Comparison of TLS implementations: Difference between revisions
added Camellia GCM |
→Overview: NSS 3.15.3 |
||
Line 57: | Line 57: | ||
| {{free|Mozilla Public License}} |
| {{free|Mozilla Public License}} |
||
| NSS contributors |
| NSS contributors |
||
| 3.15. |
| 3.15.3 |
||
| 2013- |
| 2013-11-13 |
||
| US |
| US |
||
|- |
|- |
Revision as of 13:27, 14 November 2013
The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free and open source software.
All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.
Overview
Implementation | Developed By | Open Source | Software License | Copyright Owner | Latest Stable Version | Release Date | Origin |
---|---|---|---|---|---|---|---|
cryptlib | Peter Gutmann | Yes | Sleepycat License and commercial license | Peter Gutmann | 3.4.2 | 2012-12-17 | NZ |
CyaSSL | wolfSSL | Yes | GPLv2 and commercial license | wolfSSL Inc. | 2.8.0 | 2013-08-30 | US |
GnuTLS | GnuTLS project | Yes | LGPL | Free Software Foundation | 3.2.4 | 2013-08-31 | EU (Greece and Sweden) |
MatrixSSL | PeerSec Networks | Yes | GPLv2 and commercial license | PeerSec Networks | 3.4.2 | 2013-02-28 | US |
NSS | Yes | Mozilla Public License | NSS contributors | 3.15.3 | 2013-11-13 | US | |
OpenSSL | OpenSSL project | Yes | OpenSSL / SSLeay dual-license | Eric Young, Tim Hudson, Sun, OpenSSL project, and others | 1.0.1e | 2013-02-11 | Australia/EU |
PolarSSL | Offspark | Yes | GPLv2 and commercial license | Brainspark B.V. (brainspark.nl) | 1.3.1 | 2013-10-15 | EU (Netherlands) |
SChannel | Microsoft | No | Proprietary | Microsoft Inc. | Windows 7 | 2009-10-22 | US |
Secure Transport | Apple Inc. | Yes | APSL 2.0 | Apple Inc. | 55179.13 (OS X 10.8.4) | 2012-07-25 | US |
JSSE | Oracle | Yes | GPLv2 and commercial license | Oracle | JDK 6, JDK 7 | 2011-02-03 (ea snapshot release) | US |
Implementation | Developed By | Open Source | Software License | Copyright Owner | Latest Stable Version | Release Date | Origin |
Protocol Support
Several versions of the TLS protocol exist. SSL 2.0 is a deprecated protocol, vulnerable to several attacks. SSL 3.0 and TLS 1.0 are its successors with many major known vulnerabilities. TLS 1.1 fixes all the known issues in TLS 1.0, and TLS 1.2 is the latest published version, introducing new features. Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated.
Note that there are known vulnerabilities in SSL 2.0, SSL 3.0 and TLS 1.0[1] protocols.
Implementation | SSL 2.0[2] | SSL 3.0[3] | TLS 1.0[4] | TLS 1.1[5] | TLS 1.2[6] | DTLS 1.0[7] | DTLS 1.2[8] |
---|---|---|---|---|---|---|---|
cryptlib | No | Yes | Yes | Yes | Yes | No | No |
CyaSSL | No | Yes | Yes | Yes | Yes | Yes | Yes |
GnuTLS | No[9] | Yes | Yes | Yes | Yes | Yes | Yes |
MatrixSSL | No[9] | Yes | Yes | Yes | Yes | Yes | Yes |
NSS | Disabled by default | Yes | Yes | Yes[10] | Yes[11] | Beta[10] | No |
OpenSSL | Yes | Yes | Yes | Yes[12] | Yes[12] | Yes | Beta[12] |
PolarSSL | No | Yes | Yes | Yes | Yes | No | No |
SChannel | Yes | Yes | Yes | Yes | Yes | Yes[13] | Yes[13] |
Secure Transport | Not anymore[a] | Yes | Yes | Yes[a] | Yes[a] | Yes[a] | No |
JSSE | No[9] | Yes | Yes | Yes | Yes | No | No |
Implementation | SSL 2.0 | SSL 3.0 | TLS 1.0 | TLS 1.1 | TLS 1.2 | DTLS 1.0 | DTLS 1.2 |
CipherSuite Profiles
Implementation | TLS 1.2 Suite B [RFC 6460] |
---|---|
cryptlib | Yes |
CyaSSL | Yes |
GnuTLS | Yes |
NSS | No |
MatrixSSL | Yes |
OpenSSL | No |
PolarSSL | Yes |
SChannel | No |
Secure Transport | Unknown |
JSSE | No |
Implementation | TLS 1.2 Suite B [RFC 6460] |
Certifications
Implementation | Certified version | FIPS 140-2 | Common Criteria |
---|---|---|---|
cryptlib | |||
CyaSSL | |||
GnuTLS | |||
MatrixSSL | Level 1 | ||
NSS | |||
OpenSSL | |||
PolarSSL | |||
SChannel | |||
Secure Transport | |||
JSSE | |||
Implementation | Certified version | FIPS 140-2 | Common Criteria |
Key Exchange Algorithms (Certificate-only)
This section lists the certificate verification functionality available in the various implementations.
Implementation | RSA[6] | RSA-EXPORT[6] | DHE-RSA[6] | DHE-DSS[6] | ECDH-ECDSA[15] | ECDHE-ECDSA[15] | ECDH-RSA[15] | ECDHE-RSA[15] | VKO GOST R 34.10-2001[16][17] |
---|---|---|---|---|---|---|---|---|---|
cryptlib | Yes | No | Yes | Yes | No | Yes | No | No | No |
CyaSSL | Yes | No | Yes | No | Yes | Yes | Yes | Yes | No |
GnuTLS | Yes | Disabled by default | Yes | Yes | No | Yes | No | Yes | No |
MatrixSSL | Yes | No | Yes | No | Yes | Yes | Yes | Yes | No |
NSS | Yes | Disabled by default | Partial[18] | Partial[18] | Yes | Yes | Yes | Yes | No |
OpenSSL | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes |
PolarSSL | Yes | No | Yes | No | No | Yes | No | Yes | No |
SChannel | Yes | No | No | Yes | No | Yes | No | Yes | No[19] |
Secure Transport | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
JSSE | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No[19] |
Implementation | RSA | RSA EXPORT | DHE-RSA | DHE-DSS | ECDH-ECDSA | ECDHE-ECDSA | ECDH-RSA | ECDHE-RSA | VKO GOST R 34.10-2001 |
Certificate Verification Methods
Implementation | Application-defined | PKIX path validation[6] | CRL[20] | OCSP[21] | DANE (DNSSEC)[6] | Trust on First Use (TOFU) |
---|---|---|---|---|---|---|
cryptlib | Yes | No | No | |||
CyaSSL | Yes | Yes | Yes | Yes | No | No |
GnuTLS | Yes | Yes | Yes | Yes | Yes | Yes |
MatrixSSL | Yes | Yes | Yes | No | No | No |
NSS | Yes | Yes | Yes | Yes | No | No |
OpenSSL | Yes | Yes | Yes | No | No | |
PolarSSL | Yes | Yes | Yes | No | No | |
SChannel | Yes | Yes[22] | Yes[22] | No | No | |
Secure Transport | Yes | Yes | Yes | Yes | No | No |
JSSE | Yes | No | No | |||
Implementation | Application-defined | PKIX | CRL | OCSP | DANE | TOFU |
Key Exchange Algorithms (Alternative key-exchanges)
Implementation | DH-ANON[6] | SRP[23] | SRP-DSS[23] | SRP-RSA[23] | PSK-RSA[24] | PSK[24] | DHE-PSK[24] | ECDHE-PSK[25] | ECDH-ANON[15] |
---|---|---|---|---|---|---|---|---|---|
cryptlib | No | No | No | No | No | Yes | Yes | No | No |
CyaSSL | No | No | No | No | No | Yes | No | No | No |
GnuTLS | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
MatrixSSL | Yes | No | No | No | No | Yes | Yes | No | No |
NSS | No | No | No | No | No | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | No | Yes | No | No | Yes |
PolarSSL | No | No | No | No | Yes | Yes | Yes | Yes | No |
SChannel | No | No | No | No | No | No | No | No | No |
Secure Transport | Yes | No | No | No | Partial[26] | Partial[26] | Partial[26] | No | Yes |
JSSE | Yes | No | No | No | No | No | No | No | No |
Implementation | DH-ANON | SRP | SRP-DSS | SRP-RSA | PSK-RSA | PSK | DHE-PSK | ECDHE-PSK | ECDH-ANON |
Encryption Algorithms
Implementation | AES-CBC | AES-GCM[27] | AES-CCM[28] | 3DES-CBC | DES-CBC (Insecure) | RC4-128 | RC4-40 (Insecure) | CAMELLIA-CBC[29] | CAMELLIA-GCM[30] | GOST28147-89[16] |
---|---|---|---|---|---|---|---|---|---|---|
cryptlib | Yes | Yes | No | Yes | No | Yes | No | No | No | No |
CyaSSL | Yes | Yes | Yes | Yes | No | Yes | No | Yes | No | No |
GnuTLS | Yes | Yes | No | Yes | No | Yes | Disabled by default | Yes | Yes | No |
MatrixSSL | Yes | Yes | No | Yes | No | Yes | No | No | No | No |
NSS | Yes | Yes[31] | No | Yes | Disabled by default | Yes | Disabled by default | Disabled by default | No | No |
OpenSSL | Yes | Yes [12] | No | Yes | Yes | Yes | Yes | Yes | No | Yes |
PolarSSL | Yes | Yes | No | Yes | Disabled by default | Yes | No | Yes | Yes | No |
SChannel | Yes | Partial[32] | No | Yes | Yes | Yes | No | No | No | No[19] |
Secure Transport | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
JSSE | Yes | No | No | Yes | Yes | Yes | Yes | No | No | No[19] |
Implementation | AES-CBC | AES-GCM | AES-CCM | 3DES-CBC | DES-CBC | RC4-128 | RC4-40 | CAMELLIA-CBC | CAMELLIA-GCM | GOST28147-89 |
Supported elliptic curves
This section lists the supported elliptic curves by each implementation.
Implementation | Arbitrary curves | Arbitrary char2 curves | sect163k1 (1) | sect163r1 (2) | sect163r2 (3) | sect193r1 (4) | sect193r2 (5) | sect233k1 (6) | sect233r1 (7) | sect239k1 (8) | sect283k1 (9) | sect283r1 (10) | sect409k1 (11) | sect409r1 (12) | sect571k1 (13) | sect571r1 (14) |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CyaSSL | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
GnuTLS | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
MatrixSSL | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
NSS | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
PolarSSL | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
Secure Transport | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No |
Implementation | Arbitrary curves | Arbitrary char2 curves | sect163k1 | sect163r1 | sect163r2 | sect193r1 | sect193r2 | sect233k1 | sect233r1 | sect239k1 | sect283k1 | sect283r1 | sect409k1 | sect409r1 | sect571k1 | sect571r1 |
Implementation | secp160k1 (15) | secp160r1 (16) | secp160r2 (17) | secp192k1 (18) | secp192r1 prime192v1 (19) | secp224k1 (20) | secp224r1 (21) | secp256k1 (22) | secp256r1 prime256v1 (23) | secp384r1 (24) | secp521r1 (25) | brainpoolP256r1 (26) | brainpoolP384r1 (27) | brainpoolP512r1 (28) |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CyaSSL | No | Yes | No | No | Yes | No | Yes | No | Yes | Yes | Yes | No | No | No |
GnuTLS | No | No | No | No | Yes | No | Yes | No | Yes | Yes | Yes | No | No | No |
MatrixSSL | No | No | No | No | Yes | No | Yes | No | Yes | Yes | Yes | No | No | No |
NSS | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
PolarSSL | No | No | No | No | Yes | No | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes |
Secure Transport | No | No | No | No | Yes | No | No | No | Yes | No | Yes | No | No | No |
Implementation | secp160k1 | secp160r1 | secp160r2 | secp192k1 | secp192r1 prime192v1 | secp224k1 | secp224r1 | secp256k1 | secp256r1 prime256v1 | secp384r1 | secp521r1 | brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 |
Assisted cryptography
This section lists the ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.
Implementation | PKCS #11 device | Intel AES-NI | VIA PadLock | STM32F2 | Cavium NITROX |
---|---|---|---|---|---|
cryptlib | Yes | No | Yes | No | No |
CyaSSL | No | Yes | No | Yes | Yes |
GnuTLS | Yes | Yes | Yes | No | No |
MatrixSSL | Yes | Yes | No | No | No |
NSS | Yes[33] | Yes[34] | No | No | No |
OpenSSL | No | Yes | Yes | No | Yes |
PolarSSL | Yes | No | Yes | No | No |
SChannel | No | Yes | No | No | No |
Secure Transport | No | No | No | No | No |
JSSE | Yes | No | No | No | No |
Implementation | PKCS #11 device | Intel AES-NI | VIA PadLock | STM32F2 | Cavium NITROX |
System-specific backends
This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.
Implementation | /dev/crypto | Windows CSP | CommonCrypto | OpenSSL Engine |
---|---|---|---|---|
cryptlib | No | No | No | No |
CyaSSL | No | Partial | No | No |
GnuTLS | Yes | No | No | No |
MatrixSSL | No | No | Yes | Yes |
NSS | No | No | No | No |
OpenSSL | Yes | No | No | Yes |
PolarSSL | No | No | No | No |
SChannel | No | Yes | No | No |
Secure Transport | No | No | Yes | No |
JSSE | No | Yes | No | No |
Implementation | /dev/crypto | Windows CSP | CommonCrypto | OpenSSL Engine |
MAC Functions
Implementation | AEAD | HMAC-MD5 | HMAC-SHA-1 | HMAC-SHA-256 | GOST28147-89-MAC[16] | GOST 34.11-94[16] |
---|---|---|---|---|---|---|
cryptlib | Yes | Yes | Yes | Yes | No | No |
CyaSSL | Yes | Yes | Yes | Yes | No | No |
GnuTLS | Yes | Yes | Yes | Yes | No | No |
MatrixSSL | No | Yes | Yes | Yes | No | No |
NSS | No | Yes | Yes | Yes | No | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes |
PolarSSL | Yes | Yes | Yes | Yes | No | No |
SChannel | Yes | Yes | Yes | Yes | No[19] | No[19] |
Secure Transport | No | Yes | Yes | Yes | No | No |
JSSE | No | Yes | Yes | Yes | No[19] | No[19] |
Implementation | AEAD | HMAC-MD5 | HMAC-SHA-1 | HMAC-SHA-256 | GOST28147-89-MAC | GOST 34.11-94 |
Compression
Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.
Implementation | DEFLATE[35] |
---|---|
cryptlib | No |
CyaSSL | Disabled by default |
GnuTLS | Disabled by default |
MatrixSSL | Disabled by default |
NSS | Disabled by default |
OpenSSL | Yes |
PolarSSL | Disabled by default |
SChannel | No |
Secure Transport | No |
JSSE | No |
Implementation | DEFLATE |
Cryptographic module/token support
Implementation | TPM support | Hardware token support | Objects identified via |
---|---|---|---|
cryptlib | No | PKCS11 | User-defined label |
CyaSSL | No | No | |
GnuTLS | Yes | PKCS11 | PKCS #11 URLs[36] |
MatrixSSL | No | PKCS11 | |
NSS | No | PKCS11 | |
OpenSSL | Yes | PKCS11 (via external module) | Custom method |
PolarSSL | No | PKCS11 (via libpkcs11-helper) or standard hooks | Custom method |
SChannel | No | Microsoft CryptoAPI | UUID, User-defined label |
JSSE | No | PKCS11 Java Cryptography Architecture/ Java Cryptography Extension |
|
Implementation | TPM support | Hardware token support | Objects identified via |
Extensions
In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.
Implementation | Secure Renegotiation[37] |
Server Name Indication[38] |
Certificate Status Request[38] |
OpenPGP[39] | Supplemental Data[40] |
Session Ticket[41] |
Keying Material Exporter[42] |
Maximum Fragment Length[38] |
Truncated HMAC[38] |
---|---|---|---|---|---|---|---|---|---|
cryptlib | Yes | Yes | No | No | Yes | No | No | No[43] | No |
CyaSSL | No | Yes | No | No | No | No | No | No | No |
GnuTLS | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
MatrixSSL | Yes | No | No | No | No | Yes | No | Yes | Yes |
NSS | Yes | Yes | Yes | No | No | Yes | No[44] | No | No |
OpenSSL | Yes | Yes | Yes | No | No? | Yes | Yes? | No | No |
PolarSSL | Yes | Yes | No | No | No | Yes | No | Yes | Yes |
SChannel | Yes | Yes | Yes | No | Yes | No[45] | No | No | No |
Secure Transport | Yes | Yes | No | No | Yes | No | No | No | No |
JSSE | Yes | Partial[18] | No | No | No | No | No | No | No |
Implementation | Secure Renegotiation |
Server Name Indication |
Certificate Status Request |
OpenPGP | Supplemental Data |
Session Ticket |
Keying Material Exporter |
Maximum Fragment Length |
Truncated HMAC |
Code Size and Dependencies
Implementation | Code size | Dependencies | Optional dependencies |
---|---|---|---|
CyaSSL | 67 kLoc | None | libc, zlib (compression) |
GnuTLS | 138 kLoc | libc nettle gmp |
zlib (compression) p11-kit (PKCS #11) trousers (TPM) |
MatrixSSL | 22 kLoc | none | zlib (compression) |
MatrixSSL-open | 18 kLoc | libc or newlib | |
NSS | 400 kLoc | libc libnspr4 libsoftokn3 libplc4 libplds4 |
zlib (compression) |
OpenSSL | 159 kLoc | libc | zlib (compression) |
PolarSSL | 14 kLOC | libc | libpkcs11-helper (PKCS #11) zlib (compression) |
JSSE | 37 kLoc (Framework and Oracle provider) |
Java | |
Implementation | Code size | Dependencies | Optional dependencies |
Development Environment
Implementation | Namespace | Build Tools | API Manual | Crypto Back-end | OpenSSL Compatibility Layer |
---|---|---|---|---|---|
cryptlib | crypt* | makefile, MSVC project workspaces | Programmers reference manual (PDF), architecture design manual (PDF) | Included (monolithic) | No |
CyaSSL | CyaSSL_* SSL_* |
Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC | Manual and API Reference (HTML, PDF) | Included (monolithic) | Yes (about 10% of API) |
GnuTLS | gnutls_* | Autoconf, automake, libtool | Manual and API reference (HTML, PDF) | External, libnettle | Yes (limited) |
MatrixSSL | matrixSsl_* ps* |
Makefile, MSVC project workspaces, Xcode projects for Mac OS X and iOS | API Reference (PDF), Integration Guide | Included (pluggable) | Yes (Subset: SSL_read, SSL_write, etc.) |
NSS | CERT_* SEC_* |
Makefile | Manual (HTML) | Included, PKCS#11 based[46] | Yes (separate package called nss_compat_ossl[47]) |
OpenSSL | SSL_* SHA1_* |
Makefile | Man pages | Included (monolithic) | Not Applicable |
PolarSSL | ssl_* sha1_* |
Makefile, CMake, MSVC project workspaces | API Reference + High Level and Module Level Documentation (HTML) | Included (monolithic) | No |
JSSE | javax.net.ssl | Makefile | API Reference (HTML) + | Java Cryptography Architecture/ Java Cryptography Extension |
|
Implementation | Namespace | Build Tools | API Manual | Crypto Back-end | OpenSSL Compatibility Layer |
Portability Concerns
Implementation | Platform Requirements | Network Requirements | Thread Safety | Random Seed | Able to Cross-Compile | No OS (Bare Metal) | Supported Operating Systems |
---|---|---|---|---|---|---|---|
cryptlib | C89 | POSIX send() and recv(). API to supply your own replacement | Thread-safe. | Platform-dependent, including hardware sources | Yes | AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, PalmOS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK | |
CyaSSL | C89 | POSIX send() and recv(). API to supply your own replacement. | Thread-safe, needs mutex hooks if PThreads or WinThreads not available, can be turned off | Random seed set through CTaoCrypt | Yes | Yes | Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, Keil RTX |
GnuTLS | C89 | POSIX send() and recv(). API to supply your own replacement. | Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available. | platform dependent | Yes | Generally any POSIX platforms or Windows, commonly tested platforms include GNU/Linux, Win32/64, Mac OS X, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD. | |
MatrixSSL | C89 | none | Thread-safe | platform dependent | Yes | Yes | All |
NSS | C89, NSPR[48] | NSPR[48] PR_Send() and PR_Recv(). API to supply your own replacement. | Thread-safe | Platform dependent[49] | Yes (but cumbersome) | AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, Mac OS X, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation | |
OpenSSL | C89? | ? | Needs mutex callbacks | Set through native API | Unix, DOS (with djgpp), Windows, OpenVMS, MacOS, NetWare | ||
PolarSSL | C89 | POSIX read() and write(). API to supply your own replacement. | Threading layer available (POSIX or own hooks) | Random seed set through entropy pool | Yes | Yes | Known to work on: Win32/64, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, SeggerOS |
JSSE | Java | Java SE network components | Thread-safe | Depends on java.security.SecureRandom | Yes | Java based, platform-independent | |
Implementation | Platform Requirements | Network Requirements | Thread Safety | Random Seed | Able to Cross-Compile | No OS (Bare Metal) | Supported Operating Systems |
See also
- SCTP — with DTLS support
- DCCP — with DTLS support
- SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)
References
- ^ "Bard attack". CiteSeerx: 10.1.1.61.5887.
{{cite web}}
: Missing or empty|url=
(help) - ^ SSLv2 is insecure
- ^ RFC 6101
- ^ RFC 2246
- ^ RFC 4346
- ^ a b c d e f g h RFC 5246 Cite error: The named reference "tls" was defined multiple times with different content (see the help page).
- ^ RFC 4347
- ^ RFC 6347
- ^ a b c SSLv2 client hello is supported
- ^ a b "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27.
- ^ "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10.
- ^ a b c d www.openssl.org/news/changelog.html
- ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
- ^ "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
- ^ a b c d e RFC 4492
- ^ a b c d draft-chudov-cryptopro-cptls-04
- ^ RFC 4357
- ^ a b c Client side only
- ^ a b c d e f g h Extensions to support this functionality might be available.
- ^ RFC 3280
- ^ RFC 2560
- ^ a b "How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013.
- ^ a b c RFC 5054
- ^ a b c RFC 4279
- ^ RFC 5489
- ^ a b c As of iOS 7, PSK ciphers are enumerated in the headers but there are no APIs that use them.
- ^ RFC 5288
- ^ RFC 6655
- ^ RFC 5932
- ^ RFC 6367
- ^ "NSS 3.15.2 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-09-26.
- ^ Support is erratic, in many cases SChannel will simply drop the connection if a suite with this algorithm is specified.
- ^ Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens
- ^ "AES-NI enhancements to NSS on Sandy Bridge systems". 2012-05-02. Retrieved 2013-09-28.
- ^ RFC 3749
- ^ PKCS #11 URLs is a way to refer to objects stored in PKCS #11 tokens
- ^ RFC 5746
- ^ a b c d RFC 6066
- ^ RFC 6091
- ^ RFC 4680
- ^ RFC 5077
- ^ RFC 5705
- ^ Present but disabled by default due to lack of use by any implementation.
- ^ Patch is available
- ^ Supported in Windows 8.1 Preview and Windows Server 2012 R2 Preview; see What's New in TLS/SSL (Schannel SSP)
- ^ On the fly replaceable/augmentable.
- ^ http://fedoraproject.org/wiki/Nss_compat_ossl
- ^ a b Netscape Portable Runtime (NSPR)
- ^ For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For all platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions is uses to determine randomness.