Jump to content

Comparison of TLS implementations: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Line 798: Line 798:
| {{yes}}
| {{yes}}
| {{yes|Disabled by default}}
| {{yes|Disabled by default}}
| {{yes}}<ref name=NSS-Camellia-CBC>{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=361025|title=Bug 361025 - Support for Camellia Cipher Suites to TLS RFC4132|publisher=Mozilla|accessdate=2013-11-19}}</ref>
| {{yes|Disabled by default}}
| {{no}}<ref name=NSS-Camellia-GCM>{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=940119|title=Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites|publisher=Mozilla|accessdate=2013-11-19}}</ref>
| {{no}}
| {{no}}
| {{no}}
|-
|-

Revision as of 02:20, 19 November 2013

The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free and open source software.

All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.

Overview

Implementation Developed By Open Source Software License Copyright Owner Latest Stable Version Release Date Origin
cryptlib Peter Gutmann Yes Sleepycat License and commercial license Peter Gutmann 3.4.2 2012-12-17 NZ
CyaSSL wolfSSL Yes GPLv2 and commercial license wolfSSL Inc. 2.8.0 2013-08-30 US
GnuTLS GnuTLS project Yes LGPL Free Software Foundation 3.2.4 2013-08-31 EU (Greece and Sweden)
MatrixSSL PeerSec Networks Yes GPLv2 and commercial license PeerSec Networks 3.4.2 2013-02-28 US
NSS Yes Mozilla Public License NSS contributors 3.15.3 2013-11-13 US
OpenSSL OpenSSL project Yes OpenSSL / SSLeay dual-license Eric Young, Tim Hudson, Sun, OpenSSL project, and others 1.0.1e 2013-02-11 Australia/EU
PolarSSL Offspark Yes GPLv2 and commercial license Brainspark B.V. (brainspark.nl) 1.3.1 2013-10-15 EU (Netherlands)
SChannel Microsoft No Proprietary Microsoft Inc. Windows 7 2009-10-22 US
Secure Transport Apple Inc. Yes APSL 2.0 Apple Inc. 55179.13 (OS X 10.8.4) 2012-07-25 US
JSSE Oracle Yes GPLv2 and commercial license Oracle JDK 6, JDK 7 2011-02-03 (ea snapshot release) US
Implementation Developed By Open Source Software License Copyright Owner Latest Stable Version Release Date Origin

Protocol Support

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated protocol, vulnerable to several attacks. SSL 3.0 and TLS 1.0 are its successors with many major known vulnerabilities. TLS 1.1 fixes all the known issues in TLS 1.0, and TLS 1.2 is the latest published version, introducing new features. Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated.

Note that there are known vulnerabilities in SSL 2.0, SSL 3.0 and TLS 1.0[1] protocols.

Implementation SSL 2.0
(Insecure)[2] 		SSL 3.0[3] TLS 1.0[4] TLS 1.1[5] TLS 1.2[6] DTLS 1.0[7] DTLS 1.2[8]
cryptlib No Yes Yes Yes Yes No No
CyaSSL No Yes Yes Yes Yes Yes Yes
GnuTLS No[9] Yes Yes Yes Yes Yes Yes
MatrixSSL No[9] Yes Yes Yes Yes Yes Yes
NSS Disabled by default Yes Yes Yes[10] Yes[11] Beta[10][12] No[12]
OpenSSL Yes Yes Yes Yes[13] Yes[13] Yes Beta[13]
PolarSSL No Yes Yes Yes Yes No No
SChannel Yes Yes Yes Yes Yes Yes[14] Yes[14]
Secure Transport Not anymore[a] Yes Yes Yes[a] Yes[a] Yes[a] No
JSSE No[9] Yes Yes Yes Yes No No
Implementation SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 DTLS 1.0 DTLS 1.2
  1. ^
    Secure Transport: SSL 2.0 was discontinued in OS X 10.8. TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.8 and later.[15]

NSA Suite B Cryptography

Required components for NSA Suite B Cryptography (RFC 6460) are:

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

Implementation TLS 1.2 Suite B [RFC 6460]
cryptlib Yes
CyaSSL Yes
GnuTLS Yes
NSS No
MatrixSSL Yes
OpenSSL No
PolarSSL Yes
SChannel No
Secure Transport Un­known
JSSE No
Implementation TLS 1.2 Suite B [RFC 6460]

Certifications

Implementation Certified version FIPS 140-2 Common Criteria
cryptlib
CyaSSL
GnuTLS
MatrixSSL Level 1
NSS
OpenSSL
PolarSSL
SChannel
Secure Transport
JSSE
Implementation Certified version FIPS 140-2 Common Criteria

Key Exchange Algorithms (Certificate-only)

This section lists the certificate verification functionality available in the various implementations.

Implementation RSA[6] RSA-EXPORT[6] DHE-RSA[6] DHE-DSS[6] ECDH-ECDSA[16] ECDHE-ECDSA[16] ECDH-RSA[16] ECDHE-RSA[16] VKO GOST R 34.10-2001[17][18]
cryptlib Yes No Yes Yes No Yes No No No
CyaSSL Yes No Yes No Yes Yes Yes Yes No
GnuTLS Yes Disabled by default Yes Yes No Yes No Yes No
MatrixSSL Yes No Yes No Yes Yes Yes Yes No
NSS Yes Disabled by default Partial[19] Partial[19] Yes Yes Yes Yes No
OpenSSL Yes Yes Yes Yes No Yes Yes Yes Yes
PolarSSL Yes No Yes No No Yes No Yes No
SChannel Yes No No Yes No Yes No Yes No[20]
Secure Transport Yes Yes Yes Yes Yes Yes Yes Yes No
JSSE Yes Yes Yes Yes Yes Yes No No No[20]
Implementation RSA RSA EXPORT DHE-RSA DHE-DSS ECDH-ECDSA ECDHE-ECDSA ECDH-RSA ECDHE-RSA VKO GOST R 34.10-2001

Certificate Verification Methods

Implementation Application-defined PKIX path validation[6] CRL[21] OCSP[22] DANE (DNSSEC)[6] Trust on First Use (TOFU)
cryptlib Yes No No
CyaSSL Yes Yes Yes Yes No No
GnuTLS Yes Yes Yes Yes Yes Yes
MatrixSSL Yes Yes Yes No No No
NSS Yes Yes Yes Yes No No
OpenSSL Yes Yes Yes No No
PolarSSL Yes Yes Yes No No
SChannel Yes Yes[23] Yes[23] No No
Secure Transport Yes Yes Yes Yes No No
JSSE Yes No No
Implementation Application-defined PKIX CRL OCSP DANE TOFU

Key Exchange Algorithms (Alternative key-exchanges)

Implementation DH-ANON[6] SRP[24] SRP-DSS[24] SRP-RSA[24] PSK-RSA[25] PSK[25] DHE-PSK[25] ECDHE-PSK[26] ECDH-ANON[16]
cryptlib No No No No No Yes Yes No No
CyaSSL No No No No No Yes No No No
GnuTLS Yes Yes Yes Yes Yes Yes Yes Yes Yes
MatrixSSL Yes No No No No Yes Yes No No
NSS No No No No No No No No No
OpenSSL Yes Yes Yes Yes No Yes No No Yes
PolarSSL No No No No Yes Yes Yes Yes No
SChannel No No No No No No No No No
Secure Transport Yes No No No Partial[27] Partial[27] Partial[27] No Yes
JSSE Yes No No No No No No No No
Implementation DH-ANON SRP SRP-DSS SRP-RSA PSK-RSA PSK DHE-PSK ECDHE-PSK ECDH-ANON

Encryption Algorithms

Implementation AES-CBC AES-GCM[28] AES-CCM[29] 3DES-CBC DES-CBC (Insecure) RC4-128 RC4-40 (Insecure) CAMELLIA-CBC[30] CAMELLIA-GCM[31] GOST28147-89[17]
cryptlib Yes Yes No Yes No Yes No No No No
CyaSSL Yes Yes Yes Yes No Yes No Yes No No
GnuTLS Yes Yes No Yes No Yes Disabled by default Yes Yes No
MatrixSSL Yes Yes No Yes No Yes No No No No
NSS Yes Yes[32] No Yes Disabled by default Yes Disabled by default Yes[33] No[34] No
OpenSSL Yes Yes [13] No Yes Yes Yes Yes Yes No Yes
PolarSSL Yes Yes No Yes Disabled by default Yes No Yes Yes No
SChannel Yes Partial[35] No Yes Yes Yes No No No No[20]
Secure Transport Yes Yes Yes Yes Yes Yes Yes No No No
JSSE Yes No No Yes Yes Yes Yes No No No[20]
Implementation AES-CBC AES-GCM AES-CCM 3DES-CBC DES-CBC RC4-128 RC4-40 CAMELLIA-CBC CAMELLIA-GCM GOST28147-89

Supported elliptic curves

This section lists the supported elliptic curves by each implementation.

Implementation Arbitrary curves Arbitrary char2 curves sect163k1 (1) sect163r1 (2) sect163r2 (3) sect193r1 (4) sect193r2 (5) sect233k1 (6) sect233r1 (7) sect239k1 (8) sect283k1 (9) sect283r1 (10) sect409k1 (11) sect409r1 (12) sect571k1 (13) sect571r1 (14)
CyaSSL No No No No No No No No No No No No No No No No
GnuTLS No No No No No No No No No No No No No No No No
MatrixSSL No No No No No No No No No No No No No No No No
NSS No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
PolarSSL No No No No No No No No No No No No No No No No
Secure Transport No No No No No No No No No No No No No No No No
Implementation Arbitrary curves Arbitrary char2 curves sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1
Implementation secp160k1 (15) secp160r1 (16) secp160r2 (17) secp192k1 (18) secp192r1 prime192v1 (19) secp224k1 (20) secp224r1 (21) secp256k1 (22) secp256r1 prime256v1 (23) secp384r1 (24) secp521r1 (25) brainpoolP256r1 (26) brainpoolP384r1 (27) brainpoolP512r1 (28)
CyaSSL No Yes No No Yes No Yes No Yes Yes Yes No No No
GnuTLS No No No No Yes No Yes No Yes Yes Yes No No No
MatrixSSL No No No No Yes No Yes No Yes Yes Yes No No No
NSS Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No
OpenSSL Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No
PolarSSL No No No No Yes No Yes No Yes Yes Yes Yes Yes Yes
Secure Transport No No No No Yes No No No Yes No Yes No No No
Implementation secp160k1 secp160r1 secp160r2 secp192k1 secp192r1 prime192v1 secp224k1 secp224r1 secp256k1 secp256r1 prime256v1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1

Assisted cryptography

This section lists the ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.

Implementation PKCS #11 device Intel AES-NI VIA PadLock STM32F2 Cavium NITROX
cryptlib Yes No Yes No No
CyaSSL No Yes No Yes Yes
GnuTLS Yes Yes Yes No No
MatrixSSL Yes Yes No No No
NSS Yes[36] Yes[37] No No No
OpenSSL No Yes Yes No Yes
PolarSSL Yes No Yes No No
SChannel No Yes No No No
Secure Transport No No No No No
JSSE Yes No No No No
Implementation PKCS #11 device Intel AES-NI VIA PadLock STM32F2 Cavium NITROX

System-specific backends

This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.

Implementation /dev/crypto Windows CSP CommonCrypto OpenSSL Engine
cryptlib No No No No
CyaSSL No Partial No No
GnuTLS Yes No No No
MatrixSSL No No Yes Yes
NSS No No No No
OpenSSL Yes No No Yes
PolarSSL No No No No
SChannel No Yes No No
Secure Transport No No Yes No
JSSE No Yes No No
Implementation /dev/crypto Windows CSP CommonCrypto OpenSSL Engine

MAC Functions

Implementation AEAD HMAC-MD5 HMAC-SHA-1 HMAC-SHA-256 GOST28147-89-MAC[17] GOST 34.11-94[17]
cryptlib Yes Yes Yes Yes No No
CyaSSL Yes Yes Yes Yes No No
GnuTLS Yes Yes Yes Yes No No
MatrixSSL No Yes Yes Yes No No
NSS No Yes Yes Yes No No
OpenSSL Yes Yes Yes Yes Yes Yes
PolarSSL Yes Yes Yes Yes No No
SChannel Yes Yes Yes Yes No[20] No[20]
Secure Transport No Yes Yes Yes No No
JSSE No Yes Yes Yes No[20] No[20]
Implementation AEAD HMAC-MD5 HMAC-SHA-1 HMAC-SHA-256 GOST28147-89-MAC GOST 34.11-94

Compression

Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.

Implementation DEFLATE[38]
(Insecure)
cryptlib No
CyaSSL Disabled by default
GnuTLS Disabled by default
MatrixSSL Disabled by default
NSS Disabled by default
OpenSSL Yes
PolarSSL Disabled by default
SChannel No
Secure Transport No
JSSE No
Implementation DEFLATE

Cryptographic module/token support

Implementation TPM support Hardware token support Objects identified via
cryptlib No PKCS11 User-defined label
CyaSSL No No
GnuTLS Yes PKCS11 PKCS #11 URLs[39]
MatrixSSL No PKCS11
NSS No PKCS11
OpenSSL Yes PKCS11 (via external module) Custom method
PolarSSL No PKCS11 (via libpkcs11-helper) or standard hooks Custom method
SChannel No Microsoft CryptoAPI UUID, User-defined label
JSSE No PKCS11 Java Cryptography Architecture/
Java Cryptography Extension
Implementation TPM support Hardware token support Objects identified via

Extensions

In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.

Implementation Secure
Renegotiation[40] 		Server Name
Indication[41] 		Certificate Status
Request[41] 		OpenPGP[42] Supplemental
Data[43] 		Session
Ticket[44] 		Keying Material
Exporter[45] 		Maximum
Fragment Length[41] 		Truncated
HMAC[41]
cryptlib Yes Yes No No Yes No No No[46] No
CyaSSL No Yes No No No No No No No
GnuTLS Yes Yes Yes Yes Yes Yes Yes Yes No
MatrixSSL Yes No No No No Yes No Yes Yes
NSS Yes Yes Yes No No Yes No[47] No No
OpenSSL Yes Yes Yes No No? Yes Yes? No No
PolarSSL Yes Yes No No No Yes No Yes Yes
SChannel Yes Yes Yes No Yes No[48] No No No
Secure Transport Yes Yes No No Yes No No No No
JSSE Yes Partial[19] No No No No No No No
Implementation Secure
Renegotiation 		Server Name
Indication 		Certificate Status
Request 		OpenPGP Supplemental
Data 		Session
Ticket 		Keying Material
Exporter 		Maximum
Fragment Length 		Truncated
HMAC

Code Size and Dependencies

Implementation Code size Dependencies Optional
dependencies
CyaSSL 67 kLoc None libc, zlib (compression)
GnuTLS 138 kLoc libc
nettle
gmp 		zlib (compression)
p11-kit (PKCS #11)
trousers (TPM)
MatrixSSL 22 kLoc none zlib (compression)
MatrixSSL-open 18 kLoc libc or newlib
NSS 400 kLoc libc
libnspr4
libsoftokn3
libplc4
libplds4 		zlib (compression)
OpenSSL 159 kLoc libc zlib (compression)
PolarSSL 14 kLOC libc libpkcs11-helper (PKCS #11)
zlib (compression)
JSSE 37 kLoc

(Framework and Oracle provider)

Java
Implementation Code size Dependencies Optional
dependencies

Development Environment

Implementation Namespace Build Tools API Manual Crypto Back-end OpenSSL Compatibility Layer[clarify]
cryptlib crypt* makefile, MSVC project workspaces Programmers reference manual (PDF), architecture design manual (PDF) Included (monolithic) No
CyaSSL CyaSSL_*

SSL_*

Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC Manual and API Reference (HTML, PDF) Included (monolithic) Yes (about 10% of API)
GnuTLS gnutls_* Autoconf, automake, libtool Manual and API reference (HTML, PDF) External, libnettle Yes (limited)
MatrixSSL matrixSsl_*

ps*

Makefile, MSVC project workspaces, Xcode projects for Mac OS X and iOS API Reference (PDF), Integration Guide Included (pluggable) Yes (Subset: SSL_read, SSL_write, etc.)
NSS CERT_*

SEC_*
SECKEY_*
NSS_*
PK11_*
SSL_*
...

Makefile Manual (HTML) Included, PKCS#11 based[49] Yes (separate package called nss_compat_ossl[50])
OpenSSL SSL_*

SHA1_*
MD5_*
EVP_*
...

Makefile Man pages Included (monolithic) Not Applicable
PolarSSL ssl_*

sha1_*
md5_*
x509parse_*
...

Makefile, CMake, MSVC project workspaces API Reference + High Level and Module Level Documentation (HTML) Included (monolithic) No
JSSE javax.net.ssl Makefile API Reference (HTML) +

JSSE Reference Guide

Java Cryptography Architecture/
Java Cryptography Extension
Implementation Namespace Build Tools API Manual Crypto Back-end OpenSSL Compatibility Layer

Portability Concerns

Implementation Platform Requirements Network Requirements Thread Safety Random Seed Able to Cross-Compile No OS (Bare Metal) Supported Operating Systems
cryptlib C89 POSIX send() and recv(). API to supply your own replacement Thread-safe. Platform-dependent, including hardware sources Yes AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, PalmOS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK
CyaSSL C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe, needs mutex hooks if PThreads or WinThreads not available, can be turned off Random seed set through CTaoCrypt Yes Yes Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, Keil RTX
GnuTLS C89 POSIX send() and recv(). API to supply your own replacement. Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available. platform dependent Yes Generally any POSIX platforms or Windows, commonly tested platforms include GNU/Linux, Win32/64, Mac OS X, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
MatrixSSL C89 none Thread-safe platform dependent Yes Yes All
NSS C89, NSPR[51] NSPR[51] PR_Send() and PR_Recv(). API to supply your own replacement. Thread-safe Platform dependent[52] Yes (but cumbersome) AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, Mac OS X, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation
OpenSSL C89? ? Needs mutex callbacks Set through native API Unix, DOS (with djgpp), Windows, OpenVMS, MacOS, NetWare
PolarSSL C89 POSIX read() and write(). API to supply your own replacement. Threading layer available (POSIX or own hooks) Random seed set through entropy pool Yes Yes Known to work on: Win32/64, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, SeggerOS
JSSE Java Java SE network components Thread-safe Depends on java.security.SecureRandom Yes Java based, platform-independent
Implementation Platform Requirements Network Requirements Thread Safety Random Seed Able to Cross-Compile No OS (Bare Metal) Supported Operating Systems

See also

  • SCTP — with DTLS support
  • DCCP — with DTLS support
  • SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)

References

  1. ^ "Bard attack". CiteSeerx10.1.1.61.5887. {{cite web}}: Missing or empty |url= (help)
  2. ^ SSLv2 is insecure
  3. ^ RFC 6101
  4. ^ RFC 2246
  5. ^ RFC 4346
  6. ^ a b c d e f g h RFC 5246 Cite error: The named reference "tls" was defined multiple times with different content (see the help page).
  7. ^ RFC 4347
  8. ^ RFC 6347
  9. ^ a b c SSLv2 client hello is supported
  10. ^ a b "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27.
  11. ^ "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10.
  12. ^ a b "Bug 681065 - (dtls) Implement DTLS (Datagram TLS) in libssl". Mozilla. Retrieved 2013-11-18.
  13. ^ a b c d www.openssl.org/news/changelog.html
  14. ^ a b "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
  15. ^ "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
  16. ^ a b c d e RFC 4492
  17. ^ RFC 4357
  18. ^ a b c Client side only
  19. ^ a b c d e f g h Extensions to support this functionality might be available.
  20. ^ RFC 3280
  21. ^ RFC 2560
  22. ^ a b "How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013.
  23. ^ a b c RFC 5054
  24. ^ a b c RFC 4279
  25. ^ RFC 5489
  26. ^ a b c As of iOS 7, PSK ciphers are enumerated in the headers but there are no APIs that use them.
  27. ^ RFC 5288
  28. ^ RFC 6655
  29. ^ RFC 5932
  30. ^ RFC 6367
  31. ^ "NSS 3.15.2 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-09-26.
  32. ^ "Bug 361025 - Support for Camellia Cipher Suites to TLS RFC4132". Mozilla. Retrieved 2013-11-19.
  33. ^ "Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites". Mozilla. Retrieved 2013-11-19.
  34. ^ Support is erratic, in many cases SChannel will simply drop the connection if a suite with this algorithm is specified.
  35. ^ Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens
  36. ^ "AES-NI enhancements to NSS on Sandy Bridge systems". 2012-05-02. Retrieved 2013-09-28.
  37. ^ RFC 3749
  38. ^ PKCS #11 URLs is a way to refer to objects stored in PKCS #11 tokens
  39. ^ RFC 5746
  40. ^ a b c d RFC 6066
  41. ^ RFC 6091
  42. ^ RFC 4680
  43. ^ RFC 5077
  44. ^ RFC 5705
  45. ^ Present but disabled by default due to lack of use by any implementation.
  46. ^ Patch is available
  47. ^ Supported in Windows 8.1 Preview and Windows Server 2012 R2 Preview; see What's New in TLS/SSL (Schannel SSP)
  48. ^ On the fly replaceable/augmentable.
  49. ^ http://fedoraproject.org/wiki/Nss_compat_ossl
  50. ^ a b Netscape Portable Runtime (NSPR)
  51. ^ For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For all platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions is uses to determine randomness.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Comparison_of_TLS_implementations&oldid=582308301"