Article · Wikipedia archive · Last revised May 30, 2026

Comparison of TLS implementations

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

Last revised
May 30, 2026
Read time
≈ 40 min
Length
9,211 w
Citations
594
Source
Wikipedia ↗

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.

Overview

Implementation Developed by Open source Software license Copyright holder Written in Latest stable version, release date Origin
Botan Jack Lloyd Yes Simplified BSD License Jack Lloyd C++ 3.11.0 (March 15, 2026 (2026-03-15)1) [±] US (Vermont)
BoringSSL Google Yes OpenSSL-SSLeay dual-license, ISC license Eric Young, Tim Hudson, Sun, OpenSSL project, Google, and others C, C++, Go, assembly No stable releases2 Australia/EU
Bouncy Castle The Legion of the Bouncy Castle Inc. Yes MIT License Legion of the Bouncy Castle Inc. Java, C#
Java1.83 / November 27, 2025 (2025-11-27)3
Java LTSBC-LJA 2.73.9 / September 19, 2025 (2025-09-19)4
Java FIPSBC-FJA 2.0.0 / July 30, 2024 (2024-07-30)5
C#2.6.2 / July 15, 2025 (2025-07-15)6
C# FIPSBC-FNA 1.0.2 / March 11, 2024 (2024-03-11)7
 Australia
BSAFE Dell, formerly RSA Security No Proprietary Dell Java, C, assembly SSL-J 7.4 (December 2, 2025 (2025-12-02)8) [±]

Micro Edition Suite 5.0.3 (December 3, 2024 (2024-12-03)9) [±]

Australia
cryptlib Peter Gutmann Yes Sleepycat License and commercial license Peter Gutmann C 3.4.8 (April 30, 2025 (2025-04-30)10) [±] NZ
GnuTLS GnuTLS project Yes LGPL-2.1-or-later Free Software Foundation C 3.8.1311 Edit this on Wikidata 2026-04-29 EU (Greece and Sweden)
Java Secure Socket Extension (JSSE) Oracle Yes GNU GPLv2 and commercial license Oracle Java

26.0.1 (April 21, 2026 (2026-04-21)12) [±]
25.0.3 LTS (April 21, 2026 (2026-04-21)12) [±]
21.0.11 LTS (April 21, 2026 (2026-04-21)12) [±]
17.0.19 LTS (April 21, 2026 (2026-04-21)12) [±]
11.0.31 LTS (April 21, 2026 (2026-04-21)12) [±]
8u491 LTS (April 21, 2026 (2026-04-21)12) [±]

US
LibreSSL OpenBSD Project Yes Apache-1.0, BSD-4-Clause, ISC, and public domain Eric Young, Tim Hudson, Sun, OpenSSL project, OpenBSD Project, and others C, assembly 4.2.113 Edit this on Wikidata 2025-10-31 Canada
MatrixSSL14 PeerSec Networks Yes GNU GPLv2+ and commercial license PeerSec Networks C 4.2.2 (September 11, 2019 (2019-09-11) 15) [±] US
Mbed TLS (previously PolarSSL) Arm Yes Apache License 2.0, GNU GPLv2+ and commercial license Arm Holdings C 4.1.016Edit this on Wikidata (31 March 2026 (31 March 2026)) [±] EU (Netherlands)
Network Security Services (NSS) Mozilla, AOL, Red Hat, Sun, Oracle, Google and others Yes MPL 2.0 NSS contributors C, assembly
Standard3.84 / October 12, 2022 (2022-10-12)17
Extended Support Release3.79.1 / August 18, 2022 (2022-08-18)17
 US
OpenSSL OpenSSL project Yes Apache-2.0a Eric Young, Tim Hudson, Sun, OpenSSL project, and others C, assembly 4.0.018 Edit this on Wikidata 2026-04-14 Australia/EU
Rustls Joe Birr-Pixton, Dirkjan Ochtman, Daniel McCarney, Josh Aas, and open source contributors Yes Apache-2.0, MIT License and ISC Open source contributors Rust v0.23.31 (July 29, 2025 (2025-07-29)19) [±] United Kingdom
s2n Amazon Yes Apache License 2.0, GNU GPLv2+ and commercial license Amazon.com, Inc. C Continuous US
Schannel Microsoft No Proprietary Microsoft Corporation Windows 11, 2021-10-05 US
Secure Transport Apple Inc. Yes APSL 2.0 Apple Inc. 57337.20.44 (OS X 10.11.2), 2015-12-08 US
wolfSSL (previously CyaSSL) wolfSSL20 Yes GNU GPLv3+ and commercial license wolfSSL Inc.21 C, assembly 5.9.1 (April 8, 2026 (2026-04-08)22) [±] US
Erlang/OTP SSL application Ericsson Yes Apache License 2.0 Ericsson Erlang OTP-21, 2018-06-19 Sweden
Implementation Developed by Open source Software license Copyright owner Written in Latest stable version, release date Origin
  1. Apache-2.0 for OpenSSL 3.0 and later releases. OpenSSL-SSLeay dual-license for any release before OpenSSL 3.0.

TLS/SSL protocol version support

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated23 protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.24 TLS 1.1 (2006) fixed only one of the problems, by switching to random initialization vectors (IV) for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC 7366.25 A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011.26 In 2014, the POODLE vulnerability of SSL 3.0 was discovered, which takes advantage of the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.27

TLS 1.2 (2008) introduced a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).28

Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012.29

TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2.

Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2.

Implementation SSL 2.0 (insecure)30 SSL 3.0 (insecure)31 TLS 1.0 (deprecated)32 TLS 1.1 (deprecated)33 TLS 1.234 TLS 1.3 DTLS 1.0 (deprecated)35 DTLS 1.229 DTLS 1.3
Botan No No36 No No Yes Yes No Yes No
BoringSSL Yes Yes Yes Yes Yes Yes No
Bouncy Castle No No Yes Yes Yes Yes Yes Yes No
BSAFE SSL-J37 No Disabled by default Noa Noa Yes Yes No No No
cryptlib No No Yes Yes Yes Yes No No No
GnuTLS Nob Disabled by default38 Yes Yes Yes Yes39 Yes Yes No
JSSE Nob Disabled by default40 Disabled by default41 Disabled by default41 Yes Yes Yes Yes No
LibreSSL No42 No43 Yes Yes Yes Yes Yes Yes44 No
MatrixSSL No Disabled by default at compile time45 Yes Yes Yes Yes Yes Yes No
Mbed TLS No No46 No46 No46 Yes Yes
(experimental) 		Yes47 Yes47 No
NSS Noc Disabled by default48 Yes Yes49 Yes50 Yes51 Yes49 Yes52 No
OpenSSL No53 Disabled by default Yes Yes54 Yes54 Yes Yes Yes55 No
Rustls No56 No56 No56 No56 Yes56 Yes56 No No No
s2n57 No Disabled by default Yes Yes Yes Yes No No No
Schannel XP, 200358 Disabled by default in MSIE 7 Enabled by default Enabled by default in MSIE 7 No No No No No No
Schannel Vista59 Disabled by default Enabled by default Yes No No No No No No
Schannel 200859 Disabled by default Enabled by default Yes Disabled by default (KB4019276) Disabled by default (KB4019276) No No No No
Schannel 7, 2008R260 Disabled by default Disabled by default in MSIE 11 Yes Enabled by default in MSIE 11 Enabled by default in MSIE 11 No Yes61 No61 No
Schannel 8, 201260 Disabled by default Enabled by default Yes Disabled by default Disabled by default No Yes No No
Schannel 8.1, 2012R2, 10 RTM & v151160 Disabled by default Disabled by default in MSIE 11 Yes Yes Yes No Yes No No
Schannel 10 v1607 / 201662 No Disabled by default Yes Yes Yes No Yes Yes No
Schannel 11 / 202263 No Disabled by default Yes Yes Yes Yes Yes Yes No
Secure Transport

OS X 10.2–10.7, iOS 1–4

Yes Yes Yes No No No No No
Secure Transport OS X 10.8–10.10, iOS 5–8 Nod Yes Yes Yesd Yesd Yesd No No
Secure Transport OS X 10.11, iOS 9 No Nod Yes Yes Yes Yes Unknown No
Secure Transport OS X 10.13, iOS 11 No Nod Yes Yes Yes Yes
(draft version)64 		Yes Unknown No
wolfSSL No Disabled by default65 Disabled by default66 Yes Yes Yes Yes Yes Yes
Erlang/OTP SSL application67 No e No f Disabled by default e Disabled by default e Yes Partially g Disabled by default e Yes No
Implementation SSL 2.0 (insecure)30 SSL 3.0 (insecure)31 TLS 1.0 (deprecated)32 TLS 1.1 (deprecated)33 TLS 1.234 TLS 1.3 DTLS 1.0 (deprecated)35 DTLS 1.229 DTLS 1.3
  1. As of SSL-J 7.0, support for TLS 1.0 and 1.1 has been removed
  2. SSL 2.0 client hello is supported for backward compatibility reasons even though SSL 2.0 is not supported.
  3. Server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages."NSS 3.24 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2016-08-26. Retrieved 2016-06-19.
  4. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
  5. Since OTP 22
  6. Since OTP 23
  7. "Erlang OTP SSL application TLS 1.3 compliance table".

NSA Suite B Cryptography

Required components for NSA Suite B Cryptography (RFC 6460) are:

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

Implementation TLS 1.2 Suite B
Botan Yes
Bouncy Castle Yes
BSAFE Yes37
cryptlib Yes
GnuTLS Yes
JSSE Yes68
LibreSSL Yes
MatrixSSL Yes
Mbed TLS Yes
NSS No69
OpenSSL Yes55
Rustls Yes56
S2n
Schannel Yes70
Secure Transport No
wolfSSL Yes
Implementation TLS 1.2 Suite B

Certifications

Note that certain certifications have received serious negative criticism from people who are actually involved in them.71

Implementation FIPS 140-1, FIPS 140-272 FIPS 140-3
Level 1 Level 2 Level 1
Botan73
Bouncy Castle BC-FJA 2.0.0 (#4743)
BC-FJA 2.1.0 (#4943)
BC-FNA 1.0.2 (#4416
BSAFE SSL-J74 Crypto-J 6.0 (1785, 1786)
Crypto-J 6.1 / 6.1.1.0.1 (2057, 2058)
Crypto-J 6.2 / 6.2.1.1 (2468, 2469)
Crypto-J 6.2.4 (3172, 3184)
Crypto-J 6.2.5 (#3819, #3820)
Crypto-J 6.3 (#4696, #4697) 		Crypto-J 7.0 (4892)
cryptlib75
GnuTLS76 Red Hat Enterprise Linux GnuTLS Cryptographic Module (#2780)
JSSE
LibreSSL42 no support
MatrixSSL77 SafeZone FIPS Cryptographic Module: 1.1 (#2389)
Mbed TLS78
NSS79 Network Security Services: 3.2.2 (#247)
Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837) 		Netscape Security Module: 1 (#7notes 1), 1.01 (#47notes 2)
Network Security Services: 3.2.2 (#248notes 3)
Network Security Services Cryptographic Module: 3.11.4 (#814notes 4), 3.12.4 (#1279, #1280notes 5)
OpenSSL80 OpenSSL FIPS Object Module: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051)
2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)
Rustls aws-lc FIPS module81 (#4759)
Schannel82 Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8
See details on Microsoft FIPS 140 Validated Cryptographic Modules
Secure Transport Apple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701)
Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016)
Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7, #2020, #2021)
wolfSSL83 wolfCrypt FIPS Module: 4.0 (#3389)
See details on NIST certificate for validated Operating Environments
wolfCrypt FIPS Module: 3.6.0 (#2425)
See details on NIST certificate for validated Operating Environments 		wolfCrypt FIPS Module (#4178)
See details on NIST certificate
Implementation Level 1 Level 2 Level 1
FIPS 140-1, FIPS 140-2 FIPS 140-3
  1. with Sun SPARC 5 w/ Sun Solaris v 2.4SE (ITSEC-rated)
  2. with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated)
  3. with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1
  4. with these platforms; Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU, Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU
  5. with these platforms; Red Hat Enterprise Linux v5 running on an IBM System x3550, Red Hat Enterprise Linux v5 running on an HP ProLiant DL145, Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation, Sun Solaris 10 5/08 running on a Sun W2100z workstation

Key exchange algorithms (certificate-only)

This section lists the certificate verification functionality available in the various implementations.

Implementation RSA34 RSA-EXPORT (insecure)34 DHE-RSA (forward secrecy)34 DHE-DSS (forward secrecy)34 ECDH-ECDSA84 ECDHE-ECDSA (forward secrecy)84 ECDH-RSA84 ECDHE-RSA (forward secrecy)84 GOST R 34.10-94, 34.10-200185
Botan Disabled by default No Yes Disabled by default No Yes No Yes No
BSAFE Yes No Yes Yes Yes Yes Yes Yes No
cryptlib Yes No Yes Yes Yes Yes No Yes No
GnuTLS Yes No Yes Disabled by default38 No Yes No Yes No
JSSE Yes Disabled by default Yes Yes Yes Yes Yes Yes No
LibreSSL Yes No42 Yes Yes No Yes No Yes Yes86
MatrixSSL Yes No Yes No Yes Yes Yes Yes No
Mbed TLS Yes No Yes No Yes Yes Yes Yes No
NSS Yes Disabled by default Yes87 Yes Yes Yes Yes Yes No8889
OpenSSL Yes No53 Yes Disabled by default53 No Yes No Yes Yes90
Rustls No No No No No Yes56 No Yes56 No
Schannel XP/2003 Yes Yes No XP: Max 1024 bits
2003: 1024 bits only 		No No No No No91
Schannel Vista/2008 Yes Disabled by default No 1024 bits by default92 No Yes No except AES_GCM No91
Schannel 8/2012 Yes Disabled by default AES_GCM only939495 1024 bits by default92 No Yes No except AES_GCM No91
Schannel 7/2008R2, 8.1/2012R2 Yes Disabled by default Yes 2048 bits by default92 No Yes No except AES_GCM No91
Schannel 10 Yes Disabled by default Yes 2048 bits by default92 No Yes No Yes No91
Secure Transport OS X 10.6 Yes Yes except AES_GCM Yes Yes except AES_GCM yes except AES_GCM No
Secure Transport OS X 10.8-10.10 Yes No except AES_GCM No Yes except AES_GCM Yes except AES_GCM No
Secure Transport OS X 10.11 Yes No Yes No No Yes No Yes No
wolfSSL Yes No Yes No Yes Yes Yes Yes No
Erlang/OTP SSL application Yes No Yes Yes Yes Yes Yes Yes No
Implementation RSA34 RSA-EXPORT (insecure)34 DHE-RSA (forward secrecy)34 DHE-DSS (forward secrecy)34 ECDH-ECDSA84 ECDHE-ECDSA (forward secrecy)84 ECDH-RSA84 ECDHE-RSA (forward secrecy)84 GOST R 34.10-94, 34.10-200185

Key exchange algorithms (alternative key-exchanges)

Implementation SRP96 SRP-DSS96 SRP-RSA96 PSK-RSA97 PSK97 DHE-PSK (forward secrecy)97 ECDHE-PSK (forward secrecy)98 KRB599 DH-ANON34 (insecure) ECDH-ANON84 (insecure)
Botan No No No No Yes No Yes No No No
BSAFE SSL-J No No No No Yes100 No No No Disabled by default Disabled by default
cryptlib No No No No Yes Yes No No No No
GnuTLS Yes Yes Yes Yes Yes Yes Yes No Disabled by default Disabled by default
JSSE No No No No No No No No Disabled by default Disabled by default
LibreSSL No101 No101 No101 No No No No No Yes Yes
MatrixSSL No No No Yes Yes Yes No No Disabled by default No
Mbed TLS No No No Yes Yes Yes Yes No No No
NSS No102 No102 No102 No103 No103 No103 No103 No Client side only, disabled by default104 Disabled by default105
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes106 Disabled by default107 Disabled by default107
Rustls No No No No No No No No No No
Schannel No No No No No No No Yes No No
Secure Transport No No No No No No No Unknown Yes Yes
wolfSSL Yes Yes Yes Yes Yes Yes Yes108 Yes No No
Erlang/OTP SSL application Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default No No Disabled by default Disabled by default
Implementation SRP96 SRP-DSS96 SRP-RSA96 PSK-RSA97 PSK97 DHE-PSK (forward secrecy)97 ECDHE-PSK (forward secrecy)98 KRB599 DH-ANON34 (insecure) ECDH-ANON84 (insecure)

Certificate verification methods

Implementation Application-defined PKIX path validation109 CRL110 OCSP111 DANE (DNSSEC)112113 CT114
Botan Yes Yes Yes Yes No Unknown
Bouncy Castle Yes Yes Yes Yes Yes Unknown
BSAFE Yes Yes Yes Yes No Unknown
cryptlib Yes Yes Yes Yes No Unknown
GnuTLS Yes Yes Yes Yes Yes Unknown
JSSE Yes Yes Yes Yes No No
LibreSSL Yes Yes Yes Yes No Unknown
MatrixSSL Yes Yes Yes Yes115 No Unknown
Mbed TLS Yes Yes Yes No116 No Unknown
NSS Yes Yes Yes Yes No117 Unknown
OpenSSL Yes Yes Yes Yes Yes Yes
Rustls Yes Yes Yes No No No
s2n No 118 Unknown 119 Unknown 120
Schannel Unknown Yes Yes121 Yes121 No Unknown
Secure Transport Yes Yes Yes Yes No Unknown
wolfSSL Yes Yes Yes Yes No Unknown
Erlang/OTP SSL application Yes Yes Yes No No Unknown
Implementation Application-defined PKIX path validation CRL OCSP DANE (DNSSEC) CT

Encryption algorithms

Implementation Block cipher with mode of operation Stream cipher None
AES GCM
122 		AES CCM
123 		AES CBC Camellia GCM
124 		Camellia CBC
125124 		ARIA GCM
126 		ARIA CBC
126 		SEED CBC
127 		3DES EDE CBC
(insecure)128 		GOST 28147-89 CNT
(proposed)
85n 1 		ChaCha20-Poly1305
129 		Null
(insecure)
n 2
Botan Yes Yes Yes Yes Yes No No Disabled by default Disabled by default No Yes130 Not implemented
BoringSSL Yes No Yes No No No No No Yes No Yes
BSAFE SSL-J Yes Yes Yes No No No No No Disabled by default No No Disabled by default
cryptlib Yes No Yes No No No No No Yes No No Not implemented
GnuTLS Yes Yes38 Yes Yes Yes No No No Disabled by default131 No Yes132 Disabled by default
JSSE Yes No Yes No No No No No Disabled by default133 No Yes
(JDK 12+)134 		Disabled by default
LibreSSL Yes42 No Yes No Yes86 No No No42 Yes Yes86 Yes42 Disabled by default
MatrixSSL Yes No Yes No No No No Yes Disabled by default No Yes135 Disabled by default
Mbed TLS Yes Yes 136 Yes Yes Yes Yes137 Yes137 No No46 No Yes138 Disabled by default at compile time
NSS Yes139 No Yes No140n 3 Yes141 No No Yes142 Yes No8889 Yes143 Disabled by default
OpenSSL Yes144 Disabled by default53 Yes No Disabled by default53 Disabled by default145 No Disabled by default53 Disabled by default53 Yes90 Yes53 Disabled by default
Rustls Yes56 No No No No No No No No No Yes56 Not implemented
Schannel XP/2003 No No 2003 only146 No No No No No Yes No91 No Disabled by default
Schannel Vista/2008, 2008R2, 2012 No No Yes No No No No No Yes No91 No Disabled by default
Schannel 7, 8, 8.1/2012R2 Yes except ECDHE_RSA
9394 		No Yes No No No No No Yes No91 No Disabled by default
Schannel 10147 Yes No Yes No No No No No Yes No91 No Disabled by default
Secure Transport OS X 10.6 - 10.10 No No Yes No No No No No Yes No No Disabled by default
Secure Transport OS X 10.11 Yes No Yes No No No No No Yes No No Disabled by default
wolfSSL Yes Yes Yes No No No No No Yes No Yes Disabled by default
Erlang/OTP SSL application Yes No Yes No No No No No Disabled by default No Experimental Disable by default
Implementation Block cipher with mode of operation Stream cipher None
AES GCM
122 		AES CCM
123 		AES CBC Camellia GCM
124 		Camellia CBC
125124 		ARIA GCM
126 		ARIA CBC
126 		SEED CBC
127 		3DES EDE CBC
(insecure)128 		GOST 28147-89 CNT
(proposed)
85n 1 		ChaCha20-Poly1305
129 		Null
(insecure)
n 2
Notes
  1. This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.
  2. authentication only, no encryption
  3. This algorithm is implemented in an NSS fork used by Pale Moon.

Obsolete algorithms

Implementation Block cipher with mode of operation Stream cipher
IDEA CBC
n 1(insecure)149 		DES CBC
(insecure)
n 1 		DES-40 CBC
(EXPORT, insecure)
n 2 		RC2-40 CBC
(EXPORT, insecure)
n 2 		RC4-128
(insecure)
n 3 		RC4-40
(EXPORT, insecure)
n 4n 2
Botan No No No No No150 No
BoringSSL No No No No Disabled by default at compile time No
BSAFE SSL-J No Disabled by default Disabled by default No Disabled by default Disabled by default
cryptlib No Disabled by default at compile time No No Disabled by default at compile time No
GnuTLS No No No No Disabled by default38 No
JSSE No Disabled by default Disabled by default No Disabled by default Disabled by default 151
LibreSSL Yes Yes No42 No42 Yes No42
MatrixSSL Yes No No No Disabled by default No
Mbed TLS No Disabled by default at compile time No No Disabled by default at compile time47 No
NSS Yes Disabled by default Disabled by default Disabled by default Lowest priority152153 Disabled by default
OpenSSL Disabled by default53 Disabled by default No53 No53 Disabled by default No53
Rustls No No No No No No
Schannel XP/2003 No Yes Yes Yes Yes Yes
Schannel Vista/2008 No Disabled by default Disabled by default Disabled by default Yes Disabled by default
Schannel 7/2008R2 No Disabled by default Disabled by default Disabled by default Lowest priority
will be disabled soon154 		Disabled by default
Schannel 8/2012 No Disabled by default Disabled by default Disabled by default Only as fallback Disabled by default
Schannel 8.1/2012R2 No Disabled by default Disabled by default Disabled by default Disabled by default154 Disabled by default
Schannel 10147 No Disabled by default Disabled by default Disabled by default Disabled by default154 Disabled by default
Secure Transport OS X 10.6 Yes Yes Yes Yes Yes Yes
Secure Transport OS X 10.7 Yes Unknown Unknown Unknown Yes Unknown
Secure Transport OS X 10.8-10.9 Yes Disabled by default Disabled by default Disabled by default Yes Disabled by default
Secure Transport OS X 10.10-10.11 Yes Disabled by default Disabled by default Disabled by default Lowest priority Disabled by default
Secure Transport macOS 10.12 Yes Disabled by default Disabled by default Disabled by default Disabled by default Disabled by default
wolfSSL Disabled by default155 No No No Disabled by default No
Erlang/OTP SSL application no Disabled by default no no Disabled by default no
Implementation Block cipher with mode of operation Stream cipher
IDEA CBC
n 1(insecure)149 		DES CBC
(insecure)
n 1 		DES-40 CBC
(EXPORT, insecure)
n 2 		RC2-40 CBC
(EXPORT, insecure)
n 2 		RC4-128
(insecure)
n 3 		RC4-40
(EXPORT, insecure)
n 4n 2
Notes
  1. IDEA and DES have been removed from TLS 1.2.148
  2. 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later.
  3. The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465.
  4. The RC4 attacks weaken or break RC4 used in SSL/TLS.

Supported elliptic curves

This section lists the supported elliptic curves by each implementation.

Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier)

applicable TLS version TLS 1.3 and earlier TLS 1.2 and earlier
Implementation secp256r1
prime256v1
NIST P-256
(0x0017,156 23157) 		secp384r1
NIST P-384
(0x0018,156 24157) 		secp521r1
NIST P-521
(0x0019,156 25157) 		X25519
(0x001D,156 29157) 		X448
(0x001E,156 30157) 		brainpoolP256r1
(26)158 		brainpoolP384r1
(27)158 		brainpoolP512r1
(28)158
Botan Yes Yes Yes Yes130 No Yes159 Yes159 Yes159
BoringSSL Yes Yes Yes (disabled by default) Yes No No No No
BSAFE Yes Yes Yes No No No No No
GnuTLS Yes Yes Yes Yes160 Yes161 No No No
JSSE Yes Yes Yes Yes
x25519: JDK 13+162
Ed25519:JDK 15+163 		Yes
x448: JDK 13+162
Ed448: JDK 15+163 		No No No
LibreSSL Yes Yes Yes Yes164 No Yes42 Yes42 Yes42
MatrixSSL Yes Yes Yes TLS 1.3 only165 No Yes Yes Yes
Mbed TLS Yes Yes Yes Primitive only166 Primitive only167 Yes168 Yes168 Yes168
NSS Yes Yes Yes Yes169 No170171 No172 No172 No172
OpenSSL Yes Yes Yes Yes173174 Yes175176 Yes55 Yes55 Yes55
Rustls Yes Yes Yes177a Yes No No No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 Yes Yes Yes No No No No No
Secure Transport Yes Yes Yes No No No No No
wolfSSL Yes Yes Yes Yes178 Yes179 Yes Yes Yes
Erlang/OTP SSL application Yes Yes Yes No No Yes Yes Yes
Implementation secp256r1
prime256v1
NIST P-256
(0x0017, 23) 		secp384r1
NIST P-384
(0x0018, 24) 		secp521r1
NIST P-521
(0x0019, 25) 		X25519
(0x001D, 29) 		X448
(0x001E, 30) 		brainpoolP256r1
(26) 		brainpoolP384r1
(27) 		brainpoolP512r1
(28)

Deprecated curves in RFC 8422

Implementation sect163k1
NIST K-163
(1)84 		sect163r1
(2)84 		sect163r2
NIST B-163
(3)84 		sect193r1
(4)84 		sect193r2
(5)84 		sect233k1
NIST K-233
(6)84 		sect233r1
NIST B-233
(7)84 		sect239k1
(8)84 		sect283k1
NIST K-283
(9)84 		sect283r1
NIST B-283
(10)84 		sect409k1
NIST K-409
(11)84 		sect409r1
NIST B-409
(12)84 		sect571k1
NIST K-571
(13)84 		sect571r1
NIST B-571
(14)84
Botan No No No No No No No No No No No No No No
BoringSSL No No No No No No No No No No No No No No
BSAFE Yes No Yes No No Yes Yes No Yes Yes Yes Yes Yes Yes
GnuTLS No No No No No No No No No No No No No No
JSSE Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc
LibreSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
MatrixSSL No No No No No No No No No No No No No No
Mbed TLS No No No No No No No No No No No No No No
NSS Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Rustls No No No No No No No No No No No No No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 No No No No No No No No No No No No No No
Secure Transport No No No No No No No No No No No No No No
wolfSSL No No No No No No No No No No No No No No
Erlang/OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Implementation sect163k1
NIST K-163
(1) 		sect163r1
(2) 		sect163r2
NIST B-163
(3) 		sect193r1
(4) 		sect193r2
(5) 		sect233k1
NIST K-233
(6) 		sect233r1
NIST B-233
(7) 		sect239k1
(8) 		sect283k1
NIST K-283
(9) 		sect283r1
NIST B-283
(10) 		sect409k1
NIST K-409
(11) 		sect409r1
NIST B-409
(12) 		sect571k1
NIST K-571
(13) 		sect571r1
NIST B-571
(14)
Implementation secp160k1
(15)84 		secp160r1
(16)84 		secp160r2
(17)84 		secp192k1
(18)84 		secp192r1
prime192v1
NIST P-192
(19)84 		secp224k1
(20)84 		secp224r1
NIST P-244
(21)84 		secp256k1
(22)84 		arbitrary prime curves
(0xFF01)84182 		arbitrary char2 curves
(0xFF02)84182
Botan No No No No No No No No No No
BoringSSL No No No No No No Yes No No No
BSAFE No No No No Yes No Yes No No No
GnuTLS No No No No Yes No Yes No No No
JSSE Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc Notesbc No No
LibreSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
MatrixSSL No No No No Yes No Yes No No No
Mbed TLS No No No Yes Yes Yes Yes Yes No No
NSS Yes Yes Yes Yes Yes Yes Yes Yes No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
Rustls No No No No No No No No No No
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10 No No No No No No No No No No
Secure Transport No No No No Yes No No No No No
wolfSSL Yes Yes Yes Yes Yes Yes Yes Yes No No
Erlang/OTP SSL application Yes Yes Yes Yes Yes Yes Yes Yes No No
Implementation secp160k1
(15) 		secp160r1
(16) 		secp160r2
(17) 		secp192k1
(18) 		secp192r1
prime192v1
NIST P-192
(19) 		secp224k1
(20) 		secp224r1
NIST P-244
(21) 		secp256k1
(22) 		arbitrary prime curves
(0xFF01) 		arbitrary char2 curves
(0xFF02)
Notes
  1. Not supported for ECDHE key exchange, as per rustls::crypto::aws_lc_rs::kx_group.
  2. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.180
  3. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.181

Data integrity

Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA256/384 AEAD GOST 28147-89 IMIT
85 		GOST R 34.11-94
85
Botan No Yes Yes Yes No No
BSAFE Yes Yes Yes Yes No No
cryptlib Yes Yes Yes Yes No No
GnuTLS Yes Yes Yes Yes No No
JSSE Disabled by Default Yes Yes Yes No No
LibreSSL Yes Yes Yes Yes Yes
86 		Yes
86
MatrixSSL Yes Yes Yes Yes No No
Mbed TLS Yes Yes Yes Yes No No
NSS Yes Yes Yes Yes No
8889 		No
8889
OpenSSL Yes Yes Yes Yes Yes
90 		Yes
90
Rustls No No No Yes No No
Schannel XP/2003, Vista/2008 Yes Yes XP SP3, 2003 SP2 via hotfix
183 		No No
91 		No
91
Schannel 7/2008R2, 8/2012, 8.1/2012R2 Yes Yes Yes except ECDHE_RSA
939495 		No
91 		No
91
Schannel 10 Yes Yes Yes Yes
147 		No
91 		No
91
Secure Transport Yes Yes Yes Yes No No
wolfSSL Disabled by Default Yes Yes Yes No No
Erlang/OTP SSL application Yes Yes Yes Yes No No
Implementation HMAC-MD5 HMAC-SHA1 HMAC-SHA256/384 AEAD GOST 28147-89 IMIT GOST R 34.11-94

Compression

Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.

Implementation DEFLATE184
(insecure)
Botan No
BSAFE37 No
cryptlib No
GnuTLS Disabled by default
JSSE No
LibreSSL No42
MatrixSSL Disabled by default
Mbed TLS Disabled by default
NSS Disabled by default
OpenSSL Disabled by default
Rustls No
Schannel No
Secure Transport No
wolfSSL Disabled by default
Erlang/OTP SSL application No
Implementation DEFLATE

Extensions

In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security . TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.

Implementation Secure Renegotiation
185 		Server Name Indication
186 		ALPN
187 		Certificate Status Request
186 		OpenPGP
188 		Supplemental Data
189 		Session Ticket
190 		Keying Material Exporter
191 		Maximum Fragment Length
186 		Encrypt-then-MAC
25 		TLS Fallback SCSV
192 		Extended Master Secret
193 		ClientHello Padding
194 		Raw Public Keys
195
Botan Yes Yes Yes196 No No No Yes Yes Yes Yes Yes197 Yes198 No Unknown
BSAFE SSL-J Yes Yes No Yes No No No No Yes No No Yes No No
cryptlib Yes Yes No No No Yes No No No199 Yes Yes Yes No Unknown
GnuTLS Yes Yes Yes200 Yes No201 Yes Yes Yes Yes Yes38 Yes202 Yes38 Yes203 Yes204
JSSE Yes Yes68 Yes68 Yes No No Yes No Yes No No Yes No No
LibreSSL Yes Yes Yes205 Yes No No? Yes Yes? No No Server side only206 No Yes No
MatrixSSL Yes Yes Yes207 Yes135 No No Yes No Yes No Yes135 Yes135 No Unknown
Mbed TLS Yes Yes Yes208 No No No Yes No Yes Yes209 Yes209 Yes209 No No
NSS Yes Yes Yes210 Yes No211 No Yes Yes No No212 Yes213 Yes214 Yes210 Unknown
OpenSSL Yes Yes Yes55 Yes No No? Yes Yes Yes Yes Yes215 Yes53 Yes216 Yes217
Rustls Yes Yes Yes Yes No No Yes Yes No No No 218 Yes No Unknown
Schannel XP/2003 No No No No No Yes No No No No No No No Unknown
Schannel Vista/2008 Yes Yes No No No Yes No No No No No Yes219 No Unknown
Schannel 7/2008R2 Yes Yes No Yes No Yes No No No No No Yes219 No Unknown
Schannel 8/2012 Yes Yes No Yes No Yes Client side only220 No No No No Yes219 No Unknown
Schannel 8.1/2012R2, 10 Yes Yes Yes Yes No Yes Yes220 No No No No Yes219 No Unknown
Secure Transport Yes Yes Unknown No No Yes No No No No No No No Unknown
wolfSSL Yes Yes Yes155 Yes No No Yes No Yes Yes221 No Yes No Yes222
Erlang/OTP SSL application Yes Yes Yes No No No No No No No Yes No No Unknown
Implementation Secure Renegotiation Server Name Indication ALPN Certificate Status Request OpenPGP Supplemental Data Session Ticket Keying Material Exporter Maximum Fragment Length Encrypt-then-MAC TLS Fallback SCSV Extended Master Secret ClientHello Padding Raw Public Keys

Assisted cryptography

This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.

Implementation PKCS #11 device Intel AES-NI VIA PadLock ARMv8-A Intel SHA NXP CAAM TPM 2.0 NXP SE050 Microchip ATECC STMicro STSAFE Maxim MAXQ
Botan Yes223 Yes No Yes No Yes224 No No No No
BSAFE SSL-J ab Yes Yes No Yes Yes No No227 No No No No
cryptlib Yes Yes Yes No Yes No No No No
Crypto++ Yes Yes No No No No
GnuTLS Yes Yes Yes Yes228 Yes No229 No No No No
JSSE Yes Yes230 No No No No No No No
LibreSSL No Yes Yes No No No No No
MatrixSSL Yes Yes No Yes No No No No No
Mbed TLS Yes Yes231 Yes No No Partial232 Yes233 No No
NSS Yes234 Yes235 No236 No No No No No No
OpenSSL Yes237238239 Yes Yes Yes240 Yes Partial Partial241242 Partial232 No Partial243 No
Rustls Yes Yes Yes No No No No
Schannel No Yes No No No No No No No
Secure Transport No Yes244245 No Yes No No No No No
wolfSSL Yes Yes No Yes Yes Yes246 Yes247248 Yes249 Yes250 Yes251 Yes252
Implementation PKCS #11 device Intel AES-NI VIA PadLock ARMv8-A Intel SHA NXP CAAM TPM 2.0 NXP SE050 Microchip ATECC STMicro STSAFE Maxim MAXQ
  1. Pure Java implementations relies on JVM processor optimization capabilities, such as OpenJDK support for AES-NI225
  2. BSAFE SSL-J can be configured to run in native mode, using BSAFE Crypto-C Micro Edition to benefit from processor optimization.226

System-specific backends

This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.

Implementation /dev/crypto af_alg Windows CSP CommonCrypto OpenSSL engine
Botan No No No No Partial
BSAFE No No No No No
cryptlib Yes No No No No
GnuTLS Yes Yes No No No
JSSE No No Yes No No
LibreSSL No No No No No253
MatrixSSL No No No Yes Yes
Mbed TLS No No No No No
NSS No No No No No
OpenSSL Yes Yes No No Yes
Rustls No Yes 254 No No No
Schannel No No Yes No No
Secure Transport No No No Yes No
wolfSSL Yes Yes Partial No Yes255
Erlang/OTP SSL application No No No No Yes
Implementation /dev/crypto af_alg Windows CSP CommonCrypto OpenSSL engine

Cryptographic module/token support

Implementation TPM support Hardware token support Objects identified via
Botan Partial198 PKCS #11
BSAFE SSL-J No No
cryptlib Yes PKCS #11 User-defined label
GnuTLS Yes PKCS #11 RFC 7512 PKCS #11 URLs256
JSSE No PKCS11 Java Cryptography Architecture,
Java Cryptography Extension
LibreSSL Yes PKCS #11 (via 3rd party module) Custom method
MatrixSSL No PKCS #11
Mbed TLS No PKCS #11 (via libpkcs11-helper) or standard hooks Custom method
NSS No PKCS #11
OpenSSL Yes PKCS #11 (via 3rd party module)257 RFC 7512 PKCS #11 URLs256
Rustls No Microsoft CryptoAPI 258 Custom method
Schannel No Microsoft CryptoAPI UUID, User-defined label
Secure Transport
wolfSSL Yes PKCS #11
Implementation TPM support Hardware token support Objects identified via

Code dependencies

Implementation Dependencies Optional dependencies
Botan C++20 SQLite
zlib (compression)
bzip2 (compression)
liblzma (compression)
boost
trousers (TPM)
GnuTLS libc
nettle
gmp 		zlib (compression)
p11-kit (PKCS #11)
trousers (TPM)
libunbound (DANE)
JSSE Java
MatrixSSL none zlib (compression)
MatrixSSL-open libc or newlib
Mbed TLS libc libpkcs11-helper (PKCS #11)
zlib (compression)
NSS libc
libnspr4
libsoftokn3
libplc4
libplds4 		zlib (compression)
Rustls rust core library rust std library
zlib-rs (compression)
brotli (compression)
ring (cryptography)
aws-lc-rs (cryptography)
OpenSSL libc zlib (compression)
brotli (compression)
zstd (compression)
wolfSSL None libc
zlib (compression)
Erlang/OTP SSL application libcrypto (from OpenSSL), Erlang/OTP and its public_key, crypto and asn1 applications Erlang/OTP -inets (http fetching of CRLs)
Implementation Dependencies Optional dependencies

Development environment

Implementation Namespace Build tools API manual Crypto back-end OpenSSL compatibility Layer
Botan Botan::TLS Makefile Sphinx Included (pluggable) No
Bouncy Castle org.bouncycastle Java Development Environment Programmers reference manual (PDF) Included (pluggable) No
BSAFE SSL-J com.rsa.asn1[a]

com.rsa.certj[b]
com.rsa.jcp[c]
com.rsa.jsafe[d]
com.rsa.ssl[e]
com.rsa.jsse[f]

Java class loader Javadoc, Developer's guide (HTML) Included No
cryptlib crypt* makefile, MSVC project workspaces Programmers reference manual (PDF), architecture design manual (PDF) Included (monolithic) No
GnuTLS gnutls_* Autoconf, automake, libtool Manual and API reference (HTML, PDF) External, libnettle Yes (limited)
JSSE javax.net.ssl

sun.security.ssl

Makefile API Reference (HTML) +

JSSE Reference Guide

Java Cryptography Architecture,
Java Cryptography Extension 		No
MatrixSSL matrixSsl_*

ps*

Makefile, MSVC project workspaces, Xcode projects for OS X and iOS API Reference (PDF), Integration Guide Included (pluggable) Yes (Subset: SSL_read, SSL_write, etc.)
Mbed TLS mbedtls_ssl_*

mbedtls_sha1_*
mbedtls_md5_*
mbedtls_x509*
...

Makefile, CMake, MSVC project workspaces, yotta API Reference + High Level and Module Level Documentation (HTML) Included (monolithic) No
NSS CERT_*

SEC_*
SECKEY_*
NSS_*
PK11_*
SSL_*
...

Makefile Manual (HTML) Included, PKCS#11 based259 Yes (separate package called nss_compat_ossl260)
OpenSSL SSL_*

SHA1_*
MD5_*
EVP_*
...

Makefile Man pages Included (monolithic) N/a
Rustls rustls:: cargo API reference and design manual ring, aws-lc-rs included. Pluggable with OpenSSL, BoringSSL, Microsoft SymCrypt, wolfCrypt, Mbed TLS, Graviola, and RustCrypto.261262 Yes263 (subset)
wolfSSL wolfSSL_*

CyaSSL_*
SSL_*

Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC, e2Studio Manual and API Reference (HTML, PDF) Included (monolithic) Yes (about 60% of API)
Implementation Namespace Build tools API manual Crypto back-end OpenSSL compatibility layer
  1. ASN.1 manipulation classes
  2. Cert-J proprietary API
  3. Certificate Path manipulation classes
  4. Crypto-J proprietary API, JCE, CMS and PKI
    5. API
  5. SSLJ proprietary API
  6. JSSE API

Portability concerns

Implementation Platform requirements Network requirements Thread safety Random seed Able to cross-compile No OS (bare metal) Supported operating systems
Botan C++11 None Thread-safe Platform-dependent Yes Windows, Linux, macOS, Android, iOS, FreeBSD, OpenBSD, Solaris, AIX, HP-UX, QNX, BeOS, IncludeOS
BSAFE SSL-J Java Java SE network components Thread-safe Depends on java.security.SecureRandom Yes No FreeBSD, Linux, macOS, Microsoft Windows, Android, AIX, Solaris
cryptlib C89 POSIX send() and recv(). API to supply your own replacement Thread-safe Platform-dependent, including hardware sources Yes Yes AMX, BeOS, ChorusOS, DOS, eCos, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK
GnuTLS C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available. Platform dependent Yes No Generally any POSIX platforms or Windows, commonly tested platforms include Linux, Win32/64, macOS, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
JSSE Java Java SE network components Thread-safe Depends on java.security.SecureRandom Yes Java based, platform-independent
MatrixSSL C89 None Thread-safe Platform dependent Yes Yes All
Mbed TLS C89 POSIX read() and write(). API to supply your own replacement. Threading layer available (POSIX or own hooks) Random seed set through entropy pool Yes Yes Known to work on: Win32/64, Linux, macOS, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, eCos, SeggerOS, RISC OS
NSS C89, NSPR264 NSPR264 PR_Send() and PR_Recv(). API to supply your own replacement. Thread-safe Platform dependent265 Yes (but cumbersome) No AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, macOS, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation
Rustls Rust (programming language) None Thread-safe Platform dependent Yes Yes All supported by Rust (programming language)
OpenSSL C89 None Thread-safe Platform dependent Yes No Unix-like, DOS (with djgpp), Windows, OpenVMS, NetWare, eCos
wolfSSL C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe Random seed set through wolfCrypt Yes Yes Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Project, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and GameCube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, eCos, Micrium μC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, Keil RTX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, TOPPERS, PetaLinux, Apache mynewt
Implementation Platform requirements Network requirements Thread safety Random seed Able to cross-compile No OS (bare metal) Supported operating systems
See also

See also

  • SCTP — with DTLS support
  • DCCP — with DTLS support
  • SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)
References

References

  1. "Botan: Release Notes". Retrieved 2026-03-15.
  2. "BoringSSL README.md". boringssl.googlesource.com. Retrieved 2025-11-11.
  3. "Download Bouncy Castle for Java - bouncycastle.org". 2025-11-27. Retrieved 2025-12-01.
  4. "Download Bouncy Castle for Java LTS - bouncycastle.org". 2025-09-19. Retrieved 2025-12-01.
  5. "Download Bouncy Castle for Java FIPS - bouncycastle.org". 2024-07-30. Retrieved 2024-11-29.
  6. "Download Bouncy Castle for C# .NET - bouncycastle.org". 2025-07-15. Retrieved 2025-12-01.
  7. "Download Bouncy Castle for C# .NET FIPS - bouncycastle.org". 2024-03-11. Retrieved 2024-11-29.
  8. "Dell BSAFE SSL-J 7.4 Release Advisory". Dell.
  9. "Dell BSAFE Micro Edition Suite 5.0.3 Release Advisory".
  10. Gutmann, Peter (May 1, 2025). "cryptlib". Github. Retrieved 2025-08-02.
  11. Alexander Sosedkin (29 April 2026). "gnutls 3.8.13". Retrieved 30 April 2026.
  12. "Java Development Kit Releases". Java.com. Retrieved 2026-04-26.
  13. "LibreSSL 4.1.2 and 4.2.1 released". 31 October 2025. Retrieved 3 November 2025.
  14. The features listed are for the closed source version
  15. "MatrixSSL 4.2.2 Open release". 2019-09-11. Retrieved 2020-03-20.
  16. "Release 4.1.0". 31 March 2026. Retrieved 7 April 2026.
  17. "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
  18. "OpenSSL 4.0.0". 14 April 2026. Retrieved 14 April 2026.
  19. "rustls/rustls releases". Github. Retrieved 15 August 2025.
  20. "wolfSSL product description". Retrieved 2016-05-03.
  21. "wolfSSL Embedded SSL/TLS". Retrieved 2016-05-03.
  22. "wolfSSL ChangeLog". 2026-04-08. Retrieved 2026-04-28.
  23. Prohibiting Secure Sockets Layer (SSL) Version 2.0. IETF. doi:10.17487/RFC6176. RFC 6176.
  24. Vaudenay, Serge (2001). "CBC-Padding: Security Flaws in SSL, IPsec, WTLS,..." (PDF).
  25. Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security. IETF. doi:10.17487/RFC7366. RFC 7366.
  26. "Rizzo/Duong BEAST Countermeasures". Archived from the original on 2016-03-11.
  27. Möller, Bodo; Duong, Thai; Kotowicz, Krzysztof (September 2014). "This POODLE Bites: Exploiting The SSL 3.0 Fallback" (PDF). Archived from the original (PDF) on 15 October 2014. Retrieved 15 October 2014.
  28. "TLSv1.2's Major Differences from TLSv1.1". The Transport Layer Security (TLS) Protocol Version 1.2. IETF. sec. 1.2. doi:10.17487/RFC5246. RFC 5246.
  29. RFC 6347. IETF. doi:10.17487/RFC6347.
  30. Elgamal, Taher; Hickman, Kipp E. B. (19 April 1995). The SSL Protocol. IETF. I-D draft-hickman-netscape-ssl-00.
  31. RFC 6101. IETF. doi:10.17487/RFC6101.
  32. RFC 2246. IETF. doi:10.17487/RFC2246.
  33. RFC 4346. IETF. doi:10.17487/RFC4346.
  34. RFC 5246. IETF. doi:10.17487/RFC5246.
  35. RFC 4347. IETF. doi:10.17487/RFC4347.
  36. "Version 1.11.13, 2015-01-11 — Botan". 2015-01-11. Archived from the original on 2015-01-09. Retrieved 2015-01-16.
  37. "RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09.
  38. "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16.
  39. "[gnutls-devel] GnuTLS 3.6.3". 2018-07-16. Retrieved 2018-09-16.
  40. "Java SE Development Kit 8, Update 31 Release Notes". Retrieved 2024-01-14.
  41. "Release Note: Disable TLS 1.0 and 1.1". Retrieved 2024-01-14.
  42. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20.
  43. "LibreSSL 2.3.0 Released". 2015-09-23. Retrieved 2015-09-24.
  44. "LibreSSL 3.3.3 Released". 2021-05-04. Retrieved 2021-05-04.
  45. "MatrixSSL - News". Archived from the original on 2015-02-14. Retrieved 2014-11-09.
  46. "Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13.
  47. "mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14.
  48. "NSS 3.19 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2015-06-05. Retrieved 2015-05-06.
  49. "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27.
  50. "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10.
  51. "NSS 3.39 release notes". Mozilla Developer Network. Mozilla. 2018-08-31. Archived from the original on 2021-12-07. Retrieved 2018-09-15.
  52. "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Archived from the original on 2021-12-07. Retrieved 2014-06-30.
  53. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03.
  54. "Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012-03-14. Archived from the original on December 5, 2014. Retrieved 2015-01-20.
  55. "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22.
  56. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28.
  57. "S2N Readme". GitHub. 2019-12-21.
  58. "TLS Cipher Suites (Windows)". msdn.microsoft.com. 14 July 2023.
  59. "TLS Cipher Suites in Windows Vista (Windows)". msdn.microsoft.com. 25 October 2021.
  60. "Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023.
  61. "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
  62. "Protocols in TLS/SSL (Schannel SSP)". Microsoft. 2022-05-25. Retrieved 2023-11-18.
  63. "Protocols in TLS/SSL (Schannel SSP)". 25 May 2022. Retrieved 6 November 2022.
  64. "@badger: the 1.3 stuff is apparently in iOS 11 and macOS 10.13". 2018-03-09. Retrieved 2018-03-09.
  65. "[wolfssl] wolfSSL 3.6.6 Released". 2015-08-20. Retrieved 2015-08-24.
  66. "[wolfssl] wolfSSL 3.13.0 Released". 2017-12-21. Retrieved 2022-01-17.
  67. "Erlang -- Standards Compliance".
  68. "Security Enhancements in JDK 8". docs.oracle.com.
  69. "Bug 663320 - (NSA-Suite-B-TLS) Implement RFC6460 (NSA Suite B profile for TLS)". Mozilla. Retrieved 2014-05-19.
  70. "Introducing Compliance to Suite B Cryptography". 18 September 2012.
  71. "Speeds and Feeds › Secure or Compliant, Pick One". Archived from the original on December 27, 2013.
  72. "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. Archived from the original on 2014-12-26. Retrieved 2014-03-18.
  73. ""Is botan FIPS 140 certified?" Frequently Asked Questions — Botan". Archived from the original on 2014-11-29. Retrieved 2014-11-16.
  74. "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. 11 October 2016.
  75. "cryptlib". 11 October 2013. Archived from the original on 11 October 2013.
  76. "B.5 Certification". GnuTLS 3.7.7. Retrieved 26 September 2022.
  77. "Matrix SSL Toolkit" (PDF).
  78. "Is mbed TLS FIPS certified? - Mbed TLS documentation". Mbed TLS documentation.
  79. "FIPS Validation - MozillaWiki". wiki.mozilla.org.
  80. "OpenSSL and FIPS 140-2". Archived from the original on 2013-05-28. Retrieved 2014-11-15.
  81. "rustls FIPS documentation". Retrieved 2024-08-28.
  82. "Microsoft FIPS 140 Validated Cryptographic Modules".
  83. "wolfCrypt FIPS 140-2 Information - wolfSSL Embedded SSL/TLS Library".
  84. RFC 4492. IETF. doi:10.17487/RFC4492.
  85. "LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20.
  86. "NSS 3.20 release notes". Mozilla. 2015-08-19. Archived from the original on 2021-12-07. Retrieved 2015-08-20.
  87. Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01.
  88. Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01.
  89. "OpenSSL: CVS Web Interface". Retrieved 2014-11-12.{{cite web}}: CS1 maint: deprecated archival service (link)
  90. Extensions to support GOST in Schannel might be available.
  91. "Microsoft Security Advisory 3174644". 14 October 2022.
  92. "Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014.
  93. Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014.
  94. "Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2". support.microsoft.com.
  95. RFC 5054. IETF. doi:10.17487/RFC5054.
  96. RFC 4279. IETF. doi:10.17487/RFC4279.
  97. RFC 5489. IETF. doi:10.17487/RFC5489.
  98. RFC 2712. IETF. doi:10.17487/RFC2712.
  99. "RSA BSAFE SSL-J 6.2.4 Release Notes". 2018-09-05. Archived from the original on 2018-09-10.
  100. "LibreSSL 2.0.4 released". Retrieved 2014-08-04.
  101. "Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25.
  102. "Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25.
  103. "Bug 1170510 - Implement NSS server side support for DH_anon". Mozilla. Retrieved 2015-06-03.
  104. "Bug 236245 - Update ECC/TLS to conform to RFC 4492". Mozilla. Retrieved 2014-06-09.
  105. "Changes between 0.9.6h and 0.9.7 [31 Dec 2002]". Retrieved 2016-01-29.
  106. "Changes between 0.9.8n and 1.0.0 [29 Mar 2010]". Retrieved 2016-01-29.
  107. "wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016)". 2016-03-18. Retrieved 2016-04-05.
  108. RFC 5280. IETF. doi:10.17487/RFC5280.
  109. RFC 3280. IETF. doi:10.17487/RFC3280.
  110. RFC 2560. IETF. doi:10.17487/RFC2560.
  111. RFC 6698. IETF. doi:10.17487/RFC6698.
  112. RFC 7218. IETF. doi:10.17487/RFC7218.
  113. Laurie, B.; Langley, A.; Kasper, E. (June 2013). Certificate Transparency. IETF. doi:10.17487/RFC6962. ISSN 2070-1721. RFC 6962. Retrieved 2020-08-31.
  114. "MatrixSSL 3.8.3". Archived from the original on 2017-01-19. Retrieved 2017-01-18.
  115. "mbed TLS 2.0 defaults implement best practices". Retrieved 2017-01-18.
  116. "Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation". Mozilla. Retrieved 2014-06-18.
  117. "CRL Validation · Issue #3499 · aws/s2n-tls". GitHub. Retrieved 2022-11-01.
  118. "OCSP digest support for SHA-256 · Issue #2854 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01.
  119. "[RFC 6962] s2n Client can Validate Signed Certificate Timestamp TLS Extension · Issue #457 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01.
  120. "How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013.
  122. RFC 6655, RFC 7251
  123. RFC 6367. IETF. doi:10.17487/RFC6367.
  124. RFC 5932. IETF. doi:10.17487/RFC5932.
  125. RFC 6209. IETF. doi:10.17487/RFC6209.
  126. RFC 4162. IETF. doi:10.17487/RFC4162.
  127. "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info.
  128. RFC 7905. IETF. doi:10.17487/RFC7905.
  129. "Version 1.11.12, 2015-01-02 — Botan". 2015-01-02. Retrieved 2015-01-09.
  130. "gnutls 3.6.0". 2017-09-21. Retrieved 2018-01-07.
  131. "gnutls 3.4.12". 2016-05-20. Archived from the original on 2016-10-13. Retrieved 2016-05-29.
  132. "Java SE DevelopmentK Kit 10 - 10.0.1 Release Notes". 2018-04-17. Retrieved 2024-01-14.
  133. "JDK 12 Release Notes". Retrieved 2024-01-14.
  134. "Changes in 3.8.3". GitHub. Retrieved 2016-06-19.
  135. "PolarSSL 1.3.8 release notes". Archived from the original on 2014-07-14.
  136. "Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released". Retrieved 2018-08-30.
  137. "Mbed TLS 2.12.0, 2.7.5 and 2.1.14 released". Retrieved 2018-08-30.
  138. "NSS 3.25 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021-12-07. Retrieved 2016-07-01.
  139. "Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites". Mozilla. Retrieved 2013-11-19.
  140. "NSS 3.12 is released". Retrieved 2013-11-19.
  141. "NSS 3.12.3 Release Notes". Mozilla Developer Network. Mozilla. Archived from the original on 2023-04-02. Retrieved 2023-04-01.
  142. "NSS 3.23 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021-04-14. Retrieved 2016-03-09.
  143. "openssl/CHANGES at OpenSSL_1_0_1-stable · openssl/openssl". GitHub. Retrieved 2015-01-20.
  144. "OpenSSL 1.1.1 Series Release Notes". www.openssl.org. Archived from the original on 2024-01-16.
  145. "Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps". docs.microsoft.com. 14 July 2023.
  146. "Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023-07-14.
  147. RFC 5469
  148. "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN".
  149. "Version 1.11.15, 2015-03-08 — Botan". 2015-03-08. Retrieved 2015-03-11.
  150. "Java Cryptography Architecture Oracle Providers Documentation". docs.oracle.com.
  151. "NSS 3.15.3 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2014-06-05. Retrieved 2014-07-13.
  152. "MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities". Mozilla. Retrieved 2014-07-13.
  153. "RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016-08-09.
  154. "wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)". 2015-10-26. Retrieved 2015-11-19.
  155. RFC 8446
  156. RFC 8422
  157. RFC 7027
  158. "Version 1.11.5, 2013-11-10 — Botan". 2013-11-10. Retrieved 2015-01-23.
  159. "An overview of the new features in GnuTLS 3.5.0". 2016-05-02. Retrieved 2016-12-09.
  160. "gnutls 3.6.12". 2020-02-01. Retrieved 2021-08-31.
  161. "JDK 13 Early-Access Release Notes". Archived from the original on 2020-04-01. Retrieved 2019-06-20.
  162. "JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA)". Retrieved 2024-01-14.
  163. "LibreSSL 2.5.1 release notes". OpenBSD. 2017-01-31. Retrieved 2017-02-23.
  164. "MatrixSSL 4.0 changelog". GitHub. Retrieved 2018-09-18.
  165. "PolarSSL 1.3.3 released". 2013-12-31. Archived from the original on 2014-01-07. Retrieved 2015-01-23.
  166. "Mbed TLS 2.9.0, 2.7.3 and 2.1.12 released". Retrieved 2018-08-30.
  167. "PolarSSL 1.3.1 released". 2013-10-15. Archived from the original on 2015-01-23. Retrieved 2015-01-23.
  168. "Bug 957105 - Add support for curve25519 Key Exchange and UMAC MAC support for TLS". Mozilla. Retrieved 2017-02-23.
  169. "Bug 1305243 - Support for X448". Mozilla. Retrieved 2022-08-04.
  170. "Bug 1597057 - Curve448 or named Ed448-Goldilocks support needed (both X448 key exchange and Ed448 signature algorithm )". Mozilla. Retrieved 2022-08-04.
  171. "Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014-01-25.
  172. "OpenSSL 1.1.0x Release Notes". 25 August 2016. Archived from the original on 18 May 2018. Retrieved 18 May 2018.
  173. "OpenSSL GitHub Issue #487 Tracker". GitHub. 2 December 2015. Retrieved 18 May 2018.
  174. "OpenSSL CHANGES". 1 May 2018. Archived from the original on 18 May 2018. Retrieved 18 May 2018.
  175. "OpenSSL GitHub Issue #5049 Tracker". GitHub. 9 January 2018. Retrieved 18 May 2018.
  176. "RusTLS Changelog". github.com. 12 September 2024. pp. 0.14.0. Retrieved 9 March 2026. When using aws-lc-rs as the crypto provider, NIST P-521 signatures are now supported.
  177. "wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)". 2015-03-30. Retrieved 2015-11-19.
  178. "wolfSSL Release 4.4.0 (04/22/2020)". 2020-04-22. Retrieved 2022-10-18.
  179. "Release Note: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default". JDK Bug System (JBS). Retrieved 25 December 2024.
  180. "Release Note: Removal of Legacy Elliptic Curves". JDK Bug System (JBS). Retrieved 25 December 2024.
  181. Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart (2012). "A cross-protocol attack on the TLS protocol" (PDF). Proceedings of the 2012 ACM conference on Computer and communications security. Association for Computing Machinery. pp. 62–72. doi:10.1145/2382196.2382206. ISBN 978-1-4503-1651-4.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  182. "SHA2 and Windows". Retrieved 2024-12-25.
  183. RFC 3749
  184. RFC 5746
  185. RFC 6066
  186. RFC 7301
  187. RFC 6091
  188. RFC 4680
  189. RFC 5077. IETF. doi:10.17487/RFC5077.
  190. RFC 5705. IETF. doi:10.17487/RFC5705.
  191. RFC 7507. IETF. doi:10.17487/RFC7507.
  192. RFC 7627
  193. RFC 7685
  194. RFC 7250
  195. "Version 1.11.16, 2015-03-29 — Botan". 2016-03-29. Retrieved 2016-09-08.
  196. "Version 1.11.10, 2014-12-10 — Botan". 2014-12-10. Retrieved 2014-12-14.
  197. "Version 1.11.26, 2016-01-04 — Botan". 2016-01-04. Retrieved 2016-02-25.
  198. Present, but disabled by default due to lack of use by any implementation.
  199. "gnutls 3.2.0". Archived from the original on 2016-01-31. Retrieved 2015-01-26.
  200. Mavrogiannopoulos, Nikos (August 21, 2017). "[gnutls-help] GnuTLS 3.6.0 released".
  201. "gnutls 3.4.4". Archived from the original on 2017-07-17. Retrieved 2015-08-25.
  202. "%DUMBFW priority keyword". Retrieved 2017-04-30.
  203. "gnutls 3.6.6". 2019-01-25. Retrieved 2019-09-01.
  204. "LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-22.
  205. "LibreSSL 2.1.4 released". 2015-03-04. Retrieved 2015-03-04.
  206. "MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26.
  207. "Download overview - PolarSSL". 2014-04-11. Archived from the original on 2015-02-09. Retrieved 2015-01-26.
  208. "mbed TLS 1.3.10 released". 2015-02-08. Archived from the original on 2015-02-09. Retrieved 2015-02-09.
  209. "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-01-26.{{cite web}}: CS1 maint: deprecated archival service (link)
  210. "Bug 961416 - Support RFC6091 - Using OpenPGP Keys for Transport Layer Security Authentication (TLS1.2)". Mozilla. Retrieved 2014-06-18.
  211. "Bug 972145 - Implement the encrypt-then-MAC TLS extension". Mozilla. Retrieved 2014-11-06.
  212. "NSS 3.17.1 release notes". Archived from the original on 2019-04-19. Retrieved 2014-10-17.
  213. "NSS 3.21 release notes". Archived from the original on 2021-12-07. Retrieved 2015-11-14.
  214. "OpenSSL Security Advisory [15 Oct 2014]". 2014-10-15.
  215. "Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]". 2014-04-07. Archived from the original on 2015-01-20. Retrieved 2015-02-10.
  216. "OpenSSL Announces Final Release of OpenSSL 3.2.0". 2023-11-23. Retrieved 2024-10-11.
  217. rustls does not implement earlier versions that would warrant protection against insecure downgrade
  218. "Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28.
  219. "What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2024-04-28.
  220. "wolfSSL Version 4.2.0 is Now Available!". 22 October 2019. Retrieved 2021-08-13.
  221. "wolfSSL supports Raw Public Keys". August 2023. Retrieved 2024-10-25.
  222. "Version 1.11.31, 2015-08-30 — Botan". 2016-08-30. Retrieved 2016-09-08.
  223. "Trusted Platform Module (TPM) — Botan".
  224. "JEP 164: Leverage CPU Instructions for AES Cryptography". openjdk.org.
  225. "RSA SecurID PASSCODE Request". sso.rsasecurity.com.
  226. "Comparison of BSAFE TLS libraries: Micro Edition Suite vs SSL-J | Dell Malaysia".
  227. Mavrogiannopoulos, Nikos (October 9, 2016). "[gnutls-devel] gnutls 3.5.5".
  228. "Trusted Platform Module (GnuTLS 3.8.4)".
  229. "Java SSL provider with AES-NI support". stackoverflow.com.
  230. "PolarSSL 1.3.3 released". 2013-12-31. Archived from the original on 2014-01-07. Retrieved 2014-01-07. We've incorporated support for AES-NI in our AES and GCM modules.
  231. "NXP/Plug-and-trust". GitHub.
  232. "ARMmbed/Mbed-os-atecc608a". GitHub.
  233. Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens
  234. "Bug 706024 - AES-NI enhancements to NSS on Sandy Bridge systems". Retrieved 2013-09-28.
  235. "Bug 479744 - RFE : VIA Padlock ACE support (hardware RNG, AES, SHA1 and SHA256)". Retrieved 2014-04-11.
  236. "Подключаем Рутокен ЭЦП к OpenSSL" (in Russian). 16 December 2011.
  237. "Поддержка Рутокен ЭЦП в OpenSSL (Страница 1) — Рутокен и Open Source — Форум Рутокен" (in Russian).
  238. "OpenSSL ГОСТ" (in Russian). Archived from the original on 2018-06-23.
  239. "git.openssl.org Git - openssl.git/commitdiff". git.openssl.org.
  240. "Tpm2-software/Tpm2-openssl". GitHub.
  241. "Provider - OpenSSL Documentation".
  242. "STSW-STSA110-SSL - STSAFE-A integration within OpenSSL security stack". STMicroelectronics.
  243. SecECKey.c on GitHub
  244. "Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8" (PDF). Apple Inc. 2013.
  245. "CAAM support in wolfSSL". 10 March 2020.
  246. "wolfTPM Portable TPM 2.0 Library".
  247. "Announcing wolfSSL TPM support for the Espressif ESP32". 20 June 2024.
  248. "WolfSSL SSL/TLS Support for NXP SE050 – wolfSSL". 22 February 2024.
  249. "WolfSSL support for the ATECC608 Crypto Coprocessor – wolfSSL". 13 October 2021.
  250. "WolfSSL support for STSAFE-A100 crypto coprocessor – wolfSSL". 20 September 2018.
  251. "Support for MAXQ1065 in wolfSSL – wolfSSL". 29 November 2022.
  252. "LibreSSL 2.2.1 Released". 2015-07-08. Retrieved 2016-01-30.
  253. "ktls integration for rustls". GitHub. Retrieved 2024-08-29.
  254. "wolfProvider". 2021-11-10. Retrieved 2022-01-17.
  255. The PKCS #11 URI Scheme. IETF. doi:10.17487/RFC7512. RFC 7512.
  256. "libp11: PKCS#11 wrapper library". 19 January 2018 – via GitHub.
  257. "Windows CNG bridge for rustls". GitHub. Retrieved 2024-08-29.
  258. On the fly replaceable/augmentable.
  259. "Nss compat ossl - Fedora Project Wiki". fedoraproject.org.
  260. "Struct CryptoProvider". docs.rs/rustls. Retrieved 9 March 2026.
  261. "rustls". crates.io. 24 February 2026. Retrieved 10 March 2026.
  262. "rustls-openssl compatibility layer". GitHub. Retrieved 2024-08-29.
  263. "NSPR". Mozilla Developer Network.
  264. For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For other platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions it uses to determine randomness.