Comparison of TLS implementations

The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free and open source software.

All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.

Overview

Implementation	Developed By	Open Source	Software License	Copyright Owner	Latest Stable Version	Release Date	Origin
cryptlib	Peter Gutmann	Yes	Sleepycat License and commercial license	Peter Gutmann	3.4.2	2012-12-17	NZ
CyaSSL	wolfSSL	Yes	GPLv2 and commercial license	wolfSSL Inc.	2.8.0	2013-08-30	US
GnuTLS	GnuTLS project	Yes	LGPL	Free Software Foundation	3.2.4	2013-08-31	EU (Greece and Sweden)
MatrixSSL	PeerSec Networks	Yes	GPLv2 and commercial license	PeerSec Networks	3.4.2	2013-02-28	US
NSS		Yes	Mozilla Public License	NSS contributors	3.15.3	2013-11-13	US
OpenSSL	OpenSSL project	Yes	OpenSSL / SSLeay dual-license	Eric Young, Tim Hudson, Sun, OpenSSL project, and others	1.0.1e	2013-02-11	Australia/EU
PolarSSL	Offspark	Yes	GPLv2 and commercial license	Brainspark B.V. (brainspark.nl)	1.3.1	2013-10-15	EU (Netherlands)
SChannel	Microsoft	No	Proprietary	Microsoft Inc.	Windows 7	2009-10-22	US
Secure Transport	Apple Inc.	Yes	APSL 2.0	Apple Inc.	55179.13 (OS X 10.8.4)	2012-07-25	US
JSSE	Oracle	Yes	GPLv2 and commercial license	Oracle	JDK 6, JDK 7	2011-02-03 (ea snapshot release)	US
Implementation	Developed By	Open Source	Software License	Copyright Owner	Latest Stable Version	Release Date	Origin

Protocol Support

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated protocol, vulnerable to several attacks. SSL 3.0 and TLS 1.0 are its successors with many major known vulnerabilities. TLS 1.1 fixes all the known issues in TLS 1.0, and TLS 1.2 is the latest published version, introducing new features. Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated.

Note that there are known vulnerabilities in SSL 2.0, SSL 3.0 and TLS 1.0^[1] protocols.

Implementation	SSL 2.0[2]	SSL 3.0[3]	TLS 1.0[4]	TLS 1.1[5]	TLS 1.2[6]	DTLS 1.0[7]	DTLS 1.2[8]
cryptlib	No	Yes	Yes	Yes	Yes	No	No
CyaSSL	No	Yes	Yes	Yes	Yes	Yes	Yes
GnuTLS	No[9]	Yes	Yes	Yes	Yes	Yes	Yes
MatrixSSL	No[9]	Yes	Yes	Yes	Yes	Yes	Yes
NSS	Disabled by default	Yes	Yes	Yes[10]	Yes[11]	Beta[10]	No
OpenSSL	Yes	Yes	Yes	Yes[12]	Yes[12]	Yes	Beta[12]
PolarSSL	No	Yes	Yes	Yes	Yes	No	No
SChannel	Yes	Yes	Yes	Yes	Yes	Yes[13]	Yes[13]
Secure Transport	Not anymore[a]	Yes	Yes	Yes[a]	Yes[a]	Yes[a]	No
JSSE	No[9]	Yes	Yes	Yes	Yes	No	No
Implementation	SSL 2.0	SSL 3.0	TLS 1.0	TLS 1.1	TLS 1.2	DTLS 1.0	DTLS 1.2

1. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.8 and later.^[14]

CipherSuite Profiles

Implementation	TLS 1.2 Suite B [RFC 6460]
cryptlib	Yes
CyaSSL	Yes
GnuTLS	Yes
NSS	No
MatrixSSL	Yes
OpenSSL	No
PolarSSL	Yes
SChannel	No
Secure Transport	Un­known
JSSE	No
Implementation	TLS 1.2 Suite B [RFC 6460]

Certifications

Implementation	Certified version	FIPS 140-2	Common Criteria
cryptlib
CyaSSL
GnuTLS
MatrixSSL		Level 1
NSS
OpenSSL
PolarSSL
SChannel
Secure Transport
JSSE
Implementation	Certified version	FIPS 140-2	Common Criteria

Key Exchange Algorithms (Certificate-only)

This section lists the certificate verification functionality available in the various implementations.

Implementation	RSA[6]	RSA-EXPORT[6]	DHE-RSA[6]	DHE-DSS[6]	ECDH-ECDSA[15]	ECDHE-ECDSA[15]	ECDH-RSA[15]	ECDHE-RSA[15]	VKO GOST R 34.10-2001[16][17]
cryptlib	Yes	No	Yes	Yes	No	Yes	No	No	No
CyaSSL	Yes	No	Yes	No	Yes	Yes	Yes	Yes	No
GnuTLS	Yes	Disabled by default	Yes	Yes	No	Yes	No	Yes	No
MatrixSSL	Yes	No	Yes	No	Yes	Yes	Yes	Yes	No
NSS	Yes	Disabled by default	Partial[18]	Partial[18]	Yes	Yes	Yes	Yes	No
OpenSSL	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes
PolarSSL	Yes	No	Yes	No	No	Yes	No	Yes	No
SChannel	Yes	No	No	Yes	No	Yes	No	Yes	No[19]
Secure Transport	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
JSSE	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No[19]
Implementation	RSA	RSA EXPORT	DHE-RSA	DHE-DSS	ECDH-ECDSA	ECDHE-ECDSA	ECDH-RSA	ECDHE-RSA	VKO GOST R 34.10-2001

Certificate Verification Methods

Implementation	Application-defined	PKIX path validation[6]	CRL[20]	OCSP[21]	DANE (DNSSEC)[6]	Trust on First Use (TOFU)
cryptlib		Yes			No	No
CyaSSL	Yes	Yes	Yes	Yes	No	No
GnuTLS	Yes	Yes	Yes	Yes	Yes	Yes
MatrixSSL	Yes	Yes	Yes	No	No	No
NSS	Yes	Yes	Yes	Yes	No	No
OpenSSL		Yes	Yes	Yes	No	No
PolarSSL	Yes	Yes	Yes		No	No
SChannel		Yes	Yes[22]	Yes[22]	No	No
Secure Transport	Yes	Yes	Yes	Yes	No	No
JSSE		Yes			No	No
Implementation	Application-defined	PKIX	CRL	OCSP	DANE	TOFU

Key Exchange Algorithms (Alternative key-exchanges)

Implementation	DH-ANON[6]	SRP[23]	SRP-DSS[23]	SRP-RSA[23]	PSK-RSA[24]	PSK[24]	DHE-PSK[24]	ECDHE-PSK[25]	ECDH-ANON[15]
cryptlib	No	No	No	No	No	Yes	Yes	No	No
CyaSSL	No	No	No	No	No	Yes	No	No	No
GnuTLS	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
MatrixSSL	Yes	No	No	No	No	Yes	Yes	No	No
NSS	No	No	No	No	No	No	No	No	No
OpenSSL	Yes	Yes	Yes	Yes	No	Yes	No	No	Yes
PolarSSL	No	No	No	No	Yes	Yes	Yes	Yes	No
SChannel	No	No	No	No	No	No	No	No	No
Secure Transport	Yes	No	No	No	Partial[26]	Partial[26]	Partial[26]	No	Yes
JSSE	Yes	No	No	No	No	No	No	No	No
Implementation	DH-ANON	SRP	SRP-DSS	SRP-RSA	PSK-RSA	PSK	DHE-PSK	ECDHE-PSK	ECDH-ANON

Encryption Algorithms

Implementation	AES-CBC	AES-GCM[27]	AES-CCM[28]	3DES-CBC	DES-CBC (Insecure)	RC4-128	RC4-40 (Insecure)	CAMELLIA-CBC[29]	CAMELLIA-GCM[30]	GOST28147-89[16]
cryptlib	Yes	Yes	No	Yes	No	Yes	No	No	No	No
CyaSSL	Yes	Yes	Yes	Yes	No	Yes	No	Yes	No	No
GnuTLS	Yes	Yes	No	Yes	No	Yes	Disabled by default	Yes	Yes	No
MatrixSSL	Yes	Yes	No	Yes	No	Yes	No	No	No	No
NSS	Yes	Yes[31]	No	Yes	Disabled by default	Yes	Disabled by default	Disabled by default	No	No
OpenSSL	Yes	Yes [12]	No	Yes	Yes	Yes	Yes	Yes	No	Yes
PolarSSL	Yes	Yes	No	Yes	Disabled by default	Yes	No	Yes	Yes	No
SChannel	Yes	Partial[32]	No	Yes	Yes	Yes	No	No	No	No[19]
Secure Transport	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
JSSE	Yes	No	No	Yes	Yes	Yes	Yes	No	No	No[19]
Implementation	AES-CBC	AES-GCM	AES-CCM	3DES-CBC	DES-CBC	RC4-128	RC4-40	CAMELLIA-CBC	CAMELLIA-GCM	GOST28147-89

Supported elliptic curves

This section lists the supported elliptic curves by each implementation.

Implementation	Arbitrary curves	Arbitrary char2 curves	sect163k1 (1)	sect163r1 (2)	sect163r2 (3)	sect193r1 (4)	sect193r2 (5)	sect233k1 (6)	sect233r1 (7)	sect239k1 (8)	sect283k1 (9)	sect283r1 (10)	sect409k1 (11)	sect409r1 (12)	sect571k1 (13)	sect571r1 (14)
CyaSSL	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No
GnuTLS	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No
MatrixSSL	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No
NSS	No	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
PolarSSL	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No
Secure Transport	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No	No
Implementation	Arbitrary curves	Arbitrary char2 curves	sect163k1	sect163r1	sect163r2	sect193r1	sect193r2	sect233k1	sect233r1	sect239k1	sect283k1	sect283r1	sect409k1	sect409r1	sect571k1	sect571r1

Implementation	secp160k1 (15)	secp160r1 (16)	secp160r2 (17)	secp192k1 (18)	secp192r1 prime192v1 (19)	secp224k1 (20)	secp224r1 (21)	secp256k1 (22)	secp256r1 prime256v1 (23)	secp384r1 (24)	secp521r1 (25)	brainpoolP256r1 (26)	brainpoolP384r1 (27)	brainpoolP512r1 (28)
CyaSSL	No	Yes	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No	No
GnuTLS	No	No	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No	No
MatrixSSL	No	No	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No	No
NSS	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
PolarSSL	No	No	No	No	Yes	No	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes
Secure Transport	No	No	No	No	Yes	No	No	No	Yes	No	Yes	No	No	No
Implementation	secp160k1	secp160r1	secp160r2	secp192k1	secp192r1 prime192v1	secp224k1	secp224r1	secp256k1	secp256r1 prime256v1	secp384r1	secp521r1	brainpoolP256r1	brainpoolP384r1	brainpoolP512r1

Assisted cryptography

This section lists the ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.

Implementation	PKCS #11 device	Intel AES-NI	VIA PadLock	STM32F2	Cavium NITROX
cryptlib	Yes	No	Yes	No	No
CyaSSL	No	Yes	No	Yes	Yes
GnuTLS	Yes	Yes	Yes	No	No
MatrixSSL	Yes	Yes	No	No	No
NSS	Yes[33]	Yes[34]	No	No	No
OpenSSL	No	Yes	Yes	No	Yes
PolarSSL	Yes	No	Yes	No	No
SChannel	No	Yes	No	No	No
Secure Transport	No	No	No	No	No
JSSE	Yes	No	No	No	No
Implementation	PKCS #11 device	Intel AES-NI	VIA PadLock	STM32F2	Cavium NITROX

System-specific backends

This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.

Implementation	/dev/crypto	Windows CSP	CommonCrypto	OpenSSL Engine
cryptlib	No	No	No	No
CyaSSL	No	Partial	No	No
GnuTLS	Yes	No	No	No
MatrixSSL	No	No	Yes	Yes
NSS	No	No	No	No
OpenSSL	Yes	No	No	Yes
PolarSSL	No	No	No	No
SChannel	No	Yes	No	No
Secure Transport	No	No	Yes	No
JSSE	No	Yes	No	No
Implementation	/dev/crypto	Windows CSP	CommonCrypto	OpenSSL Engine

MAC Functions

Implementation	AEAD	HMAC-MD5	HMAC-SHA-1	HMAC-SHA-256	GOST28147-89-MAC[16]	GOST 34.11-94[16]
cryptlib	Yes	Yes	Yes	Yes	No	No
CyaSSL	Yes	Yes	Yes	Yes	No	No
GnuTLS	Yes	Yes	Yes	Yes	No	No
MatrixSSL	No	Yes	Yes	Yes	No	No
NSS	No	Yes	Yes	Yes	No	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes
PolarSSL	Yes	Yes	Yes	Yes	No	No
SChannel	Yes	Yes	Yes	Yes	No[19]	No[19]
Secure Transport	No	Yes	Yes	Yes	No	No
JSSE	No	Yes	Yes	Yes	No[19]	No[19]
Implementation	AEAD	HMAC-MD5	HMAC-SHA-1	HMAC-SHA-256	GOST28147-89-MAC	GOST 34.11-94

Compression

Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.

Implementation	DEFLATE[35]
cryptlib	No
CyaSSL	Disabled by default
GnuTLS	Disabled by default
MatrixSSL	Disabled by default
NSS	Disabled by default
OpenSSL	Yes
PolarSSL	Disabled by default
SChannel	No
Secure Transport	No
JSSE	No
Implementation	DEFLATE

Cryptographic module/token support

Implementation	TPM support	Hardware token support	Objects identified via
cryptlib	No	PKCS11	User-defined label
CyaSSL	No	No
GnuTLS	Yes	PKCS11	PKCS #11 URLs[36]
MatrixSSL	No	PKCS11
NSS	No	PKCS11
OpenSSL	Yes	PKCS11 (via external module)	Custom method
PolarSSL	No	PKCS11 (via libpkcs11-helper) or standard hooks	Custom method
SChannel	No	Microsoft CryptoAPI	UUID, User-defined label
JSSE	No	PKCS11 Java Cryptography Architecture/ Java Cryptography Extension
Implementation	TPM support	Hardware token support	Objects identified via

Extensions

In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.

Implementation	Secure Renegotiation[37]	Server Name Indication[38]	Certificate Status Request[38]	OpenPGP[39]	Supplemental Data[40]	Session Ticket[41]	Keying Material Exporter[42]	Maximum Fragment Length[38]	Truncated HMAC[38]
cryptlib	Yes	Yes	No	No	Yes	No	No	No[43]	No
CyaSSL	No	Yes	No	No	No	No	No	No	No
GnuTLS	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
MatrixSSL	Yes	No	No	No	No	Yes	No	Yes	Yes
NSS	Yes	Yes	Yes	No	No	Yes	No[44]	No	No
OpenSSL	Yes	Yes	Yes	No	No?	Yes	Yes?	No	No
PolarSSL	Yes	Yes	No	No	No	Yes	No	Yes	Yes
SChannel	Yes	Yes	Yes	No	Yes	No[45]	No	No	No
Secure Transport	Yes	Yes	No	No	Yes	No	No	No	No
JSSE	Yes	Partial[18]	No	No	No	No	No	No	No
Implementation	Secure Renegotiation	Server Name Indication	Certificate Status Request	OpenPGP	Supplemental Data	Session Ticket	Keying Material Exporter	Maximum Fragment Length	Truncated HMAC

Code Size and Dependencies

Implementation	Code size	Dependencies	Optional dependencies
CyaSSL	67 kLoc	None	libc, zlib (compression)
GnuTLS	138 kLoc	libc nettle gmp	zlib (compression) p11-kit (PKCS #11) trousers (TPM)
MatrixSSL	22 kLoc	none	zlib (compression)
MatrixSSL-open	18 kLoc	libc or newlib
NSS	400 kLoc	libc libnspr4 libsoftokn3 libplc4 libplds4	zlib (compression)
OpenSSL	159 kLoc	libc	zlib (compression)
PolarSSL	14 kLOC	libc	libpkcs11-helper (PKCS #11) zlib (compression)
JSSE	37 kLoc (Framework and Oracle provider)	Java
Implementation	Code size	Dependencies	Optional dependencies

Development Environment

Implementation	Namespace	Build Tools	API Manual	Crypto Back-end	OpenSSL Compatibility Layer
cryptlib	crypt*	makefile, MSVC project workspaces	Programmers reference manual (PDF), architecture design manual (PDF)	Included (monolithic)	No
CyaSSL	CyaSSL_* SSL_*	Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC	Manual and API Reference (HTML, PDF)	Included (monolithic)	Yes (about 10% of API)
GnuTLS	gnutls_*	Autoconf, automake, libtool	Manual and API reference (HTML, PDF)	External, libnettle	Yes (limited)
MatrixSSL	matrixSsl_* ps*	Makefile, MSVC project workspaces, Xcode projects for Mac OS X and iOS	API Reference (PDF), Integration Guide	Included (pluggable)	Yes (Subset: SSL_read, SSL_write, etc.)
NSS	CERT_* SEC_* SECKEY_* NSS_* PK11_* SSL_* ...	Makefile	Manual (HTML)	Included, PKCS#11 based[46]	Yes (separate package called nss_compat_ossl[47])
OpenSSL	SSL_* SHA1_* MD5_* EVP_* ...	Makefile	Man pages	Included (monolithic)	Not Applicable
PolarSSL	ssl_* sha1_* md5_* x509parse_* ...	Makefile, CMake, MSVC project workspaces	API Reference + High Level and Module Level Documentation (HTML)	Included (monolithic)	No
JSSE	javax.net.ssl	Makefile	API Reference (HTML) + JSSE Reference Guide	Java Cryptography Architecture/ Java Cryptography Extension
Implementation	Namespace	Build Tools	API Manual	Crypto Back-end	OpenSSL Compatibility Layer

Portability Concerns

Implementation	Platform Requirements	Network Requirements	Thread Safety	Random Seed	Able to Cross-Compile	No OS (Bare Metal)	Supported Operating Systems
cryptlib	C89	POSIX send() and recv(). API to supply your own replacement	Thread-safe.	Platform-dependent, including hardware sources	Yes		AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, PalmOS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK
CyaSSL	C89	POSIX send() and recv(). API to supply your own replacement.	Thread-safe, needs mutex hooks if PThreads or WinThreads not available, can be turned off	Random seed set through CTaoCrypt	Yes	Yes	Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, Keil RTX
GnuTLS	C89	POSIX send() and recv(). API to supply your own replacement.	Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available.	platform dependent	Yes		Generally any POSIX platforms or Windows, commonly tested platforms include GNU/Linux, Win32/64, Mac OS X, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
MatrixSSL	C89	none	Thread-safe	platform dependent	Yes	Yes	All
NSS	C89, NSPR[48]	NSPR[48] PR_Send() and PR_Recv(). API to supply your own replacement.	Thread-safe	Platform dependent[49]	Yes (but cumbersome)		AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, Mac OS X, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation
OpenSSL	C89?	?	Needs mutex callbacks	Set through native API			Unix, DOS (with djgpp), Windows, OpenVMS, MacOS, NetWare
PolarSSL	C89	POSIX read() and write(). API to supply your own replacement.	Threading layer available (POSIX or own hooks)	Random seed set through entropy pool	Yes	Yes	Known to work on: Win32/64, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, SeggerOS
JSSE	Java	Java SE network components	Thread-safe	Depends on java.security.SecureRandom	Yes		Java based, platform-independent
Implementation	Platform Requirements	Network Requirements	Thread Safety	Random Seed	Able to Cross-Compile	No OS (Bare Metal)	Supported Operating Systems

See also

• SCTP — with DTLS support
• DCCP — with DTLS support
• SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)

References

1. "Bard attack". CiteSeer^x: 10.1.1.61.5887. {{cite web}}: Missing or empty |url= (help)
2. SSLv2 is insecure
3. RFC 6101
4. RFC 2246
5. RFC 4346
6. RFC 5246 Cite error: The named reference "tls" was defined multiple times with different content (see the help page).
7. RFC 4347
8. RFC 6347
9. SSLv2 client hello is supported
10. "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27.
11. "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10.
12. www.openssl.org/news/changelog.html
13. "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
14. "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
15. RFC 4492
16. draft-chudov-cryptopro-cptls-04
17. RFC 4357
18. Client side only
19. Extensions to support this functionality might be available.
20. RFC 3280
21. RFC 2560
22. "How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013.
23. RFC 5054
24. RFC 4279
25. RFC 5489
26. As of iOS 7, PSK ciphers are enumerated in the headers but there are no APIs that use them.
27. RFC 5288
28. RFC 6655
29. RFC 5932
30. RFC 6367
31. "NSS 3.15.2 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-09-26.
32. Support is erratic, in many cases SChannel will simply drop the connection if a suite with this algorithm is specified.
33. Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens
34. "AES-NI enhancements to NSS on Sandy Bridge systems". 2012-05-02. Retrieved 2013-09-28.
35. RFC 3749
36. PKCS #11 URLs is a way to refer to objects stored in PKCS #11 tokens
37. RFC 5746
38. RFC 6066
39. RFC 6091
40. RFC 4680
41. RFC 5077
42. RFC 5705
43. Present but disabled by default due to lack of use by any implementation.
44. Patch is available
45. Supported in Windows 8.1 Preview and Windows Server 2012 R2 Preview; see What's New in TLS/SSL (Schannel SSP)
46. On the fly replaceable/augmentable.
47. http://fedoraproject.org/wiki/Nss_compat_ossl
48. Netscape Portable Runtime (NSPR)
49. For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For all platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions is uses to determine randomness.