software]] and [[Open-source software|open source]].
Line 8:
== Overview ==
{{sort-under}}
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 168 ⟶ 169:
| wolfSSL<ref name="wolfsslproduct">{{cite web | url=https://www.wolfssl.com/wolfSSL/Products-wolfssl.html | title=wolfSSL product description | accessdate=2016-05-03}}</ref>
| {{yes}}
| {{free|[[GNU General Public License#Version
| wolfSSL Inc.<ref name="wolfsslcompany">{{cite web | url=https://www.wolfssl.com | title=wolfSSL Embedded SSL/TLS | accessdate=2016-05-03}}</ref>
| [[C (programming language)|C]], [[Assembly language|assembly]]
Line 208 ⟶ 209:
Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2.
{| class="wikitable sortable sort-under mw-collapsible" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 219 ⟶ 220:
! [[Datagram Transport Layer Security|DTLS 1.0]] (deprecated)<ref name="auto3">{{cite IETF|rfc=4347}}</ref>
! [[Datagram Transport Layer Security|DTLS 1.2]]<ref name="RFC 6347" />
! [[Datagram Transport Layer Security|DTLS 1.3]]
|-
| [[Botan (programming library)|Botan]]
Line 229 ⟶ 231:
| {{yes|No}}
| {{yes}}
| {{no}}
|-
| [[BoringSSL]]
Line 239 ⟶ 242:
| {{okay|Yes}}
| {{yes}}
| {{no}}
|-
|[[Bouncy Castle (cryptography)|Bouncy Castle]]
Line 246 ⟶ 250:
| {{okay|Yes}}
| {{yes}}
| {{Yes}}
| {{okay|Yes}}
| {{yes}}
| {{no}}
|-
| [[BSAFE]] SSL-J<ref name="RSABSAFETECH">{{cite web| title = RSA BSAFE Technical Specification Comparison Tables| url = http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf| access-date = 2015-01-09| archive-url = https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf| archive-date = 2015-09-24| url-status = dead}}</ref>
Line 258 ⟶ 263:
| {{yes}}
| {{yes|No}}
| {{no}}
| {{no}}
|-
| [[cryptlib]]
| {{yes|No}}
| {{yes|
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{yes}}
| {{yes|No}}
| {{no}}
| {{no}}
|-
Line 279 ⟶ 286:
| {{okay|Yes}}
| {{yes}}
| {{no}}
|-
| [[Java Secure Socket Extension|JSSE]]
Line 289 ⟶ 297:
| {{okay|Yes}}
| {{yes}}
| {{no}}
|-
| [[LibreSSL]]
Line 299 ⟶ 308:
| {{okay|Yes}}
| {{yes}}<ref name="libressl-3.3.3">{{cite web| title = LibreSSL 3.3.3 Released| url = https://marc.info/?l=openbsd-announce&m=162009196519308| date = 2021-05-04| accessdate = 2021-05-04}}</ref>
| {{no}}
|-
| [[MatrixSSL]]
Line 309 ⟶ 319:
| {{okay|Yes}}
| {{yes}}
| {{no}}
|-
| [[Mbed TLS]]
Line 319 ⟶ 330:
| {{okay|Yes}}<ref name="mbed-2.0">{{cite web | title = mbed TLS 2.0.0 released | url = https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released | date = 2015-07-10 | accessdate = 2015-07-14}}</ref>
| {{yes}}<ref name="mbed-2.0"/>
| {{no}}
|-
| [[Network Security Services|NSS]]
Line 329 ⟶ 341:
| {{okay|Yes}}<ref name="NSS-3.14"/>
| {{yes}}<ref name="NSS-3.16.2">{{cite web| url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes| title=NSS 3.16.2 release notes| date=2014-06-30| work=Mozilla Developer Network| publisher=Mozilla| accessdate=2014-06-30| archive-date=2021-12-07| archive-url=https://web.archive.org/web/20211207015257/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes| url-status=dead}}</ref>
| {{no}}
|-
| [[OpenSSL]]
Line 339 ⟶ 352:
| {{okay|Yes}}
| {{yes}}<ref name="openssl-1.0.2-note">{{cite web|url=https://www.openssl.org/news/openssl-1.0.2-notes.html |title=Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] |accessdate=2015-01-22 |url-status=dead |archiveurl=https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html |archivedate=September 4, 2014 }}</ref>
| {{no}}
|-
| [[Rustls]]
Line 348 ⟶ 362:
| {{yes}}<ref name="rustls-features"/>
| {{yes|No}}
| {{no}}
| {{no}}
|-
Line 359 ⟶ 374:
| {{yes}}
| {{yes|No}}
| {{no}}
| {{no}}
|-
Line 369 ⟶ 385:
| {{No}}
| {{yes|No}}
| {{no}}
| {{no}}
|-
Line 379 ⟶ 396:
| {{No}}
| {{yes|No}}
| {{no}}
| {{no}}
|-
Line 390 ⟶ 408:
| {{No}}
| {{yes|No}}
| {{no}}
| {{no}}
|-
Line 401 ⟶ 420:
| {{okay|Yes}}<ref name=MS2574819>{{cite web|title=An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1|url=http://support.microsoft.com/kb/2574819/en-us|publisher=Microsoft|accessdate=13 November 2012}}</ref>
| {{no}}<ref name=MS2574819 />
| {{no}}
|-
| [[Schannel]] 8, 2012<ref name="Windows7schannel" />
Line 410 ⟶ 430:
| {{No}}
| {{okay|Yes}}
| {{no}}
| {{no}}
|-
Line 420 ⟶ 441:
| {{No}}
| {{okay|Yes}}
| {{no}}
| {{no}}
|-
Line 431 ⟶ 453:
| {{okay|Yes}}
| {{yes}}
| {{no}}
|-
| [[Schannel]] 11 / 2022<ref>{{cite web |title=Protocols in TLS/SSL (Schannel SSP) |date=25 May 2022 |url=https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp- |access-date=6 November 2022}}</ref>
Line 441 ⟶ 464:
| {{okay|Yes}}
| {{yes}}
| {{no}}
|-
|[[MacOS|Secure Transport]]
Line 451 ⟶ 475:
|
| {{yes|No}}
| {{no}}
| {{no}}
|-
Line 461 ⟶ 486:
|
| {{okay|Yes}}<ref group=lower-alpha name="secure-transport-osx" />
| {{no}}
| {{no}}
|-
Line 472 ⟶ 498:
| {{okay|Yes}}
| {{Unknown}}
| {{no}}
|-
| Secure Transport OS X 10.13, iOS 11
Line 482 ⟶ 509:
| {{okay|Yes}}
| {{Unknown}}
| {{no}}
|-
| [[wolfSSL]]
Line 491 ⟶ 519:
| {{yes}}
| {{okay|Yes}}
| {{yes}}
| {{yes}}
|-
Line 503 ⟶ 532:
| {{yes|Disabled by default}} <ref group=lower-alpha name="otp-22" />
| {{yes}}
| {{no}}
|-
|- class="sortbottom"
Line 514 ⟶ 544:
! [[Datagram Transport Layer Security|DTLS 1.0]] (deprecated)<ref name="auto3" />
! [[Datagram Transport Layer Security|DTLS 1.2]]<ref name="RFC 6347" />
! [[Datagram Transport Layer Security|DTLS 1.3]]
|}
{{Reflist|group=lower-alpha|refs=
Line 533 ⟶ 564:
Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the [[United States security clearance#Secret|Secret]] level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of [[United States security clearance#Top Secret|Top Secret]] information.
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 594 ⟶ 625:
Note that certain certifications have received serious negative criticism from people who are actually involved in them.<ref>{{Cite web|url=http://index.html/|archiveurl=https://web.archive.org/web/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/|url-status=dead|title=Speeds and Feeds › Secure or Compliant, Pick One|archivedate=December 27, 2013}}</ref>
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! rowspan="2"|Implementation
Line 610 ⟶ 641:
|-
|[[Bouncy Castle (cryptography)|Bouncy Castle]]
|{{yes|BC-FJA
|
|
Line 617 ⟶ 648:
| {{yes|Crypto-J 6.0 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1785 1785], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1786 1786])<br />Crypto-J 6.1 / 6.1.1.0.1 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2057 2057], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2058 2058])<br />Crypto-J 6.2 / 6.2.1.1 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2468 2468], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2469 2469])<br />Crypto-J 6.2.4 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3172 3172], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3184 3184])<br />Crypto-J 6.2.5 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3819 #3819], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3820 #3820])<br />Crypto-J 6.3 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4696 #4696], [https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4697 #4697])}}
|
|{{yes|Crypto-J 7.0 ([https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4892 4892])}}
|-
| [[cryptlib]]<ref>{{cite web|url=http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8|archive-url=https://web.archive.org/web/20131011085917/http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8|url-status=dead|archive-date=11 October 2013|title=cryptlib|date=11 October 2013}}</ref>
Line 692 ⟶ 723:
== Key exchange algorithms (certificate-only) ==
This section lists the certificate verification functionality available in the various implementations.
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 732 ⟶ 763:
| {{yes}}
| {{okay|Yes}}
| {{yes
| {{yes}}
| {{yes|No}}
| {{
| {{yes|No}}
|-
Line 951 ⟶ 982:
== Key exchange algorithms (alternative key-exchanges) ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 997 ⟶ 1,028:
| {{yes}}
| {{no}}
| {{
| {{Yes|No}}
| {{Yes|No}}
Line 1,161 ⟶ 1,192:
== Certificate verification methods ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 1,319 ⟶ 1,350:
== Encryption algorithms ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! rowspan="2"|Implementation !! colspan="10"|[[Block cipher]] with [[Block cipher mode of operation|mode of operation]] !! [[Stream cipher]] !! None
Line 1,639 ⟶ 1,670:
=== Obsolete algorithms ===
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! rowspan="2"|Implementation !! colspan="4"|[[Block cipher]] with [[Block cipher mode of operation|mode of operation]] !! colspan="2"|[[Stream cipher]]
Line 1,871 ⟶ 1,902:
=== Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier) ===
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! applicable TLS version
Line 2,078 ⟶ 2,109:
=== Deprecated curves in RFC 8422 ===
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 2,356 ⟶ 2,387:
|}
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 2,570 ⟶ 2,601:
== Data integrity ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 2,577 ⟶ 2,608:
! [[HMAC]]-[[SHA-2|SHA256/384]]
! [[Authenticated encryption|AEAD]]
! [[GOST 28147-89|GOST 28147-89 IMIT]]<br/><ref name=gostlink/>
! [[GOST (hash function)|GOST R 34.11-94]]<br/><ref name=gostlink/>
|-
| [[Botan (programming library)|Botan]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[BSAFE]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[cryptlib]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[GnuTLS]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[Java Secure Socket Extension|JSSE]]
Line 2,617 ⟶ 2,648:
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[LibreSSL]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{okay|Yes}}<br/><ref name="libressl-2.1.2"/>
| {{okay|Yes}}<br/><ref name="libressl-2.1.2"/>
|-
| [[MatrixSSL]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[Mbed TLS]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[Network Security Services|NSS]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[OpenSSL]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{okay|Yes}}<br/><ref name="OpenSSL-GOST"/>
| {{okay|Yes}}<br/><ref name="OpenSSL-GOST"/>
|-
| [[Rustls]]
| {{
| {{
| {{
| {{yes}}
| {{
| {{
|-
| [[Schannel|Schannel XP/2003, Vista/2008]]
| {{
| {{okay|Yes}}
| {{partial|XP SP3, 2003 SP2 via hotfix}}<br/><ref name="SHA2 and Windows">{{cite web|url=https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/sha2-and-windows/1128617|title=SHA2 and Windows|access-date=2024-12-25}}</ref>
| {{no}}
| {{
| {{
|-
| [[Schannel|Schannel 7/2008R2, 8/2012, 8.1/2012R2]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{partial|except ECDHE_RSA}}<br/><ref name="ms14-066" /><ref name="20141111msblog" /><ref name="win8.1aesgcm"/>
| {{
| {{
|-
| [[Schannel|Schannel 10]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}<br/><ref name=schannel10pre/>
| {{
| {{
|-
| [[MacOS|Secure Transport]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[wolfSSL]]
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
| [[Erlang (programming language)|Erlang]]/OTP SSL application
| {{
| {{okay|Yes}}
| {{okay|Yes}}
| {{yes}}
| {{
| {{
|-
|-class="sortbottom"
Line 2,728 ⟶ 2,759:
== Compression ==
Note the [[CRIME (security exploit)|CRIME security exploit]] takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. [[HTTP compression]] is unrelated and unaffected by this exploit, but is exploited by the related [[BREACH (security exploit)|BREACH attack]].
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 2,786 ⟶ 2,817:
In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security {{citation needed|date=August 2014}}. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 3,128 ⟶ 3,159:
== Assisted cryptography ==
This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 3,177 ⟶ 3,208:
|
|
| {{yes}}
| {{no}}
| {{no}}
Line 3,358 ⟶ 3,389:
== System-specific backends ==
This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 3,382 ⟶ 3,413:
|-
| [[cryptlib]]
| {{
| {{no}}
| {{no}}
Line 3,482 ⟶ 3,513:
== Cryptographic module/token support ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 3,500 ⟶ 3,531:
|-
| [[cryptlib]]
| {{
| {{yes|[[PKCS 11|PKCS #11]]}}
| User-defined label
Line 3,567 ⟶ 3,598:
== Code dependencies ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 3,624 ⟶ 3,655:
== Development environment ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
Line 3,759 ⟶ 3,790:
== Portability concerns ==
{| class="wikitable sortable sort-under" style="text-align: left; font-size: smaller"
|-
! Implementation
| |||