Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Comparison of TLS implementations
open-in-new
<h2 id="overview">Overview</h2> <table><tbody><tr><th>Implementation</th><th>Developed by</th><th>Open source</th><th>Software license</th><th>Copyright holder</th><th>Written in</th><th>Latest stable version, release date</th><th>Origin</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Jack Lloyd</td><td>Yes</td><td><a href="/facts/Simplified_BSD_License/XLtmLp5x">Simplified BSD License</a></td><td>Jack Lloyd</td><td><a href="/facts/C%2B%2B/Et0F2qn9">C++</a></td><td>3.6.1 (October 26, 2024; 5 months ago (2024-10-26)<a class="footnote-ref" id="fnref:1" href="#fn:1"><sup>1</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Botan&action=edit">[±]</a></td><td>US (Vermont)</td></tr><tr><td><a href="/facts/BoringSSL/aXvs5fo2">BoringSSL</a></td><td><a href="/facts/Google/GT9Sugza">Google</a></td><td>Yes</td><td><a href="/facts/OpenSSL_license/aXvs5fo2">OpenSSL-SSLeay dual-license</a>, <a href="/facts/ISC_license/JBUVCH3l">ISC license</a></td><td>Eric Young, Tim Hudson, Sun, OpenSSL project, Google, and others</td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/C%2B%2B/Et0F2qn9">C++</a>, <a href="/facts/Go_(programming_language)/oWlsmAFJ">Go</a>, <a href="/facts/Assembly_language/7XuV0cla">assembly</a></td><td>??</td><td>Australia/EU</td></tr><tr><td><a href="/facts/Bouncy_Castle_(cryptography)/uwEYp9tT">Bouncy Castle</a></td><td>The Legion of the Bouncy Castle Inc.</td><td>Yes</td><td><a href="/facts/MIT_License/8llAQtlk">MIT License</a></td><td>Legion of the Bouncy Castle Inc.</td><td><a href="/facts/Java_(programming_language)/9ScgFyAL">Java</a>, <a href="/facts/C_sharp_(programming_language)/UC2gxeyb">C#</a></td><td><table><tbody><tr><th scope="row">Java</th><td>1.80 / January 14, 2025; 2 months ago (2025-01-14)<a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a></td></tr><tr><th scope="row">Java LTS</th><td>BC-LJA 2.73.7 / November 8, 2024; 4 months ago (2024-11-08)<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a></td></tr><tr><th scope="row">Java FIPS</th><td>BC-FJA 2.0.0 / July 30, 2024; 8 months ago (2024-07-30)<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a></td></tr><tr><th scope="row">C#</th><td>2.5.1 / February 14, 2025; 46 days ago (2025-02-14)<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a></td></tr><tr><th scope="row">C# FIPS</th><td>BC-FNA 1.0.2 / March 11, 2024; 12 months ago (2024-03-11)<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a></td></tr></tbody></table></td><td>Australia</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td><a href="/facts/Dell/wLlYNTMM">Dell</a>, formerly <a href="/facts/RSA_Security/s8kfo2SF">RSA Security</a></td><td>No</td><td><a href="/facts/Proprietary_software/9zcskxYL">Proprietary</a></td><td><a href="/facts/Dell/wLlYNTMM">Dell</a></td><td><a href="/facts/Java_(programming_language)/9ScgFyAL">Java</a>, <a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/Assembly_language/7XuV0cla">assembly</a></td><td>SSL-J 6.6 (July 2, 2024; 8 months ago (2024-07-02)<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/BSAFE_SSL-J&action=edit">[±]</a><p>SSL-J 7.3.1 (October 7, 2024; 5 months ago (2024-10-07)<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/BSAFE_SSL-J&action=edit">[±]</a>Micro Edition Suite 5.0.3 (December 3, 2024; 3 months ago (2024-12-03)<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/BSAFE_Micro_Edition_Suite&action=edit">[±]</a></p></td><td>Australia</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td><a href="/facts/Peter_Gutmann_(computer_scientist)/wSd17S87">Peter Gutmann</a></td><td>Yes</td><td><a href="/facts/Sleepycat_License/YDM3jT6R">Sleepycat License</a> and commercial license</td><td><a href="/facts/Peter_Gutmann_(computer_scientist)/wSd17S87">Peter Gutmann</a></td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a></td><td>3.4.5 (2019; 6 years ago (2019)<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/cryptlib&action=edit">[±]</a></td><td>NZ</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS project</a></td><td>Yes</td><td><a href="/facts/GNU_Lesser_General_Public_License/AXwkz9x3">LGPL-2.1-or-later</a></td><td><a href="/facts/Free_Software_Foundation/k0sBmw7y">Free Software Foundation</a></td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a></td><td>3.8.9<a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a> 2025-02-08</td><td>EU (Greece and Sweden)</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">Java Secure Socket Extension</a> (JSSE)</td><td><a href="/facts/Oracle_Corporation/0z14FygH">Oracle</a></td><td>Yes</td><td><a href="/facts/GNU_General_Public_License/S75KhLSX">GNU GPLv2</a> and commercial license</td><td>Oracle</td><td><a href="/facts/Java_(programming_language)/9ScgFyAL">Java</a></td><td><p>23.0.1 (October 15, 2024; 5 months ago (2024-10-15)<a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Java_(software_platform)&action=edit">[±]</a>21.0.5 <a href="/facts/Long-term_support/0b0L8MKh">LTS</a> (October 15, 2024; 5 months ago (2024-10-15)<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Java_(software_platform)&action=edit">[±]</a>17.0.13 LTS (October 15, 2024; 5 months ago (2024-10-15)<a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Java_(software_platform)&action=edit">[±]</a>11.0.25 LTS (October 15, 2024; 5 months ago (2024-10-15)<a class="footnote-ref" id="fnref:15" href="#fn:15"><sup>15</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Java_(software_platform)&action=edit">[±]</a>8u431 LTS (October 15, 2024; 5 months ago (2024-10-15)<a class="footnote-ref" id="fnref:16" href="#fn:16"><sup>16</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Java_(software_platform)&action=edit">[±]</a></p></td><td>US</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td><a href="/facts/OpenBSD/xmPS9tek">OpenBSD Project</a></td><td>Yes</td><td><a href="/facts/Apache_License/5AeIjas8">Apache-1.0</a>, <a href="/facts/BSD_licenses/XLtmLp5x">BSD-4-Clause</a>, <a href="/facts/ISC_license/JBUVCH3l">ISC</a>, and <a href="/facts/Public_domain/YWKMDKw4">public domain</a></td><td>Eric Young, Tim Hudson, Sun, OpenSSL project, OpenBSD Project, and others</td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/Assembly_language/7XuV0cla">assembly</a></td><td>4.0.0<a class="footnote-ref" id="fnref:17" href="#fn:17"><sup>17</sup></a> 2024-10-14</td><td>Canada</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a><a class="footnote-ref" id="fnref:18" href="#fn:18"><sup>18</sup></a></td><td>PeerSec Networks</td><td>Yes</td><td><a href="/facts/GNU_General_Public_License/S75KhLSX">GNU GPLv2</a>+ and commercial license</td><td>PeerSec Networks</td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a></td><td>4.2.2 (September 11, 2019; 5 years ago (2019-09-11) <a class="footnote-ref" id="fnref:19" href="#fn:19"><sup>19</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/MatrixSSL&action=edit">[±]</a></td><td>US</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a> (previously PolarSSL)</td><td><a href="/facts/Arm_Holdings/jqqppj7b">Arm</a></td><td>Yes</td><td><a href="/facts/Apache_License/5AeIjas8">Apache License</a> 2.0, <a href="/facts/GNU_General_Public_License/S75KhLSX">GNU GPLv2</a>+ and commercial license</td><td><a href="/facts/Arm_Holdings/jqqppj7b">Arm Holdings</a></td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a></td><td>3.6.3<a class="footnote-ref" id="fnref:20" href="#fn:20"><sup>20</sup></a> (24 March 2025; 8 days ago (24 March 2025)) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Mbed_TLS&action=edit">[±]</a></td><td>EU (Netherlands)</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">Network Security Services</a> (NSS)</td><td><a href="/facts/Mozilla/FevL9Itn">Mozilla</a>, <a href="/facts/AOL/MAbT38QS">AOL</a>, <a href="/facts/Red_Hat/5rhmBLBa">Red Hat</a>, <a href="/facts/Sun_Microsystems/VJ9EzEFd">Sun</a>, <a href="/facts/Oracle_Corporation/0z14FygH">Oracle</a>, <a href="/facts/Google/GT9Sugza">Google</a> and others</td><td>Yes</td><td><a href="/facts/Mozilla_Public_License/hBuvAz1w">MPL</a> 2.0</td><td>NSS contributors</td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/Assembly_language/7XuV0cla">assembly</a></td><td><table><tbody><tr><th scope="row">Standard</th><td>3.84 / October 12, 2022; 2 years ago (2022-10-12)<a class="footnote-ref" id="fnref:21" href="#fn:21"><sup>21</sup></a></td></tr><tr><th scope="row">Extended Support Release</th><td>3.79.1 / August 18, 2022; 2 years ago (2022-08-18)<a class="footnote-ref" id="fnref:22" href="#fn:22"><sup>22</sup></a></td></tr></tbody></table></td><td>US</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL project</a></td><td>Yes</td><td><a href="/facts/Apache_License/5AeIjas8">Apache-2.0</a><a class="footnote-ref" id="fnref:23" href="#fn:23"><sup>23</sup></a></td><td>Eric Young, Tim Hudson, Sun, OpenSSL project, and others</td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/Assembly_language/7XuV0cla">assembly</a></td><td>3.4.1<a class="footnote-ref" id="fnref:24" href="#fn:24"><sup>24</sup></a> 2025-02-11</td><td>Australia/EU</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>Joe Birr-Pixton, Dirkjan Ochtman, Daniel McCarney, Josh Aas, and open source contributors</td><td>Yes</td><td><a href="/facts/Apache_License/5AeIjas8">Apache-2.0</a>, <a href="/facts/MIT_License/8llAQtlk">MIT License</a> and <a href="/facts/ISC_license/JBUVCH3l">ISC</a></td><td>Open source contributors</td><td><a href="/facts/Rust_(programming_language)/8JNMV19F">Rust</a></td><td>v0.23.25 (March 17, 2025; 15 days ago (2025-03-17)<a class="footnote-ref" id="fnref:25" href="#fn:25"><sup>25</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/Rustls&action=edit">[±]</a></td><td>United Kingdom</td></tr><tr><td><a href="/facts/S2n/erxqccsw">s2n</a></td><td><a href="/facts/Amazon.com/YzUTUVE8">Amazon</a></td><td>Yes</td><td><a href="/facts/Apache_License/5AeIjas8">Apache License</a> 2.0, <a href="/facts/GNU_General_Public_License/S75KhLSX">GNU GPLv2</a>+ and commercial license</td><td>Amazon.com, Inc.</td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a></td><td>Continuous</td><td>US</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td><a href="/facts/Microsoft/nGIDDXdx">Microsoft</a></td><td>No</td><td><a href="/facts/Proprietary_software/9zcskxYL">Proprietary</a></td><td>Microsoft Corporation</td><td></td><td>Windows 11, 2021-10-05</td><td>US</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td><a href="/facts/Apple_Inc./oTJYta3k">Apple Inc.</a></td><td>Yes</td><td><a href="/facts/Apple_Public_Source_License/sujXlYJA">APSL 2.0</a></td><td>Apple Inc.</td><td></td><td>57337.20.44 (<a href="/facts/OS_X/Y93vVpTm">OS X</a> 10.11.2), 2015-12-08</td><td>US</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a> (previously CyaSSL)</td><td>wolfSSL<a class="footnote-ref" id="fnref:26" href="#fn:26"><sup>26</sup></a></td><td>Yes</td><td><a href="/facts/GNU_General_Public_License/S75KhLSX">GNU GPLv2</a>+ and commercial license</td><td>wolfSSL Inc.<a class="footnote-ref" id="fnref:27" href="#fn:27"><sup>27</sup></a></td><td><a href="/facts/C_(programming_language)/Ky2No763">C</a>, <a href="/facts/Assembly_language/7XuV0cla">assembly</a></td><td>5.7.6 (December 31, 2024; 3 months ago (2024-12-31)<a class="footnote-ref" id="fnref:28" href="#fn:28"><sup>28</sup></a>) <a href="https://en.wikipedia.org/w/index.php?title=Template:Latest_stable_software_release/wolfSSL&action=edit">[±]</a></td><td>US</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Ericsson</td><td>Yes</td><td>Apache License 2.0</td><td>Ericsson</td><td>Erlang</td><td>OTP-21, 2018-06-19</td><td>Sweden</td></tr><tr><th>Implementation</th><th>Developed by</th><th>Open source</th><th>Software license</th><th>Copyright owner</th><th>Written in</th><th>Latest stable version, release date</th><th>Origin</th></tr></tbody></table> <h2 id="tlsssl-protocol-version-support">TLS/SSL protocol version support</h2> <p>Several versions of the TLS protocol exist. SSL 2.0 is a deprecated<a class="footnote-ref" id="fnref:29" href="#fn:29"><sup>29</sup></a> protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.<a class="footnote-ref" id="fnref:30" href="#fn:30"><sup>30</sup></a> TLS 1.1 (2006) fixed only one of the problems, by switching to random <a href="/facts/Initialization_vector/qlVQjCS3">initialization vectors</a> (IV) for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC 7366.<a class="footnote-ref" id="fnref:31" href="#fn:31"><sup>31</sup></a> A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011.<a class="footnote-ref" id="fnref:32" href="#fn:32"><sup>32</sup></a> In 2014, the <a href="/facts/POODLE/2pnTrBg6">POODLE</a> vulnerability of SSL 3.0 was discovered, which takes advantage of the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.<a class="footnote-ref" id="fnref:33" href="#fn:33"><sup>33</sup></a> </p><p>TLS 1.2 (2008) introduced a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).<a class="footnote-ref" id="fnref:34" href="#fn:34"><sup>34</sup></a> </p><p><a href="/facts/Datagram_Transport_Layer_Security/WxzxdITB">Datagram Transport Layer Security</a> (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012.<a class="footnote-ref" id="fnref:35" href="#fn:35"><sup>35</sup></a> </p><p>TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2. </p><p>Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2. </p> <table><tbody><tr><th>Implementation</th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">SSL 2.0</a> (insecure)<a class="footnote-ref" id="fnref:36" href="#fn:36"><sup>36</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">SSL 3.0</a> (insecure)<a class="footnote-ref" id="fnref:37" href="#fn:37"><sup>37</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.0</a> (deprecated)<a class="footnote-ref" id="fnref:38" href="#fn:38"><sup>38</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.1</a> (deprecated)<a class="footnote-ref" id="fnref:39" href="#fn:39"><sup>39</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.2</a><a class="footnote-ref" id="fnref:40" href="#fn:40"><sup>40</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.3</a></th><th><a href="/facts/Datagram_Transport_Layer_Security/WxzxdITB">DTLS 1.0</a> (deprecated)<a class="footnote-ref" id="fnref:41" href="#fn:41"><sup>41</sup></a></th><th><a href="/facts/Datagram_Transport_Layer_Security/WxzxdITB">DTLS 1.2</a><a class="footnote-ref" id="fnref:42" href="#fn:42"><sup>42</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td><td>No<a class="footnote-ref" id="fnref:43" href="#fn:43"><sup>43</sup></a></td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td></tr><tr><td><a href="/facts/BoringSSL/aXvs5fo2">BoringSSL</a></td><td></td><td></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Bouncy_Castle_(cryptography)/uwEYp9tT">Bouncy Castle</a></td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes(draft version)</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J<a class="footnote-ref" id="fnref:44" href="#fn:44"><sup>44</sup></a></td><td>No</td><td>Disabled by default</td><td>No<a class="footnote-ref" id="fnref:45" href="#fn:45"><sup>45</sup></a></td><td>No<a class="footnote-ref" id="fnref:46" href="#fn:46"><sup>46</sup></a></td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>No</td><td>Disabled by default at compile time</td><td>Yes</td><td>Yes</td><td>Yes</td><td></td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>No<a class="footnote-ref" id="fnref:47" href="#fn:47"><sup>47</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:48" href="#fn:48"><sup>48</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:49" href="#fn:49"><sup>49</sup></a></td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>No<a class="footnote-ref" id="fnref:50" href="#fn:50"><sup>50</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:51" href="#fn:51"><sup>51</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:52" href="#fn:52"><sup>52</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:53" href="#fn:53"><sup>53</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>No<a class="footnote-ref" id="fnref:54" href="#fn:54"><sup>54</sup></a></td><td>No<a class="footnote-ref" id="fnref:55" href="#fn:55"><sup>55</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:56" href="#fn:56"><sup>56</sup></a></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>No</td><td>Disabled by default at compile time<a class="footnote-ref" id="fnref:57" href="#fn:57"><sup>57</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>No</td><td>No<a class="footnote-ref" id="fnref:58" href="#fn:58"><sup>58</sup></a></td><td>No<a class="footnote-ref" id="fnref:59" href="#fn:59"><sup>59</sup></a></td><td>No<a class="footnote-ref" id="fnref:60" href="#fn:60"><sup>60</sup></a></td><td>Yes</td><td>Yes(experimental)</td><td>Yes<a class="footnote-ref" id="fnref:61" href="#fn:61"><sup>61</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:62" href="#fn:62"><sup>62</sup></a></td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>No<a class="footnote-ref" id="fnref:63" href="#fn:63"><sup>63</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:64" href="#fn:64"><sup>64</sup></a></td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:65" href="#fn:65"><sup>65</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:66" href="#fn:66"><sup>66</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:67" href="#fn:67"><sup>67</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:68" href="#fn:68"><sup>68</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:69" href="#fn:69"><sup>69</sup></a></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>No<a class="footnote-ref" id="fnref:70" href="#fn:70"><sup>70</sup></a></td><td>Disabled by default</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:71" href="#fn:71"><sup>71</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:72" href="#fn:72"><sup>72</sup></a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:73" href="#fn:73"><sup>73</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No<a class="footnote-ref" id="fnref:74" href="#fn:74"><sup>74</sup></a></td><td>No<a class="footnote-ref" id="fnref:75" href="#fn:75"><sup>75</sup></a></td><td>No<a class="footnote-ref" id="fnref:76" href="#fn:76"><sup>76</sup></a></td><td>No<a class="footnote-ref" id="fnref:77" href="#fn:77"><sup>77</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:78" href="#fn:78"><sup>78</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:79" href="#fn:79"><sup>79</sup></a></td><td>No</td><td>No</td></tr><tr><td><a href="/facts/S2n/erxqccsw">s2n</a><a class="footnote-ref" id="fnref:80" href="#fn:80"><sup>80</sup></a></td><td>No</td><td>Disabled by default</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> XP, 2003<a class="footnote-ref" id="fnref:81" href="#fn:81"><sup>81</sup></a></td><td>Disabled by default in MSIE 7</td><td>Enabled by default</td><td>Enabled by default in MSIE 7</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> Vista<a class="footnote-ref" id="fnref:82" href="#fn:82"><sup>82</sup></a></td><td>Disabled by default</td><td>Enabled by default</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> 2008<a class="footnote-ref" id="fnref:83" href="#fn:83"><sup>83</sup></a></td><td>Disabled by default</td><td>Enabled by default</td><td>Yes</td><td>Disabled by default (KB4019276)</td><td>Disabled by default (KB4019276)</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> 7, 2008R2<a class="footnote-ref" id="fnref:84" href="#fn:84"><sup>84</sup></a></td><td>Disabled by default</td><td>Disabled by default in MSIE 11</td><td>Yes</td><td>Enabled by default in MSIE 11</td><td>Enabled by default in MSIE 11</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:85" href="#fn:85"><sup>85</sup></a></td><td>No<a class="footnote-ref" id="fnref:86" href="#fn:86"><sup>86</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> 8, 2012<a class="footnote-ref" id="fnref:87" href="#fn:87"><sup>87</sup></a></td><td>Disabled by default</td><td>Enabled by default</td><td>Yes</td><td>Disabled by default</td><td>Disabled by default</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> 8.1, 2012R2, 10 RTM & v1511<a class="footnote-ref" id="fnref:88" href="#fn:88"><sup>88</sup></a></td><td>Disabled by default</td><td>Disabled by default in MSIE 11</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> 10 v1607 / 2016<a class="footnote-ref" id="fnref:89" href="#fn:89"><sup>89</sup></a></td><td>No</td><td>Disabled by default</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a> 11 / 2022<a class="footnote-ref" id="fnref:90" href="#fn:90"><sup>90</sup></a></td><td>No</td><td>Disabled by default</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a><p>OS X 10.2-10.7, iOS 1-4</p></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td></td><td>No</td><td>No</td></tr><tr><td>Secure Transport OS X 10.8-10.10, iOS 5-8</td><td>No<a class="footnote-ref" id="fnref:91" href="#fn:91"><sup>91</sup></a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:92" href="#fn:92"><sup>92</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:93" href="#fn:93"><sup>93</sup></a></td><td></td><td>Yes<a class="footnote-ref" id="fnref:94" href="#fn:94"><sup>94</sup></a></td><td>No</td></tr><tr><td>Secure Transport OS X 10.11, iOS 9</td><td>No</td><td>No<a class="footnote-ref" id="fnref:95" href="#fn:95"><sup>95</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td></td><td>Yes</td><td>Unknown</td></tr><tr><td>Secure Transport OS X 10.13, iOS 11</td><td>No</td><td>No<a class="footnote-ref" id="fnref:96" href="#fn:96"><sup>96</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes(draft version)<a class="footnote-ref" id="fnref:97" href="#fn:97"><sup>97</sup></a></td><td>Yes</td><td>Unknown</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>No</td><td>Disabled by default<a class="footnote-ref" id="fnref:98" href="#fn:98"><sup>98</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:99" href="#fn:99"><sup>99</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application<a class="footnote-ref" id="fnref:100" href="#fn:100"><sup>100</sup></a></td><td>No <a class="footnote-ref" id="fnref:101" href="#fn:101"><sup>101</sup></a></td><td>No <a class="footnote-ref" id="fnref:102" href="#fn:102"><sup>102</sup></a></td><td>Disabled by default <a class="footnote-ref" id="fnref:103" href="#fn:103"><sup>103</sup></a></td><td>Disabled by default <a class="footnote-ref" id="fnref:104" href="#fn:104"><sup>104</sup></a></td><td>Yes</td><td>Partially <a class="footnote-ref" id="fnref:105" href="#fn:105"><sup>105</sup></a></td><td>Disabled by default <a class="footnote-ref" id="fnref:106" href="#fn:106"><sup>106</sup></a></td><td>Yes</td></tr><tr><th>Implementation</th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">SSL 2.0</a> (insecure)<a class="footnote-ref" id="fnref:107" href="#fn:107"><sup>107</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">SSL 3.0</a> (insecure)<a class="footnote-ref" id="fnref:108" href="#fn:108"><sup>108</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.0</a> (deprecated)<a class="footnote-ref" id="fnref:109" href="#fn:109"><sup>109</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.1</a> (deprecated)<a class="footnote-ref" id="fnref:110" href="#fn:110"><sup>110</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.2</a><a class="footnote-ref" id="fnref:111" href="#fn:111"><sup>111</sup></a></th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.3</a></th><th><a href="/facts/Datagram_Transport_Layer_Security/WxzxdITB">DTLS 1.0</a> (deprecated)<a class="footnote-ref" id="fnref:112" href="#fn:112"><sup>112</sup></a></th><th><a href="/facts/Datagram_Transport_Layer_Security/WxzxdITB">DTLS 1.2</a><a class="footnote-ref" id="fnref:113" href="#fn:113"><sup>113</sup></a></th></tr></tbody></table> <h2 id="nsa-suite-b-cryptography">NSA Suite B Cryptography</h2> <p>Required components for <a href="/facts/NSA_Suite_B_Cryptography/Q1VDGHJy">NSA Suite B Cryptography</a> (RFC 6460) are: </p> <ul><li><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">Advanced Encryption Standard</a> (AES) with key sizes of 128 and 256 bits. For traffic flow, AES should be used with either the Counter Mode (CTR) for low bandwidth traffic or the <a href="/facts/Galois/Counter_Mode/bx43MwfC">Galois/Counter Mode</a> (GCM) mode of operation for high bandwidth traffic (see <a href="/facts/Block_cipher_modes_of_operation/vIUabB2z">Block cipher modes of operation</a>) — <a href="/facts/Symmetric_encryption/5zfe0b76">symmetric encryption</a></li> <li><a href="/facts/Elliptic_Curve_Digital_Signature_Algorithm/gl0mfnS1">Elliptic Curve Digital Signature Algorithm</a> (ECDSA) — <a href="/facts/Digital_signature/tY7e2pnW">digital signatures</a></li> <li><a href="/facts/Elliptic_Curve_Diffie%E2%80%93Hellman/zy3IJCeK">Elliptic Curve Diffie–Hellman</a> (ECDH) — <a href="/facts/Key_agreement/W1DErngS">key agreement</a></li> <li><a href="/facts/SHA-2/P59oPeGq">Secure Hash Algorithm 2</a> (SHA-256 and SHA-384) — <a href="/facts/Message_digest/cuxkgbST">message digest</a></li></ul> <p>Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the <a href="/facts/United_States_security_clearance/veKtcudb">Secret</a> level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of <a href="/facts/United_States_security_clearance/veKtcudb">Top Secret</a> information. </p> <table><tbody><tr><th>Implementation</th><th><a href="/facts/Transport_Layer_Security/pGy16TnA">TLS 1.2</a> <a href="/facts/NSA_Suite_B_Cryptography/Q1VDGHJy">Suite B</a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Yes</td></tr><tr><td><a href="/facts/Bouncy_Castle_(cryptography)/uwEYp9tT">Bouncy Castle</a></td><td>Yes</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>Yes<a class="footnote-ref" id="fnref:114" href="#fn:114"><sup>114</sup></a></td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>Yes</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Yes<a class="footnote-ref" id="fnref:115" href="#fn:115"><sup>115</sup></a></td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>No<a class="footnote-ref" id="fnref:116" href="#fn:116"><sup>116</sup></a></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes<a class="footnote-ref" id="fnref:117" href="#fn:117"><sup>117</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>Yes<a class="footnote-ref" id="fnref:118" href="#fn:118"><sup>118</sup></a></td></tr><tr><td><a href="/facts/S2n/erxqccsw">S2n</a></td><td></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td>Yes<a class="footnote-ref" id="fnref:119" href="#fn:119"><sup>119</sup></a></td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td></tr><tr><th>Implementation</th><th>TLS 1.2 Suite B</th></tr></tbody></table> <h2 id="certifications">Certifications</h2> <p>Note that certain certifications have received serious negative criticism from people who are actually involved in them.<a class="footnote-ref" id="fnref:120" href="#fn:120"><sup>120</sup></a> </p> <table><tbody><tr><th rowspan="2">Implementation</th><th colspan="2"><a href="/facts/FIPS_140-1/RR3mdkza">FIPS 140-1</a>, <a href="/facts/FIPS_140-2/xCKhMHnK">FIPS 140-2</a><a class="footnote-ref" id="fnref:121" href="#fn:121"><sup>121</sup></a></th><th><a href="/facts/FIPS_140-3/TkWdxJh5">FIPS 140-3</a></th></tr><tr><th>Level 1</th><th>Level 2[<i>disputed – discuss</i>]</th><th>Level 1</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a><a class="footnote-ref" id="fnref:122" href="#fn:122"><sup>122</sup></a></td><td></td><td></td><td></td></tr><tr><td><a href="/facts/Bouncy_Castle_(cryptography)/uwEYp9tT">Bouncy Castle</a></td><td>BC-FJA 1.0.0 (#2768) BC-FJA 1.0.1 (#3152)</td><td></td><td></td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J<a class="footnote-ref" id="fnref:123" href="#fn:123"><sup>123</sup></a></td><td>Crypto-J 6.0 (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1785">1785</a>, <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1786">1786</a>)Crypto-J 6.1 / 6.1.1.0.1 (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2057">2057</a>, <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2058">2058</a>)Crypto-J 6.2 / 6.2.1.1 (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2468">2468</a>, <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2469">2469</a>)Crypto-J 6.2.4 (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3172">3172</a>, <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3184">3184</a>)Crypto-J 6.2.5 (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3819">#3819</a>, <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3820">#3820</a>)Crypto-J 6.3 (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4696">#4696</a>, <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4697">#4697</a>)</td><td></td><td>Crypto-J 7.0 (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4892">4892</a>)</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a><a class="footnote-ref" id="fnref:124" href="#fn:124"><sup>124</sup></a></td><td></td><td></td><td></td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a><a class="footnote-ref" id="fnref:125" href="#fn:125"><sup>125</sup></a></td><td>Red Hat Enterprise Linux GnuTLS Cryptographic Module (#2780)</td><td></td><td></td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td></td><td></td><td></td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a><a class="footnote-ref" id="fnref:126" href="#fn:126"><sup>126</sup></a></td><td>no support</td><td></td><td></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a><a class="footnote-ref" id="fnref:127" href="#fn:127"><sup>127</sup></a></td><td>SafeZone FIPS Cryptographic Module: 1.1 (#2389)</td><td></td><td></td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a><a class="footnote-ref" id="fnref:128" href="#fn:128"><sup>128</sup></a></td><td></td><td></td><td></td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a><a class="footnote-ref" id="fnref:129" href="#fn:129"><sup>129</sup></a></td><td>Network Security Services: 3.2.2 (#247)Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837)</td><td>Netscape Security Module: 1 (#7<a class="footnote-ref" id="fnref:130" href="#fn:130"><sup>130</sup></a>), 1.01 (#47<a class="footnote-ref" id="fnref:131" href="#fn:131"><sup>131</sup></a>)Network Security Services: 3.2.2 (#248<a class="footnote-ref" id="fnref:132" href="#fn:132"><sup>132</sup></a>)Network Security Services Cryptographic Module: 3.11.4 (#814<a class="footnote-ref" id="fnref:133" href="#fn:133"><sup>133</sup></a>), 3.12.4 (#1279, #1280<a class="footnote-ref" id="fnref:134" href="#fn:134"><sup>134</sup></a>)</td><td></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a><a class="footnote-ref" id="fnref:135" href="#fn:135"><sup>135</sup></a></td><td>OpenSSL FIPS Object Module: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051)2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)</td><td></td><td></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td></td><td></td><td>aws-lc FIPS module<a class="footnote-ref" id="fnref:136" href="#fn:136"><sup>136</sup></a> (<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4759">#4759</a>)</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a><a class="footnote-ref" id="fnref:137" href="#fn:137"><sup>137</sup></a></td><td>Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8See details on <a href="https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140">Microsoft FIPS 140 Validated Cryptographic Modules</a></td><td></td><td></td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>Apple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701)Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016)Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7, #2020, #2021)</td><td></td><td></td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a><a class="footnote-ref" id="fnref:138" href="#fn:138"><sup>138</sup></a></td><td>wolfCrypt FIPS Module: 4.0 (#3389)See details on <a href="https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Certificate/3389">NIST certificate</a> for validated Operating EnvironmentswolfCrypt FIPS Module: 3.6.0 (#2425)See details on <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2425">NIST certificate</a> for validated Operating Environments</td><td></td><td>wolfCrypt FIPS Module (#4178)See details on <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4718">NIST certificate</a></td></tr><tr><th rowspan="2">Implementation</th><th>Level 1</th><th>Level 2</th><th>Level 1</th></tr><tr><th colspan="2">FIPS 140-1, FIPS 140-2</th><th colspan="1">FIPS 140-3</th></tr></tbody></table> <h2 id="key-exchange-algorithms-certificate-only">Key exchange algorithms (certificate-only)</h2> <p>This section lists the certificate verification functionality available in the various implementations. </p> <table><tbody><tr><th>Implementation</th><th><a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:139" href="#fn:139"><sup>139</sup></a></th><th><a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a>-EXPORT (insecure)<a class="footnote-ref" id="fnref:140" href="#fn:140"><sup>140</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DHE</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:141" href="#fn:141"><sup>141</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DHE</a>-<a href="/facts/Digital_Signature_Algorithm/0o0FK486">DSS</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:142" href="#fn:142"><sup>142</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDH</a>-<a href="/facts/Elliptic_Curve_DSA/gl0mfnS1">ECDSA</a><a class="footnote-ref" id="fnref:143" href="#fn:143"><sup>143</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDHE</a>-<a href="/facts/Elliptic_Curve_DSA/gl0mfnS1">ECDSA</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:144" href="#fn:144"><sup>144</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDH</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:145" href="#fn:145"><sup>145</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDHE</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:146" href="#fn:146"><sup>146</sup></a></th><th><a href="/facts/GOST/Ith9dFHs">GOST</a> R 34.10-94, 34.10-2001<a class="footnote-ref" id="fnref:147" href="#fn:147"><sup>147</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Disabled by default</td><td>No</td><td>Yes</td><td>Disabled by default</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>No</td><td>Yes</td><td>Disabled by default<a class="footnote-ref" id="fnref:148" href="#fn:148"><sup>148</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Yes</td><td>Disabled by default</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:149" href="#fn:149"><sup>149</sup></a></td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:150" href="#fn:150"><sup>150</sup></a></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Disabled by default</td><td>Yes<a class="footnote-ref" id="fnref:151" href="#fn:151"><sup>151</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:152" href="#fn:152"><sup>152</sup></a><a class="footnote-ref" id="fnref:153" href="#fn:153"><sup>153</sup></a></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:154" href="#fn:154"><sup>154</sup></a></td><td>Yes</td><td>Disabled by default<a class="footnote-ref" id="fnref:155" href="#fn:155"><sup>155</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:156" href="#fn:156"><sup>156</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:157" href="#fn:157"><sup>157</sup></a></td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:158" href="#fn:158"><sup>158</sup></a></td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel XP/2003</a></td><td>Yes</td><td>Yes</td><td>No</td><td>XP: Max 1024 bits2003: 1024 bits only</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No<a class="footnote-ref" id="fnref:159" href="#fn:159"><sup>159</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel Vista/2008</a></td><td>Yes</td><td>Disabled by default</td><td>No</td><td>1024 bits by default<a class="footnote-ref" id="fnref:160" href="#fn:160"><sup>160</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>except AES_GCM</td><td>No<a class="footnote-ref" id="fnref:161" href="#fn:161"><sup>161</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 8/2012</a></td><td>Yes</td><td>Disabled by default</td><td>AES_GCM only<a class="footnote-ref" id="fnref:162" href="#fn:162"><sup>162</sup></a><a class="footnote-ref" id="fnref:163" href="#fn:163"><sup>163</sup></a><a class="footnote-ref" id="fnref:164" href="#fn:164"><sup>164</sup></a></td><td>1024 bits by default<a class="footnote-ref" id="fnref:165" href="#fn:165"><sup>165</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>except AES_GCM</td><td>No<a class="footnote-ref" id="fnref:166" href="#fn:166"><sup>166</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 7/2008R2, 8.1/2012R2</a></td><td>Yes</td><td>Disabled by default</td><td>Yes</td><td>2048 bits by default<a class="footnote-ref" id="fnref:167" href="#fn:167"><sup>167</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>except AES_GCM</td><td>No<a class="footnote-ref" id="fnref:168" href="#fn:168"><sup>168</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 10</a></td><td>Yes</td><td>Disabled by default</td><td>Yes</td><td>2048 bits by default<a class="footnote-ref" id="fnref:169" href="#fn:169"><sup>169</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:170" href="#fn:170"><sup>170</sup></a></td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> OS X 10.6</td><td>Yes</td><td>Yes</td><td>except AES_GCM</td><td>Yes</td><td>Yes</td><td>except AES_GCM</td><td>yes</td><td>except AES_GCM</td><td>No</td></tr><tr><td>Secure Transport OS X 10.8-10.10</td><td>Yes</td><td>No</td><td>except AES_GCM</td><td>No</td><td>Yes</td><td>except AES_GCM</td><td>Yes</td><td>except AES_GCM</td><td>No</td></tr><tr><td>Secure Transport OS X 10.11</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td></tr><tr><th>Implementation</th><th><a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:171" href="#fn:171"><sup>171</sup></a></th><th><a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a>-EXPORT (insecure)<a class="footnote-ref" id="fnref:172" href="#fn:172"><sup>172</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DHE</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:173" href="#fn:173"><sup>173</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DHE</a>-<a href="/facts/Digital_Signature_Algorithm/0o0FK486">DSS</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:174" href="#fn:174"><sup>174</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDH</a>-<a href="/facts/Elliptic_Curve_DSA/gl0mfnS1">ECDSA</a><a class="footnote-ref" id="fnref:175" href="#fn:175"><sup>175</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDHE</a>-<a href="/facts/Elliptic_Curve_DSA/gl0mfnS1">ECDSA</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:176" href="#fn:176"><sup>176</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDH</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:177" href="#fn:177"><sup>177</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDHE</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:178" href="#fn:178"><sup>178</sup></a></th><th><a href="/facts/GOST/Ith9dFHs">GOST</a> R 34.10-94, 34.10-2001<a class="footnote-ref" id="fnref:179" href="#fn:179"><sup>179</sup></a></th></tr></tbody></table> <h2 id="key-exchange-algorithms-alternative-key-exchanges">Key exchange algorithms (alternative key-exchanges)</h2> <table><tbody><tr><th>Implementation</th><th><a href="/facts/Secure_Remote_Password_protocol/xznfeN8v">SRP</a><a class="footnote-ref" id="fnref:180" href="#fn:180"><sup>180</sup></a></th><th><a href="/facts/Secure_Remote_Password_protocol/xznfeN8v">SRP</a>-<a href="/facts/Digital_Signature_Algorithm/0o0FK486">DSS</a><a class="footnote-ref" id="fnref:181" href="#fn:181"><sup>181</sup></a></th><th><a href="/facts/Secure_Remote_Password_protocol/xznfeN8v">SRP</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:182" href="#fn:182"><sup>182</sup></a></th><th><a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:183" href="#fn:183"><sup>183</sup></a></th><th><a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a><a class="footnote-ref" id="fnref:184" href="#fn:184"><sup>184</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DHE</a>-<a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:185" href="#fn:185"><sup>185</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDHE</a>-<a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:186" href="#fn:186"><sup>186</sup></a></th><th><a href="/facts/Kerberos_(protocol)/RMXs3P1w">KRB5</a><a class="footnote-ref" id="fnref:187" href="#fn:187"><sup>187</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DH</a>-ANON<a class="footnote-ref" id="fnref:188" href="#fn:188"><sup>188</sup></a> (insecure)</th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDH</a>-ANON<a class="footnote-ref" id="fnref:189" href="#fn:189"><sup>189</sup></a> (insecure)</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:190" href="#fn:190"><sup>190</sup></a></td><td>No</td><td>No</td><td>No</td><td>Disabled by default</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Disabled by default</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Disabled by default</td><td>Disabled by default</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>No<a class="footnote-ref" id="fnref:191" href="#fn:191"><sup>191</sup></a></td><td>No<a class="footnote-ref" id="fnref:192" href="#fn:192"><sup>192</sup></a></td><td>No<a class="footnote-ref" id="fnref:193" href="#fn:193"><sup>193</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>Disabled by default</td><td>No</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>No<a class="footnote-ref" id="fnref:194" href="#fn:194"><sup>194</sup></a></td><td>No<a class="footnote-ref" id="fnref:195" href="#fn:195"><sup>195</sup></a></td><td>No<a class="footnote-ref" id="fnref:196" href="#fn:196"><sup>196</sup></a></td><td>No<a class="footnote-ref" id="fnref:197" href="#fn:197"><sup>197</sup></a></td><td>No<a class="footnote-ref" id="fnref:198" href="#fn:198"><sup>198</sup></a></td><td>No<a class="footnote-ref" id="fnref:199" href="#fn:199"><sup>199</sup></a></td><td>No<a class="footnote-ref" id="fnref:200" href="#fn:200"><sup>200</sup></a></td><td>No</td><td>Client side only, disabled by default<a class="footnote-ref" id="fnref:201" href="#fn:201"><sup>201</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:202" href="#fn:202"><sup>202</sup></a></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:203" href="#fn:203"><sup>203</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:204" href="#fn:204"><sup>204</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:205" href="#fn:205"><sup>205</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Unknown</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:206" href="#fn:206"><sup>206</sup></a></td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>No</td><td>No</td><td>Disabled by default</td><td>Disabled by default</td></tr><tr><th>Implementation</th><th><a href="/facts/Secure_Remote_Password_protocol/xznfeN8v">SRP</a><a class="footnote-ref" id="fnref:207" href="#fn:207"><sup>207</sup></a></th><th><a href="/facts/Secure_Remote_Password_protocol/xznfeN8v">SRP</a>-<a href="/facts/Digital_Signature_Algorithm/0o0FK486">DSS</a><a class="footnote-ref" id="fnref:208" href="#fn:208"><sup>208</sup></a></th><th><a href="/facts/Secure_Remote_Password_protocol/xznfeN8v">SRP</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:209" href="#fn:209"><sup>209</sup></a></th><th><a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a>-<a href="/facts/RSA_(cryptosystem)/XTzyfHuq">RSA</a><a class="footnote-ref" id="fnref:210" href="#fn:210"><sup>210</sup></a></th><th><a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a><a class="footnote-ref" id="fnref:211" href="#fn:211"><sup>211</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DHE</a>-<a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:212" href="#fn:212"><sup>212</sup></a></th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDHE</a>-<a href="/facts/Pre-shared_key/1mgbgR1X">PSK</a> (<a href="/facts/Forward_secrecy/ojScslsj">forward secrecy</a>)<a class="footnote-ref" id="fnref:213" href="#fn:213"><sup>213</sup></a></th><th><a href="/facts/Kerberos_(protocol)/RMXs3P1w">KRB5</a><a class="footnote-ref" id="fnref:214" href="#fn:214"><sup>214</sup></a></th><th><a href="/facts/Diffie%E2%80%93Hellman_key_exchange/xR4YQcaD">DH</a>-ANON<a class="footnote-ref" id="fnref:215" href="#fn:215"><sup>215</sup></a> (insecure)</th><th><a href="/facts/Elliptic_curve_Diffie%E2%80%93Hellman/zy3IJCeK">ECDH</a>-ANON<a class="footnote-ref" id="fnref:216" href="#fn:216"><sup>216</sup></a> (insecure)</th></tr></tbody></table> <h2 id="certificate-verification-methods">Certificate verification methods</h2> <table><tbody><tr><th>Implementation</th><th>Application-defined</th><th>PKIX path validation<a class="footnote-ref" id="fnref:217" href="#fn:217"><sup>217</sup></a></th><th><a href="/facts/Revocation_list/JSP12aR0">CRL</a><a class="footnote-ref" id="fnref:218" href="#fn:218"><sup>218</sup></a></th><th><a href="/facts/Online_Certificate_Status_Protocol/0SuMER8c">OCSP</a><a class="footnote-ref" id="fnref:219" href="#fn:219"><sup>219</sup></a></th><th><a href="/facts/DNS-based_Authentication_of_Named_Entities/I6X5h9P7">DANE</a> (DNSSEC)<a class="footnote-ref" id="fnref:220" href="#fn:220"><sup>220</sup></a><a class="footnote-ref" id="fnref:221" href="#fn:221"><sup>221</sup></a></th><th><a href="/facts/Certificate_Transparency/tcW3lqm7">CT</a><a class="footnote-ref" id="fnref:222" href="#fn:222"><sup>222</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Bouncy_Castle_(cryptography)/uwEYp9tT">Bouncy Castle</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Unknown</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Unknown</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:223" href="#fn:223"><sup>223</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:224" href="#fn:224"><sup>224</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:225" href="#fn:225"><sup>225</sup></a></td><td>Unknown</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/S2n/erxqccsw">s2n</a></td><td></td><td></td><td>No <a class="footnote-ref" id="fnref:226" href="#fn:226"><sup>226</sup></a></td><td>Unknown <a class="footnote-ref" id="fnref:227" href="#fn:227"><sup>227</sup></a></td><td></td><td>Unknown <a class="footnote-ref" id="fnref:228" href="#fn:228"><sup>228</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td>Unknown</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:229" href="#fn:229"><sup>229</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:230" href="#fn:230"><sup>230</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>Unknown</td></tr><tr><th>Implementation</th><th>Application-defined</th><th>PKIX path validation</th><th>CRL</th><th>OCSP</th><th>DANE (DNSSEC)</th><th>CT</th></tr></tbody></table> <h2 id="encryption-algorithms">Encryption algorithms</h2> <table><tbody><tr><th rowspan="2">Implementation</th><th colspan="10"><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a> with <a href="/facts/Block_cipher_mode_of_operation/vIUabB2z">mode of operation</a></th><th><a href="/facts/Stream_cipher/BxU0aWmJ">Stream cipher</a></th><th>None</th></tr><tr><th><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">AES</a> <a href="/facts/Galois/Counter_Mode/bx43MwfC">GCM</a><a class="footnote-ref" id="fnref:231" href="#fn:231"><sup>231</sup></a></th><th><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">AES</a> <a href="/facts/CCM_mode/nChu3RLm">CCM</a><a class="footnote-ref" id="fnref:232" href="#fn:232"><sup>232</sup></a></th><th><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">AES</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a></th><th><a href="/facts/Camellia_(cipher)/XyJ1vnGn">Camellia</a> <a href="/facts/Galois/Counter_Mode/bx43MwfC">GCM</a><a class="footnote-ref" id="fnref:233" href="#fn:233"><sup>233</sup></a></th><th><a href="/facts/Camellia_(cipher)/XyJ1vnGn">Camellia</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:234" href="#fn:234"><sup>234</sup></a><a class="footnote-ref" id="fnref:235" href="#fn:235"><sup>235</sup></a></th><th><a href="/facts/ARIA_(cipher)/Kbgkr0WB">ARIA</a> <a href="/facts/Galois/Counter_Mode/bx43MwfC">GCM</a><a class="footnote-ref" id="fnref:236" href="#fn:236"><sup>236</sup></a></th><th><a href="/facts/ARIA_(cipher)/Kbgkr0WB">ARIA</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:237" href="#fn:237"><sup>237</sup></a></th><th><a href="/facts/SEED/QE5n8M7Q">SEED</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:238" href="#fn:238"><sup>238</sup></a></th><th><a href="/facts/Triple_DES/sgzSD50P">3DES EDE</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(insecure)<a class="footnote-ref" id="fnref:239" href="#fn:239"><sup>239</sup></a></th><th><a href="/facts/GOST_28147-89/AVDEpgqH">GOST 28147-89</a> <a href="/facts/Block_cipher_mode_of_operation/vIUabB2z">CNT</a>(proposed)<a class="footnote-ref" id="fnref:240" href="#fn:240"><sup>240</sup></a><a class="footnote-ref" id="fnref:241" href="#fn:241"><sup>241</sup></a></th><th><a href="/facts/ChaCha20/gQjhIf2M">ChaCha20</a>-<a href="/facts/Poly1305/xlqUKmWX">Poly1305</a><a class="footnote-ref" id="fnref:242" href="#fn:242"><sup>242</sup></a></th><th>Null(insecure)<a class="footnote-ref" id="fnref:243" href="#fn:243"><sup>243</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:244" href="#fn:244"><sup>244</sup></a></td><td>Not implemented</td></tr><tr><td><a href="/facts/BoringSSL/aXvs5fo2">BoringSSL</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td></td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Disabled by default</td><td>No</td><td>No</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Not implemented</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:245" href="#fn:245"><sup>245</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>Disabled by default<a class="footnote-ref" id="fnref:246" href="#fn:246"><sup>246</sup></a></td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:247" href="#fn:247"><sup>247</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Disabled by default<a class="footnote-ref" id="fnref:248" href="#fn:248"><sup>248</sup></a></td><td>No</td><td>Yes(JDK 12+)<a class="footnote-ref" id="fnref:249" href="#fn:249"><sup>249</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes<a class="footnote-ref" id="fnref:250" href="#fn:250"><sup>250</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:251" href="#fn:251"><sup>251</sup></a></td><td>No</td><td>No</td><td>No<a class="footnote-ref" id="fnref:252" href="#fn:252"><sup>252</sup></a></td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:253" href="#fn:253"><sup>253</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:254" href="#fn:254"><sup>254</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Disabled by default</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:255" href="#fn:255"><sup>255</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td><td>Yes <a class="footnote-ref" id="fnref:256" href="#fn:256"><sup>256</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:257" href="#fn:257"><sup>257</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:258" href="#fn:258"><sup>258</sup></a></td><td>No</td><td>No<a class="footnote-ref" id="fnref:259" href="#fn:259"><sup>259</sup></a></td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:260" href="#fn:260"><sup>260</sup></a></td><td>Disabled by default at compile time</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes<a class="footnote-ref" id="fnref:261" href="#fn:261"><sup>261</sup></a></td><td>No</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:262" href="#fn:262"><sup>262</sup></a><a class="footnote-ref" id="fnref:263" href="#fn:263"><sup>263</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:264" href="#fn:264"><sup>264</sup></a></td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:265" href="#fn:265"><sup>265</sup></a></td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:266" href="#fn:266"><sup>266</sup></a><a class="footnote-ref" id="fnref:267" href="#fn:267"><sup>267</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:268" href="#fn:268"><sup>268</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes<a class="footnote-ref" id="fnref:269" href="#fn:269"><sup>269</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:270" href="#fn:270"><sup>270</sup></a></td><td>Yes</td><td>No</td><td>Disabled by default<a class="footnote-ref" id="fnref:271" href="#fn:271"><sup>271</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:272" href="#fn:272"><sup>272</sup></a></td><td>No</td><td>Disabled by default<a class="footnote-ref" id="fnref:273" href="#fn:273"><sup>273</sup></a></td><td>Disabled by default<a class="footnote-ref" id="fnref:274" href="#fn:274"><sup>274</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:275" href="#fn:275"><sup>275</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:276" href="#fn:276"><sup>276</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>Yes<a class="footnote-ref" id="fnref:277" href="#fn:277"><sup>277</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:278" href="#fn:278"><sup>278</sup></a></td><td>Not implemented</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel XP/2003</a></td><td>No</td><td>No</td><td>2003 only<a class="footnote-ref" id="fnref:279" href="#fn:279"><sup>279</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:280" href="#fn:280"><sup>280</sup></a></td><td>No</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel Vista/2008, 2008R2, 2012</a></td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:281" href="#fn:281"><sup>281</sup></a></td><td>No</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 7, 8, 8.1/2012R2</a></td><td>Yes except ECDHE_RSA<a class="footnote-ref" id="fnref:282" href="#fn:282"><sup>282</sup></a><a class="footnote-ref" id="fnref:283" href="#fn:283"><sup>283</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:284" href="#fn:284"><sup>284</sup></a></td><td>No</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 10</a><a class="footnote-ref" id="fnref:285" href="#fn:285"><sup>285</sup></a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:286" href="#fn:286"><sup>286</sup></a></td><td>No</td><td>Disabled by default</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> OS X 10.6 - 10.10</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Disabled by default</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> OS X 10.11</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Disabled by default</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Disabled by default</td><td>No</td><td>Experimental</td><td>Disable by default</td></tr><tr><th rowspan="2">Implementation</th><th colspan="10"><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a> with <a href="/facts/Block_cipher_mode_of_operation/vIUabB2z">mode of operation</a></th><th><a href="/facts/Stream_cipher/BxU0aWmJ">Stream cipher</a></th><th>None</th></tr><tr><th><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">AES</a> <a href="/facts/Galois/Counter_Mode/bx43MwfC">GCM</a><a class="footnote-ref" id="fnref:287" href="#fn:287"><sup>287</sup></a></th><th><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">AES</a> <a href="/facts/CCM_mode/nChu3RLm">CCM</a><a class="footnote-ref" id="fnref:288" href="#fn:288"><sup>288</sup></a></th><th><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">AES</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a></th><th><a href="/facts/Camellia_(cipher)/XyJ1vnGn">Camellia</a> <a href="/facts/Galois/Counter_Mode/bx43MwfC">GCM</a><a class="footnote-ref" id="fnref:289" href="#fn:289"><sup>289</sup></a></th><th><a href="/facts/Camellia_(cipher)/XyJ1vnGn">Camellia</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:290" href="#fn:290"><sup>290</sup></a><a class="footnote-ref" id="fnref:291" href="#fn:291"><sup>291</sup></a></th><th><a href="/facts/ARIA_(cipher)/Kbgkr0WB">ARIA</a> <a href="/facts/Galois/Counter_Mode/bx43MwfC">GCM</a><a class="footnote-ref" id="fnref:292" href="#fn:292"><sup>292</sup></a></th><th><a href="/facts/ARIA_(cipher)/Kbgkr0WB">ARIA</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:293" href="#fn:293"><sup>293</sup></a></th><th><a href="/facts/SEED/QE5n8M7Q">SEED</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:294" href="#fn:294"><sup>294</sup></a></th><th><a href="/facts/Triple_DES/sgzSD50P">3DES EDE</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(insecure)<a class="footnote-ref" id="fnref:295" href="#fn:295"><sup>295</sup></a></th><th><a href="/facts/GOST_28147-89/AVDEpgqH">GOST 28147-89</a> <a href="/facts/Block_cipher_mode_of_operation/vIUabB2z">CNT</a>(proposed)<a class="footnote-ref" id="fnref:296" href="#fn:296"><sup>296</sup></a><a class="footnote-ref" id="fnref:297" href="#fn:297"><sup>297</sup></a></th><th><a href="/facts/ChaCha20/gQjhIf2M">ChaCha20</a>-<a href="/facts/Poly1305/xlqUKmWX">Poly1305</a><a class="footnote-ref" id="fnref:298" href="#fn:298"><sup>298</sup></a></th><th>Null(insecure)<a class="footnote-ref" id="fnref:299" href="#fn:299"><sup>299</sup></a></th></tr></tbody></table> Notes <h3>Obsolete algorithms</h3> <table><tbody><tr><th rowspan="2">Implementation</th><th colspan="4"><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a> with <a href="/facts/Block_cipher_mode_of_operation/vIUabB2z">mode of operation</a></th><th colspan="2"><a href="/facts/Stream_cipher/BxU0aWmJ">Stream cipher</a></th></tr><tr><th><a href="/facts/International_Data_Encryption_Algorithm/HuRBKLQY">IDEA</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:300" href="#fn:300"><sup>300</sup></a>(insecure)<a class="footnote-ref" id="fnref:301" href="#fn:301"><sup>301</sup></a></th><th><a href="/facts/Data_Encryption_Standard/STfBjTGb">DES</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(insecure)<a class="footnote-ref" id="fnref:302" href="#fn:302"><sup>302</sup></a></th><th><a href="/facts/Data_Encryption_Standard/STfBjTGb">DES</a>-40 <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(EXPORT, insecure)<a class="footnote-ref" id="fnref:303" href="#fn:303"><sup>303</sup></a></th><th><a href="/facts/RC2/kfXo2PEH">RC2</a>-40 <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(EXPORT, insecure)<a class="footnote-ref" id="fnref:304" href="#fn:304"><sup>304</sup></a></th><th><a href="/facts/RC4/HAR5kL0T">RC4</a>-128(insecure)<a class="footnote-ref" id="fnref:305" href="#fn:305"><sup>305</sup></a></th><th><a href="/facts/RC4/HAR5kL0T">RC4</a>-40(EXPORT, insecure)<a class="footnote-ref" id="fnref:306" href="#fn:306"><sup>306</sup></a><a class="footnote-ref" id="fnref:307" href="#fn:307"><sup>307</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No<a class="footnote-ref" id="fnref:308" href="#fn:308"><sup>308</sup></a></td><td>No</td></tr><tr><td><a href="/facts/BoringSSL/aXvs5fo2">BoringSSL</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Disabled by default at compile time</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J</td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>No</td><td>Disabled by default</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>No</td><td>Disabled by default at compile time</td><td>No</td><td>No</td><td>Disabled by default at compile time</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Disabled by default<a class="footnote-ref" id="fnref:309" href="#fn:309"><sup>309</sup></a></td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>No</td><td>Disabled by default</td><td>Disabled by default <a class="footnote-ref" id="fnref:310" href="#fn:310"><sup>310</sup></a></td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:311" href="#fn:311"><sup>311</sup></a></td><td>No<a class="footnote-ref" id="fnref:312" href="#fn:312"><sup>312</sup></a></td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:313" href="#fn:313"><sup>313</sup></a></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>Disabled by default</td><td>No</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>No</td><td>Disabled by default at compile time</td><td>No</td><td>No</td><td>Disabled by default at compile time<a class="footnote-ref" id="fnref:314" href="#fn:314"><sup>314</sup></a></td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Lowest priority<a class="footnote-ref" id="fnref:315" href="#fn:315"><sup>315</sup></a><a class="footnote-ref" id="fnref:316" href="#fn:316"><sup>316</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Disabled by default<a class="footnote-ref" id="fnref:317" href="#fn:317"><sup>317</sup></a></td><td>Disabled by default</td><td>No<a class="footnote-ref" id="fnref:318" href="#fn:318"><sup>318</sup></a></td><td>No<a class="footnote-ref" id="fnref:319" href="#fn:319"><sup>319</sup></a></td><td>Disabled by default</td><td>No<a class="footnote-ref" id="fnref:320" href="#fn:320"><sup>320</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel XP/2003</a></td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel Vista/2008</a></td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Yes</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 7/2008R2</a></td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Lowest prioritywill be disabled soon<a class="footnote-ref" id="fnref:321" href="#fn:321"><sup>321</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 8/2012</a></td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Only as fallback</td><td>Disabled by default</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 8.1/2012R2</a></td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default<a class="footnote-ref" id="fnref:322" href="#fn:322"><sup>322</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 10</a><a class="footnote-ref" id="fnref:323" href="#fn:323"><sup>323</sup></a></td><td>No</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default<a class="footnote-ref" id="fnref:324" href="#fn:324"><sup>324</sup></a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> OS X 10.6</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> OS X 10.7</td><td>Yes</td><td>Unknown</td><td>Unknown</td><td>Unknown</td><td>Yes</td><td>Unknown</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> OS X 10.8-10.9</td><td>Yes</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Yes</td><td>Disabled by default</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> OS X 10.10-10.11</td><td>Yes</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Lowest priority</td><td>Disabled by default</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a> macOS 10.12</td><td>Yes</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td><td>Disabled by default</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Disabled by default<a class="footnote-ref" id="fnref:325" href="#fn:325"><sup>325</sup></a></td><td>No</td><td>No</td><td>No</td><td>Disabled by default</td><td>No</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>no</td><td>Disabled by default</td><td>no</td><td>no</td><td>Disabled by default</td><td>no</td></tr><tr><th rowspan="2">Implementation</th><th colspan="4"><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a> with <a href="/facts/Block_cipher_mode_of_operation/vIUabB2z">mode of operation</a></th><th colspan="2"><a href="/facts/Stream_cipher/BxU0aWmJ">Stream cipher</a></th></tr><tr><th><a href="/facts/International_Data_Encryption_Algorithm/HuRBKLQY">IDEA</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a><a class="footnote-ref" id="fnref:326" href="#fn:326"><sup>326</sup></a>(insecure)<a class="footnote-ref" id="fnref:327" href="#fn:327"><sup>327</sup></a></th><th><a href="/facts/Data_Encryption_Standard/STfBjTGb">DES</a> <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(insecure)<a class="footnote-ref" id="fnref:328" href="#fn:328"><sup>328</sup></a></th><th><a href="/facts/Data_Encryption_Standard/STfBjTGb">DES</a>-40 <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(EXPORT, insecure)<a class="footnote-ref" id="fnref:329" href="#fn:329"><sup>329</sup></a></th><th><a href="/facts/RC2/kfXo2PEH">RC2</a>-40 <a href="/facts/Cipher_block_chaining/vIUabB2z">CBC</a>(EXPORT, insecure)<a class="footnote-ref" id="fnref:330" href="#fn:330"><sup>330</sup></a></th><th><a href="/facts/RC4/HAR5kL0T">RC4</a>-128(insecure)<a class="footnote-ref" id="fnref:331" href="#fn:331"><sup>331</sup></a></th><th><a href="/facts/RC4/HAR5kL0T">RC4</a>-40(EXPORT, insecure)<a class="footnote-ref" id="fnref:332" href="#fn:332"><sup>332</sup></a><a class="footnote-ref" id="fnref:333" href="#fn:333"><sup>333</sup></a></th></tr></tbody></table> Notes <h2 id="supported-elliptic-curves">Supported elliptic curves</h2> <p>This section lists the supported <a href="/facts/Elliptic_curve/60jvaHSA">elliptic curves</a> by each implementation. </p> <h3>Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier)</h3> <table><tbody><tr><th>applicable TLS version</th><th colspan="5">TLS 1.3 and earlier</th><th colspan="3">TLS 1.2 and earlier</th></tr><tr><th>Implementation</th><th><a href="/facts/NIST_Curve/YbjcXIWk">secp256r1</a>prime256v1NIST P-256(0x0017,<a class="footnote-ref" id="fnref:334" href="#fn:334"><sup>334</sup></a> 23<a class="footnote-ref" id="fnref:335" href="#fn:335"><sup>335</sup></a>)</th><th><a href="/facts/NIST_Curve/YbjcXIWk">secp384r1</a>NIST P-384(0x0018,<a class="footnote-ref" id="fnref:336" href="#fn:336"><sup>336</sup></a> 24<a class="footnote-ref" id="fnref:337" href="#fn:337"><sup>337</sup></a>)</th><th><a href="/facts/NIST_Curve/YbjcXIWk">secp521r1</a>NIST P-521(0x0019,<a class="footnote-ref" id="fnref:338" href="#fn:338"><sup>338</sup></a> 25<a class="footnote-ref" id="fnref:339" href="#fn:339"><sup>339</sup></a>)</th><th><a href="/facts/X25519/wLr6FMkV">X25519</a>(0x001D,<a class="footnote-ref" id="fnref:340" href="#fn:340"><sup>340</sup></a> 29<a class="footnote-ref" id="fnref:341" href="#fn:341"><sup>341</sup></a>)</th><th><a href="/facts/X448/gsN24bb9">X448</a>(0x001E,<a class="footnote-ref" id="fnref:342" href="#fn:342"><sup>342</sup></a> 30<a class="footnote-ref" id="fnref:343" href="#fn:343"><sup>343</sup></a>)</th><th><a href="/facts/ECC_Brainpool/YbjcXIWk">brainpoolP256r1</a>(26)<a class="footnote-ref" id="fnref:344" href="#fn:344"><sup>344</sup></a></th><th><a href="/facts/ECC_Brainpool/YbjcXIWk">brainpoolP384r1</a>(27)<a class="footnote-ref" id="fnref:345" href="#fn:345"><sup>345</sup></a></th><th><a href="/facts/ECC_Brainpool/YbjcXIWk">brainpoolP512r1</a>(28)<a class="footnote-ref" id="fnref:346" href="#fn:346"><sup>346</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:347" href="#fn:347"><sup>347</sup></a></td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:348" href="#fn:348"><sup>348</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:349" href="#fn:349"><sup>349</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:350" href="#fn:350"><sup>350</sup></a></td></tr><tr><td><a href="/facts/BoringSSL/aXvs5fo2">BoringSSL</a></td><td>Yes</td><td>Yes</td><td>Yes (disabled by default)</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:351" href="#fn:351"><sup>351</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:352" href="#fn:352"><sup>352</sup></a></td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yesx25519: JDK 13+<a class="footnote-ref" id="fnref:353" href="#fn:353"><sup>353</sup></a>Ed25519:JDK 15+<a class="footnote-ref" id="fnref:354" href="#fn:354"><sup>354</sup></a></td><td>Yesx448: JDK 13+<a class="footnote-ref" id="fnref:355" href="#fn:355"><sup>355</sup></a>Ed448: JDK 15+<a class="footnote-ref" id="fnref:356" href="#fn:356"><sup>356</sup></a></td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:357" href="#fn:357"><sup>357</sup></a></td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:358" href="#fn:358"><sup>358</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:359" href="#fn:359"><sup>359</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:360" href="#fn:360"><sup>360</sup></a></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>TLS 1.3 only<a class="footnote-ref" id="fnref:361" href="#fn:361"><sup>361</sup></a></td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Primitive only<a class="footnote-ref" id="fnref:362" href="#fn:362"><sup>362</sup></a></td><td>Primitive only<a class="footnote-ref" id="fnref:363" href="#fn:363"><sup>363</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:364" href="#fn:364"><sup>364</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:365" href="#fn:365"><sup>365</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:366" href="#fn:366"><sup>366</sup></a></td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:367" href="#fn:367"><sup>367</sup></a></td><td>No<a class="footnote-ref" id="fnref:368" href="#fn:368"><sup>368</sup></a><a class="footnote-ref" id="fnref:369" href="#fn:369"><sup>369</sup></a></td><td>No<a class="footnote-ref" id="fnref:370" href="#fn:370"><sup>370</sup></a></td><td>No<a class="footnote-ref" id="fnref:371" href="#fn:371"><sup>371</sup></a></td><td>No<a class="footnote-ref" id="fnref:372" href="#fn:372"><sup>372</sup></a></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:373" href="#fn:373"><sup>373</sup></a><a class="footnote-ref" id="fnref:374" href="#fn:374"><sup>374</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:375" href="#fn:375"><sup>375</sup></a><a class="footnote-ref" id="fnref:376" href="#fn:376"><sup>376</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:377" href="#fn:377"><sup>377</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:378" href="#fn:378"><sup>378</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:379" href="#fn:379"><sup>379</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:380" href="#fn:380"><sup>380</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:381" href="#fn:381"><sup>381</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><th>Implementation</th><th><a href="/facts/NIST_Curve/YbjcXIWk">secp256r1</a>prime256v1NIST P-256(0x0017, 23)</th><th><a href="/facts/NIST_Curve/YbjcXIWk">secp384r1</a>NIST P-384(0x0018, 24)</th><th><a href="/facts/NIST_Curve/YbjcXIWk">secp521r1</a>NIST P-521(0x0019, 25)</th><th><a href="/facts/X25519/wLr6FMkV">X25519</a>(0x001D, 29)</th><th><a href="/facts/X448/gsN24bb9">X448</a>(0x001E, 30)</th><th><a href="/facts/ECC_Brainpool/YbjcXIWk">brainpoolP256r1</a>(26)</th><th><a href="/facts/ECC_Brainpool/YbjcXIWk">brainpoolP384r1</a>(27)</th><th><a href="/facts/ECC_Brainpool/YbjcXIWk">brainpoolP512r1</a>(28)</th></tr></tbody></table> <h3>Deprecated curves in RFC 8422</h3> <table><tbody><tr><th>Implementation</th><th>sect163k1NIST K-163(1)<a class="footnote-ref" id="fnref:382" href="#fn:382"><sup>382</sup></a></th><th>sect163r1(2)<a class="footnote-ref" id="fnref:383" href="#fn:383"><sup>383</sup></a></th><th>sect163r2NIST B-163(3)<a class="footnote-ref" id="fnref:384" href="#fn:384"><sup>384</sup></a></th><th>sect193r1(4)<a class="footnote-ref" id="fnref:385" href="#fn:385"><sup>385</sup></a></th><th>sect193r2(5)<a class="footnote-ref" id="fnref:386" href="#fn:386"><sup>386</sup></a></th><th>sect233k1NIST K-233(6)<a class="footnote-ref" id="fnref:387" href="#fn:387"><sup>387</sup></a></th><th>sect233r1NIST B-233(7)<a class="footnote-ref" id="fnref:388" href="#fn:388"><sup>388</sup></a></th><th>sect239k1(8)<a class="footnote-ref" id="fnref:389" href="#fn:389"><sup>389</sup></a></th><th>sect283k1NIST K-283(9)<a class="footnote-ref" id="fnref:390" href="#fn:390"><sup>390</sup></a></th><th>sect283r1NIST B-283(10)<a class="footnote-ref" id="fnref:391" href="#fn:391"><sup>391</sup></a></th><th>sect409k1NIST K-409(11)<a class="footnote-ref" id="fnref:392" href="#fn:392"><sup>392</sup></a></th><th>sect409r1NIST B-409(12)<a class="footnote-ref" id="fnref:393" href="#fn:393"><sup>393</sup></a></th><th>sect571k1NIST K-571(13)<a class="footnote-ref" id="fnref:394" href="#fn:394"><sup>394</sup></a></th><th>sect571r1NIST B-571(14)<a class="footnote-ref" id="fnref:395" href="#fn:395"><sup>395</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BoringSSL/aXvs5fo2">BoringSSL</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Notes<a class="footnote-ref" id="fnref:396" href="#fn:396"><sup>396</sup></a><a class="footnote-ref" id="fnref:397" href="#fn:397"><sup>397</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:398" href="#fn:398"><sup>398</sup></a><a class="footnote-ref" id="fnref:399" href="#fn:399"><sup>399</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:400" href="#fn:400"><sup>400</sup></a><a class="footnote-ref" id="fnref:401" href="#fn:401"><sup>401</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:402" href="#fn:402"><sup>402</sup></a><a class="footnote-ref" id="fnref:403" href="#fn:403"><sup>403</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:404" href="#fn:404"><sup>404</sup></a><a class="footnote-ref" id="fnref:405" href="#fn:405"><sup>405</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:406" href="#fn:406"><sup>406</sup></a><a class="footnote-ref" id="fnref:407" href="#fn:407"><sup>407</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:408" href="#fn:408"><sup>408</sup></a><a class="footnote-ref" id="fnref:409" href="#fn:409"><sup>409</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:410" href="#fn:410"><sup>410</sup></a><a class="footnote-ref" id="fnref:411" href="#fn:411"><sup>411</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:412" href="#fn:412"><sup>412</sup></a><a class="footnote-ref" id="fnref:413" href="#fn:413"><sup>413</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:414" href="#fn:414"><sup>414</sup></a><a class="footnote-ref" id="fnref:415" href="#fn:415"><sup>415</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:416" href="#fn:416"><sup>416</sup></a><a class="footnote-ref" id="fnref:417" href="#fn:417"><sup>417</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:418" href="#fn:418"><sup>418</sup></a><a class="footnote-ref" id="fnref:419" href="#fn:419"><sup>419</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:420" href="#fn:420"><sup>420</sup></a><a class="footnote-ref" id="fnref:421" href="#fn:421"><sup>421</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:422" href="#fn:422"><sup>422</sup></a><a class="footnote-ref" id="fnref:423" href="#fn:423"><sup>423</sup></a></td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr><tr><th>Implementation</th><th>sect163k1NIST K-163(1)</th><th>sect163r1(2)</th><th>sect163r2NIST B-163(3)</th><th>sect193r1(4)</th><th>sect193r2(5)</th><th>sect233k1NIST K-233(6)</th><th>sect233r1NIST B-233(7)</th><th>sect239k1(8)</th><th>sect283k1NIST K-283(9)</th><th>sect283r1NIST B-283(10)</th><th>sect409k1NIST K-409(11)</th><th>sect409r1NIST B-409(12)</th><th>sect571k1NIST K-571(13)</th><th>sect571r1NIST B-571(14)</th></tr></tbody></table> <table><tbody><tr><th>Implementation</th><th>secp160k1(15)<a class="footnote-ref" id="fnref:424" href="#fn:424"><sup>424</sup></a></th><th>secp160r1(16)<a class="footnote-ref" id="fnref:425" href="#fn:425"><sup>425</sup></a></th><th>secp160r2(17)<a class="footnote-ref" id="fnref:426" href="#fn:426"><sup>426</sup></a></th><th>secp192k1(18)<a class="footnote-ref" id="fnref:427" href="#fn:427"><sup>427</sup></a></th><th>secp192r1prime192v1NIST P-192(19)<a class="footnote-ref" id="fnref:428" href="#fn:428"><sup>428</sup></a></th><th>secp224k1(20)<a class="footnote-ref" id="fnref:429" href="#fn:429"><sup>429</sup></a></th><th>secp224r1NIST P-244(21)<a class="footnote-ref" id="fnref:430" href="#fn:430"><sup>430</sup></a></th><th>secp256k1(22)<a class="footnote-ref" id="fnref:431" href="#fn:431"><sup>431</sup></a></th><th>arbitrary prime curves(0xFF01)<a class="footnote-ref" id="fnref:432" href="#fn:432"><sup>432</sup></a><a class="footnote-ref" id="fnref:433" href="#fn:433"><sup>433</sup></a></th><th>arbitrary char2 curves(0xFF02)<a class="footnote-ref" id="fnref:434" href="#fn:434"><sup>434</sup></a><a class="footnote-ref" id="fnref:435" href="#fn:435"><sup>435</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BoringSSL/aXvs5fo2">BoringSSL</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Notes<a class="footnote-ref" id="fnref:436" href="#fn:436"><sup>436</sup></a><a class="footnote-ref" id="fnref:437" href="#fn:437"><sup>437</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:438" href="#fn:438"><sup>438</sup></a><a class="footnote-ref" id="fnref:439" href="#fn:439"><sup>439</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:440" href="#fn:440"><sup>440</sup></a><a class="footnote-ref" id="fnref:441" href="#fn:441"><sup>441</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:442" href="#fn:442"><sup>442</sup></a><a class="footnote-ref" id="fnref:443" href="#fn:443"><sup>443</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:444" href="#fn:444"><sup>444</sup></a><a class="footnote-ref" id="fnref:445" href="#fn:445"><sup>445</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:446" href="#fn:446"><sup>446</sup></a><a class="footnote-ref" id="fnref:447" href="#fn:447"><sup>447</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:448" href="#fn:448"><sup>448</sup></a><a class="footnote-ref" id="fnref:449" href="#fn:449"><sup>449</sup></a></td><td>Notes<a class="footnote-ref" id="fnref:450" href="#fn:450"><sup>450</sup></a><a class="footnote-ref" id="fnref:451" href="#fn:451"><sup>451</sup></a></td><td>No</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><th>Implementation</th><th>secp160k1(15)</th><th>secp160r1(16)</th><th>secp160r2(17)</th><th>secp192k1(18)</th><th>secp192r1prime192v1NIST P-192(19)</th><th>secp224k1(20)</th><th>secp224r1NIST P-244(21)</th><th>secp256k1(22)</th><th>arbitrary prime curves(0xFF01)</th><th>arbitrary char2 curves(0xFF02)</th></tr></tbody></table> Notes <h2 id="data-integrity">Data integrity</h2> <table><tbody><tr><th>Implementation</th><th><a href="/facts/HMAC/Qy9WD4V9">HMAC</a>-<a href="/facts/MD5/8WIXb9Dq">MD5</a></th><th><a href="/facts/HMAC/Qy9WD4V9">HMAC</a>-<a href="/facts/SHA-1/LDYCV1je">SHA1</a></th><th><a href="/facts/HMAC/Qy9WD4V9">HMAC</a>-<a href="/facts/SHA-2/P59oPeGq">SHA256/384</a></th><th><a href="/facts/Authenticated_encryption/u3229wI2">AEAD</a></th><th><a href="/facts/GOST_28147-89/AVDEpgqH">GOST 28147-89 IMIT</a><a class="footnote-ref" id="fnref:452" href="#fn:452"><sup>452</sup></a></th><th><a href="/facts/GOST_(hash_function)/7cEUbXDX">GOST R 34.11-94</a><a class="footnote-ref" id="fnref:453" href="#fn:453"><sup>453</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Disabled by Default</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:454" href="#fn:454"><sup>454</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:455" href="#fn:455"><sup>455</sup></a></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:456" href="#fn:456"><sup>456</sup></a><a class="footnote-ref" id="fnref:457" href="#fn:457"><sup>457</sup></a></td><td>No<a class="footnote-ref" id="fnref:458" href="#fn:458"><sup>458</sup></a><a class="footnote-ref" id="fnref:459" href="#fn:459"><sup>459</sup></a></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:460" href="#fn:460"><sup>460</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:461" href="#fn:461"><sup>461</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel XP/2003, Vista/2008</a></td><td>Yes</td><td>Yes</td><td>XP SP3, 2003 SP2 via hotfix<a class="footnote-ref" id="fnref:462" href="#fn:462"><sup>462</sup></a></td><td>No</td><td>No<a class="footnote-ref" id="fnref:463" href="#fn:463"><sup>463</sup></a></td><td>No<a class="footnote-ref" id="fnref:464" href="#fn:464"><sup>464</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 7/2008R2, 8/2012, 8.1/2012R2</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>except ECDHE_RSA<a class="footnote-ref" id="fnref:465" href="#fn:465"><sup>465</sup></a><a class="footnote-ref" id="fnref:466" href="#fn:466"><sup>466</sup></a><a class="footnote-ref" id="fnref:467" href="#fn:467"><sup>467</sup></a></td><td>No<a class="footnote-ref" id="fnref:468" href="#fn:468"><sup>468</sup></a></td><td>No<a class="footnote-ref" id="fnref:469" href="#fn:469"><sup>469</sup></a></td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 10</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:470" href="#fn:470"><sup>470</sup></a></td><td>No<a class="footnote-ref" id="fnref:471" href="#fn:471"><sup>471</sup></a></td><td>No<a class="footnote-ref" id="fnref:472" href="#fn:472"><sup>472</sup></a></td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td></tr><tr><th>Implementation</th><th>HMAC-MD5</th><th>HMAC-SHA1</th><th>HMAC-SHA256/384</th><th>AEAD</th><th>GOST 28147-89 IMIT</th><th>GOST R 34.11-94</th></tr></tbody></table> <h2 id="compression">Compression</h2> <p>Note the <a href="/facts/CRIME_(security_exploit)/KL8eb5Wb">CRIME security exploit</a> takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. <a href="/facts/HTTP_compression/clfoMHvy">HTTP compression</a> is unrelated and unaffected by this exploit, but is exploited by the related <a href="/facts/BREACH_(security_exploit)/QMnrudy5">BREACH attack</a>. </p> <table><tbody><tr><th>Implementation</th><th>DEFLATE<a class="footnote-ref" id="fnref:473" href="#fn:473"><sup>473</sup></a>(insecure)</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a><a class="footnote-ref" id="fnref:474" href="#fn:474"><sup>474</sup></a></td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>No<a class="footnote-ref" id="fnref:475" href="#fn:475"><sup>475</sup></a></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td>No</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Disabled by default</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>No</td></tr><tr><th>Implementation</th><th>DEFLATE</th></tr></tbody></table> <h2 id="extensions">Extensions</h2> <p>In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security . TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation. </p> <table><tbody><tr><th>Implementation</th><th>Secure Renegotiation<a class="footnote-ref" id="fnref:476" href="#fn:476"><sup>476</sup></a></th><th>Server Name Indication<a class="footnote-ref" id="fnref:477" href="#fn:477"><sup>477</sup></a></th><th><a href="/facts/Application-Layer_Protocol_Negotiation/Hy5Y3tWu">ALPN</a><a class="footnote-ref" id="fnref:478" href="#fn:478"><sup>478</sup></a></th><th><a href="/facts/OCSP_stapling/oGL6wQYc">Certificate Status Request</a><a class="footnote-ref" id="fnref:479" href="#fn:479"><sup>479</sup></a></th><th><a href="/facts/OpenPGP/4BELG9BW">OpenPGP</a><a class="footnote-ref" id="fnref:480" href="#fn:480"><sup>480</sup></a></th><th>Supplemental Data<a class="footnote-ref" id="fnref:481" href="#fn:481"><sup>481</sup></a></th><th>Session Ticket<a class="footnote-ref" id="fnref:482" href="#fn:482"><sup>482</sup></a></th><th>Keying Material Exporter<a class="footnote-ref" id="fnref:483" href="#fn:483"><sup>483</sup></a></th><th>Maximum Fragment Length<a class="footnote-ref" id="fnref:484" href="#fn:484"><sup>484</sup></a></th><th><a href="/facts/Encrypt-then-MAC/u3229wI2">Encrypt-then-MAC</a><a class="footnote-ref" id="fnref:485" href="#fn:485"><sup>485</sup></a></th><th>TLS Fallback SCSV<a class="footnote-ref" id="fnref:486" href="#fn:486"><sup>486</sup></a></th><th>Extended Master Secret<a class="footnote-ref" id="fnref:487" href="#fn:487"><sup>487</sup></a></th><th>ClientHello Padding<a class="footnote-ref" id="fnref:488" href="#fn:488"><sup>488</sup></a></th><th>Raw Public Keys<a class="footnote-ref" id="fnref:489" href="#fn:489"><sup>489</sup></a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:490" href="#fn:490"><sup>490</sup></a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:491" href="#fn:491"><sup>491</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:492" href="#fn:492"><sup>492</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No<a class="footnote-ref" id="fnref:493" href="#fn:493"><sup>493</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:494" href="#fn:494"><sup>494</sup></a></td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:495" href="#fn:495"><sup>495</sup></a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:496" href="#fn:496"><sup>496</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:497" href="#fn:497"><sup>497</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:498" href="#fn:498"><sup>498</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:499" href="#fn:499"><sup>499</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:500" href="#fn:500"><sup>500</sup></a></td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:501" href="#fn:501"><sup>501</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:502" href="#fn:502"><sup>502</sup></a></td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:503" href="#fn:503"><sup>503</sup></a></td><td>Yes</td><td>No</td><td>No?</td><td>Yes</td><td>Yes?</td><td>No</td><td>No</td><td>Server side only<a class="footnote-ref" id="fnref:504" href="#fn:504"><sup>504</sup></a></td><td>No</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:505" href="#fn:505"><sup>505</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:506" href="#fn:506"><sup>506</sup></a></td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:507" href="#fn:507"><sup>507</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:508" href="#fn:508"><sup>508</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:509" href="#fn:509"><sup>509</sup></a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:510" href="#fn:510"><sup>510</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:511" href="#fn:511"><sup>511</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:512" href="#fn:512"><sup>512</sup></a></td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:513" href="#fn:513"><sup>513</sup></a></td><td>Yes</td><td>No<a class="footnote-ref" id="fnref:514" href="#fn:514"><sup>514</sup></a></td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td>No<a class="footnote-ref" id="fnref:515" href="#fn:515"><sup>515</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:516" href="#fn:516"><sup>516</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:517" href="#fn:517"><sup>517</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:518" href="#fn:518"><sup>518</sup></a></td><td>Unknown</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:519" href="#fn:519"><sup>519</sup></a></td><td>Yes</td><td>No</td><td>No?</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:520" href="#fn:520"><sup>520</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:521" href="#fn:521"><sup>521</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:522" href="#fn:522"><sup>522</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:523" href="#fn:523"><sup>523</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No <a class="footnote-ref" id="fnref:524" href="#fn:524"><sup>524</sup></a></td><td>Yes</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel XP/2003</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel Vista/2008</a></td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:525" href="#fn:525"><sup>525</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 7/2008R2</a></td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:526" href="#fn:526"><sup>526</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 8/2012</a></td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Client side only<a class="footnote-ref" id="fnref:527" href="#fn:527"><sup>527</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:528" href="#fn:528"><sup>528</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel 8.1/2012R2, 10</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:529" href="#fn:529"><sup>529</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:530" href="#fn:530"><sup>530</sup></a></td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>Yes</td><td>Yes</td><td>Unknown</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Unknown</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:531" href="#fn:531"><sup>531</sup></a></td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:532" href="#fn:532"><sup>532</sup></a></td><td>No</td><td>Yes</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:533" href="#fn:533"><sup>533</sup></a></td></tr><tr><td>Erlang/OTP SSL application</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Unknown</td></tr><tr><th>Implementation</th><th>Secure Renegotiation</th><th>Server Name Indication</th><th>ALPN</th><th>Certificate Status Request</th><th>OpenPGP</th><th>Supplemental Data</th><th>Session Ticket</th><th>Keying Material Exporter</th><th>Maximum Fragment Length</th><th>Encrypt-then-MAC</th><th>TLS Fallback SCSV</th><th>Extended Master Secret</th><th>ClientHello Padding</th><th>Raw Public Keys</th></tr></tbody></table> <h2 id="assisted-cryptography">Assisted cryptography</h2> <p>This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation. </p> <table><tbody><tr><th>Implementation</th><th><a href="/facts/PKCS11/LLtvbEfb">PKCS #11 device</a></th><th><a href="/facts/AES_instruction_set/NomFEB4w">Intel AES-NI</a></th><th><a href="/facts/VIA_PadLock/GtR3rG4z">VIA PadLock</a></th><th><a href="/facts/ARM_architecture/SALsYA79">ARMv8-A</a></th><th><a href="/facts/Intel_SHA_extensions/qDzy2N70">Intel SHA</a></th><th>NXP CAAM</th><th><a href="/facts/TPM_2.0/3XHCGYkX">TPM 2.0</a></th><th>NXP SE050</th><th>Microchip ATECC</th><th>STMicro STSAFE</th><th>Maxim MAXQ</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Yes<a class="footnote-ref" id="fnref:534" href="#fn:534"><sup>534</sup></a></td><td>Yes</td><td>No</td><td>Yes</td><td></td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:535" href="#fn:535"><sup>535</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J <a class="footnote-ref" id="fnref:536" href="#fn:536"><sup>536</sup></a><a class="footnote-ref" id="fnref:537" href="#fn:537"><sup>537</sup></a></td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td>No<a class="footnote-ref" id="fnref:538" href="#fn:538"><sup>538</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td></td><td></td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Crypto%2B%2B/cCWAwUmX">Crypto++</a></td><td></td><td>Yes</td><td></td><td></td><td>Yes</td><td></td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:539" href="#fn:539"><sup>539</sup></a></td><td>Yes</td><td></td><td>No<a class="footnote-ref" id="fnref:540" href="#fn:540"><sup>540</sup></a></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:541" href="#fn:541"><sup>541</sup></a></td><td>No</td><td>No</td><td></td><td>No</td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>No</td><td>Yes</td><td>Yes</td><td>No</td><td></td><td></td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td></td><td>No</td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:542" href="#fn:542"><sup>542</sup></a></td><td>Yes</td><td>No</td><td></td><td>No</td><td></td><td>Partial<a class="footnote-ref" id="fnref:543" href="#fn:543"><sup>543</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:544" href="#fn:544"><sup>544</sup></a></td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>Yes<a class="footnote-ref" id="fnref:545" href="#fn:545"><sup>545</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:546" href="#fn:546"><sup>546</sup></a></td><td>No<a class="footnote-ref" id="fnref:547" href="#fn:547"><sup>547</sup></a></td><td>No</td><td></td><td>No</td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes<a class="footnote-ref" id="fnref:548" href="#fn:548"><sup>548</sup></a><a class="footnote-ref" id="fnref:549" href="#fn:549"><sup>549</sup></a><a class="footnote-ref" id="fnref:550" href="#fn:550"><sup>550</sup></a></td><td>Yes</td><td>Yes</td><td>Yes<a class="footnote-ref" id="fnref:551" href="#fn:551"><sup>551</sup></a></td><td>Yes</td><td>Partial</td><td>Partial<a class="footnote-ref" id="fnref:552" href="#fn:552"><sup>552</sup></a><a class="footnote-ref" id="fnref:553" href="#fn:553"><sup>553</sup></a></td><td>Partial<a class="footnote-ref" id="fnref:554" href="#fn:554"><sup>554</sup></a></td><td>No</td><td>Partial<a class="footnote-ref" id="fnref:555" href="#fn:555"><sup>555</sup></a></td><td>No</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td></td><td>Yes</td><td></td><td>Yes</td><td>Yes</td><td></td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td>No</td><td>Yes</td><td>No</td><td>No</td><td></td><td>No</td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:556" href="#fn:556"><sup>556</sup></a><a class="footnote-ref" id="fnref:557" href="#fn:557"><sup>557</sup></a></td><td>No</td><td>Yes</td><td></td><td>No</td><td></td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td></td><td>Yes<a class="footnote-ref" id="fnref:558" href="#fn:558"><sup>558</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:559" href="#fn:559"><sup>559</sup></a><a class="footnote-ref" id="fnref:560" href="#fn:560"><sup>560</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:561" href="#fn:561"><sup>561</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:562" href="#fn:562"><sup>562</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:563" href="#fn:563"><sup>563</sup></a></td><td>Yes<a class="footnote-ref" id="fnref:564" href="#fn:564"><sup>564</sup></a></td></tr><tr><th>Implementation</th><th>PKCS #11 device</th><th>Intel AES-NI</th><th>VIA PadLock</th><th>ARMv8-A</th><th>Intel SHA</th><th>NXP CAAM</th><th>TPM 2.0</th><th>NXP SE050</th><th>Microchip ATECC</th><th>STMicro STSAFE</th><th>Maxim MAXQ</th></tr></tbody></table> <h2 id="system-specific-backends">System-specific backends</h2> <p>This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation. </p> <table><tbody><tr><th>Implementation</th><th>/dev/crypto</th><th>af_alg</th><th><a href="/facts/Cryptographic_Service_Provider/fG9zbBrT">Windows CSP</a></th><th>CommonCrypto</th><th><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL engine</a></th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>Partial</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No<a class="footnote-ref" id="fnref:565" href="#fn:565"><sup>565</sup></a></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Yes</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td>Yes <a class="footnote-ref" id="fnref:566" href="#fn:566"><sup>566</sup></a></td><td>No</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td>Yes</td><td>Partial</td><td>No</td><td>Yes<a class="footnote-ref" id="fnref:567" href="#fn:567"><sup>567</sup></a></td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td></tr><tr><th>Implementation</th><th>/dev/crypto</th><th>af_alg</th><th>Windows CSP</th><th>CommonCrypto</th><th>OpenSSL engine</th></tr></tbody></table> <h2 id="cryptographic-moduletoken-support">Cryptographic module/token support</h2> <table><tbody><tr><th>Implementation</th><th><a href="/facts/Trusted_Platform_Module/3XHCGYkX">TPM</a> support</th><th>Hardware token support</th><th>Objects identified via</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Partial<a class="footnote-ref" id="fnref:568" href="#fn:568"><sup>568</sup></a></td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a></td><td></td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J</td><td>No</td><td>No</td><td></td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>No</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a></td><td>User-defined label</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>Yes</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a></td><td>RFC 7512 PKCS #11 URLs<a class="footnote-ref" id="fnref:569" href="#fn:569"><sup>569</sup></a></td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>No</td><td><a href="/facts/PKCS11/LLtvbEfb">PKCS11</a> <a href="/facts/Java_Cryptography_Architecture/PXUC2AT6">Java Cryptography Architecture</a>,<a href="/facts/Java_Cryptography_Extension/TyjwQmbe">Java Cryptography Extension</a></td><td></td></tr><tr><td><a href="/facts/LibreSSL/9UnXD0lm">LibreSSL</a></td><td>Yes</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a> (via 3rd party module)</td><td>Custom method</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>No</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a></td><td></td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>No</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a> (via libpkcs11-helper) or standard hooks</td><td>Custom method</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>No</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a></td><td></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>Yes</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a> (via 3rd party module)<a class="footnote-ref" id="fnref:570" href="#fn:570"><sup>570</sup></a></td><td>RFC 7512 PKCS #11 URLs<a class="footnote-ref" id="fnref:571" href="#fn:571"><sup>571</sup></a></td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>No</td><td><a href="/facts/Microsoft_CryptoAPI/yTtHjHhN">Microsoft CryptoAPI</a> <a class="footnote-ref" id="fnref:572" href="#fn:572"><sup>572</sup></a></td><td>Custom method</td></tr><tr><td><a href="/facts/Schannel/lIeS9tug">Schannel</a></td><td>No</td><td><a href="/facts/Microsoft_CryptoAPI/yTtHjHhN">Microsoft CryptoAPI</a></td><td>UUID, User-defined label</td></tr><tr><td><a href="/facts/MacOS/Y93vVpTm">Secure Transport</a></td><td></td><td></td><td></td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>Yes</td><td><a href="/facts/PKCS_11/LLtvbEfb">PKCS #11</a></td><td></td></tr><tr><th>Implementation</th><th>TPM support</th><th>Hardware token support</th><th>Objects identified via</th></tr></tbody></table> <h2 id="code-dependencies">Code dependencies</h2> <table><tbody><tr><th>Implementation</th><th>Dependencies</th><th>Optional dependencies</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>C++20</td><td><a href="/facts/SQLite/1PwYzIft">SQLite</a><a href="/facts/Zlib/rExIchaK">zlib</a> (compression)<a href="/facts/Bzip2/waffQ2m0">bzip2</a> (compression)<a href="/facts/XZ_Utils/HkIBGKps">liblzma</a> (compression)<a href="/facts/Boost_(C%2B%2B_libraries)/vGLGG51A">boost</a>trousers (TPM)</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>libcnettlegmp</td><td>zlib (compression)p11-kit (PKCS #11)trousers (TPM)<a href="/facts/Unbound_(DNS_server)/0WeDyewu">libunbound</a> (DANE)</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Java</td><td></td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>none</td><td>zlib (compression)</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL-open</a></td><td>libc or newlib</td><td></td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>libc</td><td>libpkcs11-helper (PKCS #11)zlib (compression)</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>libclibnspr4libsoftokn3libplc4libplds4</td><td>zlib (compression)</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>rust core library</td><td>rust std libraryzlib-rs (compression)brotli (compression)<i>ring</i> (cryptography)aws-lc-rs (cryptography)</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>libc</td><td>zlib (compression)brotli (compression)zstd (compression)</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>None</td><td>libczlib (compression)</td></tr><tr><td><a href="/facts/Erlang_(programming_language)/2PuxmzT3">Erlang</a>/OTP SSL application</td><td>libcrypto (from OpenSSL), Erlang/OTP and its public_key, crypto and asn1 applications</td><td>Erlang/OTP -inets (http fetching of CRLs)</td></tr><tr><th>Implementation</th><th>Dependencies</th><th>Optional dependencies</th></tr></tbody></table> <h2 id="development-environment">Development environment</h2> <table><tbody><tr><th>Implementation</th><th>Namespace</th><th>Build tools</th><th>API manual</th><th>Crypto back-end</th><th>OpenSSL compatibility Layer[<i>clarify</i>]</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>Botan::TLS</td><td>Makefile</td><td>Sphinx</td><td>Included (pluggable)</td><td>No</td></tr><tr><td><a href="/facts/Bouncy_Castle_(cryptography)/uwEYp9tT">Bouncy Castle</a></td><td>org.bouncycastle</td><td>Java Development Environment</td><td>Programmers reference manual (PDF)</td><td>Included (pluggable)</td><td>No</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J</td><td>com.rsa.asn1[a]<p>com.rsa.certj[b]com.rsa.jcp[c]com.rsa.jsafe[d]com.rsa.ssl[e]com.rsa.jsse[f]</p></td><td><a href="/facts/Java_class_loader/ItwTAYw4">Java class loader</a></td><td>Javadoc, Developer's guide (HTML)</td><td>Included</td><td>No</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>crypt*</td><td>makefile, MSVC project workspaces</td><td>Programmers reference manual (PDF), architecture design manual (PDF)</td><td>Included (monolithic)</td><td>No</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>gnutls_*</td><td>Autoconf, automake, libtool</td><td>Manual and API reference (HTML, PDF)</td><td>External, <a href="/facts/Nettle_(cryptographic_library)/kCnP3sQF">libnettle</a></td><td>Yes (limited)</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>javax.net.ssl<p>sun.security.ssl</p></td><td>Makefile</td><td>API Reference (HTML) +<p><a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html">JSSE Reference Guide</a></p></td><td><a href="/facts/Java_Cryptography_Architecture/PXUC2AT6">Java Cryptography Architecture</a>,<a href="/facts/Java_Cryptography_Extension/TyjwQmbe">Java Cryptography Extension</a></td><td>No</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>matrixSsl_*<p>ps*</p></td><td>Makefile, MSVC project workspaces, Xcode projects for OS X and iOS</td><td>API Reference (PDF), Integration Guide</td><td>Included (pluggable)</td><td>Yes (Subset: SSL_read, SSL_write, etc.)</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>mbedtls_ssl_*<p>mbedtls_sha1_*mbedtls_md5_*mbedtls_x509*...</p></td><td>Makefile, <a href="/facts/CMake/ICCBEBKF">CMake</a>, MSVC project workspaces, yotta</td><td>API Reference + High Level and Module Level Documentation (HTML)</td><td>Included (monolithic)</td><td>No</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>CERT_*<p>SEC_*SECKEY_*NSS_*PK11_*SSL_*...</p></td><td>Makefile</td><td>Manual (HTML)</td><td>Included, PKCS#11 based<a class="footnote-ref" id="fnref:573" href="#fn:573"><sup>573</sup></a></td><td>Yes (separate package called nss_compat_ossl<a class="footnote-ref" id="fnref:574" href="#fn:574"><sup>574</sup></a>)</td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>SSL_*<p>SHA1_*MD5_*EVP_*...</p></td><td>Makefile</td><td>Man pages</td><td>Included (monolithic)</td><td>—</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td>rustls::</td><td>cargo</td><td><a href="https://docs.rs/rustls/0.23.12/rustls/">API reference</a> and <a href="https://docs.rs/rustls/0.23.12/rustls/manual/">design manual</a></td><td>Two options included (pluggable)</td><td>Yes<a class="footnote-ref" id="fnref:575" href="#fn:575"><sup>575</sup></a> (subset)</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>wolfSSL_*<p>CyaSSL_*SSL_*</p></td><td>Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC, e2Studio</td><td>Manual and API Reference (HTML, PDF)</td><td>Included (monolithic)</td><td>Yes (about 60% of API)</td></tr><tr><th>Implementation</th><th>Namespace</th><th>Build tools</th><th>API manual</th><th>Crypto back-end</th><th>OpenSSL compatibility layer</th></tr></tbody></table> <ol> <li>^ ASN.1 manipulation classes</li> <li>^ Cert-J proprietary API</li> <li>^ Certificate Path manipulation classes</li> <li>^ Crypto-J proprietary API, <a href="/facts/Java_Cryptography_Extension/TyjwQmbe">JCE</a>, <a href="/facts/Cryptographic_Message_Syntax/IMuBbU9u">CMS</a> and <a href="/facts/Public_key_infrastructure/7fwMLxF4">PKI</a></li> API <li>^ SSLJ proprietary API</li> <li>^ <a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a> API</li> </ol> <h2 id="portability-concerns">Portability concerns</h2> <table><tbody><tr><th>Implementation</th><th>Platform requirements</th><th>Network requirements</th><th>Thread safety</th><th>Random seed</th><th>Able to cross-compile</th><th>No OS (bare metal)</th><th>Supported operating systems</th></tr><tr><td><a href="/facts/Botan_(programming_library)/IehRkvcn">Botan</a></td><td>C++11</td><td>None</td><td>Thread-safe</td><td>Platform-dependent</td><td>Yes</td><td></td><td>Windows, Linux, macOS, Android, iOS, FreeBSD, OpenBSD, Solaris, AIX, HP-UX, QNX, BeOS, IncludeOS</td></tr><tr><td><a href="/facts/BSAFE/Av5SNJ7x">BSAFE</a> SSL-J</td><td>Java</td><td>Java SE network components</td><td>Thread-safe</td><td>Depends on java.security.SecureRandom</td><td>Yes</td><td>No</td><td>FreeBSD, Linux, macOS, Microsoft Windows, Android, AIX, Solaris</td></tr><tr><td><a href="/facts/Cryptlib/cD1xv2xx">cryptlib</a></td><td>C89</td><td>POSIX send() and recv(). API to supply your own replacement</td><td>Thread-safe</td><td>Platform-dependent, including hardware sources</td><td>Yes</td><td>Yes</td><td>AMX, BeOS, ChorusOS, DOS, eCos, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK</td></tr><tr><td><a href="/facts/GnuTLS/y3fYe3RI">GnuTLS</a></td><td>C89</td><td>POSIX send() and recv(). API to supply your own replacement.</td><td>Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available.</td><td>Platform dependent</td><td>Yes</td><td>No</td><td>Generally any POSIX platforms or Windows, commonly tested platforms include Linux, Win32/64, macOS, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.</td></tr><tr><td><a href="/facts/Java_Secure_Socket_Extension/0uryvVja">JSSE</a></td><td>Java</td><td>Java SE network components</td><td>Thread-safe</td><td>Depends on java.security.SecureRandom</td><td>Yes</td><td></td><td>Java based, platform-independent</td></tr><tr><td><a href="/facts/MatrixSSL/STIFbzgl">MatrixSSL</a></td><td>C89</td><td>None</td><td>Thread-safe</td><td>Platform dependent</td><td>Yes</td><td>Yes</td><td>All</td></tr><tr><td><a href="/facts/Mbed_TLS/33AV5voW">Mbed TLS</a></td><td>C89</td><td>POSIX read() and write(). API to supply your own replacement.</td><td>Threading layer available (POSIX or own hooks)</td><td>Random seed set through entropy pool</td><td>Yes</td><td>Yes</td><td>Known to work on: Win32/64, Linux, macOS, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, eCos, SeggerOS, RISC OS</td></tr><tr><td><a href="/facts/Network_Security_Services/y7bq3SV2">NSS</a></td><td>C89, NSPR<a class="footnote-ref" id="fnref:576" href="#fn:576"><sup>576</sup></a></td><td>NSPR<a class="footnote-ref" id="fnref:577" href="#fn:577"><sup>577</sup></a> PR_Send() and PR_Recv(). API to supply your own replacement.</td><td>Thread-safe</td><td>Platform dependent<a class="footnote-ref" id="fnref:578" href="#fn:578"><sup>578</sup></a></td><td>Yes (but cumbersome)</td><td>No</td><td>AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, macOS, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation</td></tr><tr><td><a href="/facts/Rustls/q8PXhYxu">Rustls</a></td><td><a href="/facts/Rust_(programming_language)/8JNMV19F">Rust (programming language)</a></td><td>None</td><td>Thread-safe</td><td>Platform dependent</td><td>Yes</td><td>Yes</td><td>All supported by <a href="/facts/Rust_(programming_language)/8JNMV19F">Rust (programming language)</a></td></tr><tr><td><a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a></td><td>C89</td><td>None</td><td>Thread-safe</td><td>Platform dependent</td><td>Yes</td><td>No</td><td>Unix-like, DOS (with djgpp), Windows, OpenVMS, NetWare, eCos</td></tr><tr><td><a href="/facts/WolfSSL/26UD7dQE">wolfSSL</a></td><td>C89</td><td>POSIX send() and recv(). API to supply your own replacement.</td><td>Thread-safe</td><td>Random seed set through wolfCrypt</td><td>Yes</td><td>Yes</td><td>Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Project, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, eCos, Micrium μC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, Keil RTX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, TOPPERS, PetaLinux, Apache mynewt</td></tr><tr><th>Implementation</th><th>Platform requirements</th><th>Network requirements</th><th>Thread safety</th><th>Random seed</th><th>Able to cross-compile</th><th>No OS (bare metal)</th><th>Supported operating systems</th></tr></tbody></table> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/SCTP/s8tmzUhz">SCTP</a> — with DTLS support</li> <li><a href="/facts/DCCP/JyfrtQRn">DCCP</a> — with DTLS support</li> <li><a href="/facts/Secure_Real-time_Transport_Protocol/LBXehUtz">SRTP</a> — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)</li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"Botan: Release Notes". Retrieved 2025-01-22. <a href="https://botan.randombit.net/#releases" target="_blank">https://botan.randombit.net/#releases</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"Download Bouncy Castle for Java - bouncycastle.org". 2025-01-14. Retrieved 2025-02-16. <a href="https://www.bouncycastle.org/download/bouncy-castle-java/" target="_blank">https://www.bouncycastle.org/download/bouncy-castle-java/</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Download Bouncy Castle for Java LTS - bouncycastle.org". 2024-11-08. Retrieved 2024-11-29. <a href="https://www.bouncycastle.org/download/bouncy-castle-java-lts/" target="_blank">https://www.bouncycastle.org/download/bouncy-castle-java-lts/</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"Download Bouncy Castle for Java FIPS - bouncycastle.org". 2024-07-30. Retrieved 2024-11-29. <a href="https://www.bouncycastle.org/download/bouncy-castle-java-fips/" target="_blank">https://www.bouncycastle.org/download/bouncy-castle-java-fips/</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"Download Bouncy Castle for C# .NET - bouncycastle.org". 2025-02-14. Retrieved 2024-02-16. <a href="https://www.bouncycastle.org/download/bouncy-castle-c/" target="_blank">https://www.bouncycastle.org/download/bouncy-castle-c/</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"Download Bouncy Castle for C# .NET FIPS - bouncycastle.org". 2024-03-11. Retrieved 2024-11-29. <a href="https://www.bouncycastle.org/download/bouncy-castle-c-fips/" target="_blank">https://www.bouncycastle.org/download/bouncy-castle-c-fips/</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"Dell BSAFE SSL-J 6.6 Release Advisory". Dell. <a href="https://www.dell.com/support/kbdoc/000226622/dell-bsafe-ssl-j-6-6-release-advisory" target="_blank">https://www.dell.com/support/kbdoc/000226622/dell-bsafe-ssl-j-6-6-release-advisory</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>"Dell BSAFE SSL-J 7.3.1 Release Advisory". Dell. <a href="https://www.dell.com/support/kbdoc/000233524/dell-bsafe-ssl-j-7-3-1-release-advisory" target="_blank">https://www.dell.com/support/kbdoc/000233524/dell-bsafe-ssl-j-7-3-1-release-advisory</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"Dell BSAFE Micro Edition Suite 5.0.3 Release Advisory". <a href="https://www.dell.com/support/kbdoc/000254066" target="_blank">https://www.dell.com/support/kbdoc/000254066</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07. <a href="/wiki/Peter_Gutmann_(computer_scientist)" target="_blank">/wiki/Peter_Gutmann_(computer_scientist)</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>Daiki Ueno (8 February 2025). https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html. Retrieved 13 February 2025. {{cite web}}: Missing or empty |title= (help) <a href="https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html" target="_blank">https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>"Java™ SE Development Kit 23, 23.0.1 Release Notes". Oracle Corporation. Retrieved 2024-10-16. <a href="https://www.oracle.com/java/technologies/javase/23-0-1-relnotes.html" target="_blank">https://www.oracle.com/java/technologies/javase/23-0-1-relnotes.html</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>"Java™ SE Development Kit 21, 21.0.5 Release Notes". Oracle Corporation. Retrieved 2024-10-16. <a href="https://www.oracle.com/java/technologies/javase/21-0-5-relnotes.html" target="_blank">https://www.oracle.com/java/technologies/javase/21-0-5-relnotes.html</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>"Java™ SE Development Kit 17, 17.0.13 Release Notes". Oracle Corporation. Retrieved 2024-10-16. <a href="https://www.oracle.com/java/technologies/javase/17-0-13-relnotes.html" target="_blank">https://www.oracle.com/java/technologies/javase/17-0-13-relnotes.html</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> <li id="fn:15"><p>"Java™ SE Development Kit 11, 11.0.25 Release Notes". Oracle Corporation. Retrieved 2024-10-16. <a href="https://www.oracle.com/java/technologies/javase/11-0-25-relnotes.html" target="_blank">https://www.oracle.com/java/technologies/javase/11-0-25-relnotes.html</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></p></li> <li id="fn:16"><p>"Java™ SE Development Kit 8, Update 431 Release Notes". Oracle Corporation. Retrieved 2024-10-16. <a href="https://www.oracle.com/java/technologies/javase/8u431-relnotes.html" target="_blank">https://www.oracle.com/java/technologies/javase/8u431-relnotes.html</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></p></li> <li id="fn:17"><p>"LibreSSL 4.0.0 Released". 14 October 2024. Retrieved 15 October 2024. <a href="https://marc.info/?l=openbsd-announce&m=172897399729957&w=2" target="_blank">https://marc.info/?l=openbsd-announce&m=172897399729957&w=2</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></p></li> <li id="fn:18"><p>The features listed are for the closed source version <a href="#fnref:18" class="footnote-back-ref">↩</a></p></li> <li id="fn:19"><p>"MatrixSSL 4.2.2 Open release". 2019-09-11. Retrieved 2020-03-20. <a href="https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open" target="_blank">https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open</a> <a href="#fnref:19" class="footnote-back-ref">↩</a></p></li> <li id="fn:20"><p>"Release 3.6.3". 24 March 2025. Retrieved 27 March 2025. <a href="https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3" target="_blank">https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3</a> <a href="#fnref:20" class="footnote-back-ref">↩</a></p></li> <li id="fn:21"><p>"NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022. <a href="https://wiki.mozilla.org/NSS:Release_Versions" target="_blank">https://wiki.mozilla.org/NSS:Release_Versions</a> <a href="#fnref:21" class="footnote-back-ref">↩</a></p></li> <li id="fn:22"><p>"NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022. <a href="https://wiki.mozilla.org/NSS:Release_Versions" target="_blank">https://wiki.mozilla.org/NSS:Release_Versions</a> <a href="#fnref:22" class="footnote-back-ref">↩</a></p></li> <li id="fn:23"><p>Apache-2.0 for OpenSSL 3.0 and later releases. OpenSSL-SSLeay dual-license for any release before OpenSSL 3.0. <a href="/wiki/OpenSSL_license#Licensing" target="_blank">/wiki/OpenSSL_license#Licensing</a> <a href="#fnref:23" class="footnote-back-ref">↩</a></p></li> <li id="fn:24"><p>"OpenSSL 3.4.1". 11 February 2025. Retrieved 11 February 2025. <a href="https://github.com/openssl/openssl/releases/tag/openssl-3.4.1" target="_blank">https://github.com/openssl/openssl/releases/tag/openssl-3.4.1</a> <a href="#fnref:24" class="footnote-back-ref">↩</a></p></li> <li id="fn:25"><p>"rustls/rustls releases". Github. Retrieved 1 April 2025. <a href="https://github.com/rustls/rustls/releases" target="_blank">https://github.com/rustls/rustls/releases</a> <a href="#fnref:25" class="footnote-back-ref">↩</a></p></li> <li id="fn:26"><p>"wolfSSL product description". Retrieved 2016-05-03. <a href="https://www.wolfssl.com/wolfSSL/Products-wolfssl.html" target="_blank">https://www.wolfssl.com/wolfSSL/Products-wolfssl.html</a> <a href="#fnref:26" class="footnote-back-ref">↩</a></p></li> <li id="fn:27"><p>"wolfSSL Embedded SSL/TLS". Retrieved 2016-05-03. <a href="https://www.wolfssl.com" target="_blank">https://www.wolfssl.com</a> <a href="#fnref:27" class="footnote-back-ref">↩</a></p></li> <li id="fn:28"><p>"wolfSSL ChangeLog". 2024-12-31. Retrieved 2024-12-31. <a href="https://www.wolfssl.com/docs/wolfssl-changelog/" target="_blank">https://www.wolfssl.com/docs/wolfssl-changelog/</a> <a href="#fnref:28" class="footnote-back-ref">↩</a></p></li> <li id="fn:29"><p>Prohibiting Secure Sockets Layer (SSL) Version 2.0. doi:10.17487/RFC6176. RFC 6176. <a href="https://datatracker.ietf.org/doc/html/rfc6176" target="_blank">https://datatracker.ietf.org/doc/html/rfc6176</a> <a href="#fnref:29" class="footnote-back-ref">↩</a></p></li> <li id="fn:30"><p>Vaudenay, Serge (2001). "CBC-Padding: Security Flaws in SSL, IPsec, WTLS,..." (PDF). <a href="http://infoscience.epfl.ch/record/52417/files/IC_TECH_REPORT_200150.pdf" target="_blank">http://infoscience.epfl.ch/record/52417/files/IC_TECH_REPORT_200150.pdf</a> <a href="#fnref:30" class="footnote-back-ref">↩</a></p></li> <li id="fn:31"><p>Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security. doi:10.17487/RFC7366. RFC 7366. <a href="https://datatracker.ietf.org/doc/html/rfc7366" target="_blank">https://datatracker.ietf.org/doc/html/rfc7366</a> <a href="#fnref:31" class="footnote-back-ref">↩</a></p></li> <li id="fn:32"><p>"Rizzo/Duong BEAST Countermeasures". Archived from the original on 2016-03-11. <a href="https://web.archive.org/web/20160311153448/https://educatedguesswork.org/2011/11/rizzoduong_beast_countermeasur.html" target="_blank">https://web.archive.org/web/20160311153448/https://educatedguesswork.org/2011/11/rizzoduong_beast_countermeasur.html</a> <a href="#fnref:32" class="footnote-back-ref">↩</a></p></li> <li id="fn:33"><p>Möller, Bodo; Duong, Thai; Kotowicz, Krzysztof (September 2014). "This POODLE Bites: Exploiting The SSL 3.0 Fallback" (PDF). Archived from the original (PDF) on 15 October 2014. Retrieved 15 October 2014. <a href="https://web.archive.org/web/20141015204410/https://www.openssl.org/~bodo/ssl-poodle.pdf" target="_blank">https://web.archive.org/web/20141015204410/https://www.openssl.org/~bodo/ssl-poodle.pdf</a> <a href="#fnref:33" class="footnote-back-ref">↩</a></p></li> <li id="fn:34"><p>"TLSv1.2's Major Differences from TLSv1.1". The Transport Layer Security (TLS) Protocol Version 1.2. sec. 1.2. doi:10.17487/RFC5246. RFC 5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246#section-1.2" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246#section-1.2</a> <a href="#fnref:34" class="footnote-back-ref">↩</a></p></li> <li id="fn:35"><p>RFC 6347. doi:10.17487/RFC6347. <a href="https://datatracker.ietf.org/doc/html/rfc6347" target="_blank">https://datatracker.ietf.org/doc/html/rfc6347</a> <a href="#fnref:35" class="footnote-back-ref">↩</a></p></li> <li id="fn:36"><p>Elgamal, Taher; Hickman, Kipp E. B. (19 April 1995). The SSL Protocol. I-D draft-hickman-netscape-ssl-00. <a href="https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00" target="_blank">https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00</a> <a href="#fnref:36" class="footnote-back-ref">↩</a></p></li> <li id="fn:37"><p>RFC 6101. doi:10.17487/RFC6101. <a href="https://datatracker.ietf.org/doc/html/rfc6101" target="_blank">https://datatracker.ietf.org/doc/html/rfc6101</a> <a href="#fnref:37" class="footnote-back-ref">↩</a></p></li> <li id="fn:38"><p>RFC 2246. doi:10.17487/RFC2246. <a href="https://datatracker.ietf.org/doc/html/rfc2246" target="_blank">https://datatracker.ietf.org/doc/html/rfc2246</a> <a href="#fnref:38" class="footnote-back-ref">↩</a></p></li> <li id="fn:39"><p>RFC 4346. doi:10.17487/RFC4346. <a href="https://datatracker.ietf.org/doc/html/rfc4346" target="_blank">https://datatracker.ietf.org/doc/html/rfc4346</a> <a href="#fnref:39" class="footnote-back-ref">↩</a></p></li> <li id="fn:40"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:40" class="footnote-back-ref">↩</a></p></li> <li id="fn:41"><p>RFC 4347. doi:10.17487/RFC4347. <a href="https://datatracker.ietf.org/doc/html/rfc4347" target="_blank">https://datatracker.ietf.org/doc/html/rfc4347</a> <a href="#fnref:41" class="footnote-back-ref">↩</a></p></li> <li id="fn:42"><p>RFC 6347. doi:10.17487/RFC6347. <a href="https://datatracker.ietf.org/doc/html/rfc6347" target="_blank">https://datatracker.ietf.org/doc/html/rfc6347</a> <a href="#fnref:42" class="footnote-back-ref">↩</a></p></li> <li id="fn:43"><p>"Version 1.11.13, 2015-01-11 — Botan". 2015-01-11. Archived from the original on 2015-01-09. Retrieved 2015-01-16. <a href="https://web.archive.org/web/20150109154102/http://botan.randombit.net/relnotes/1_11_13.html" target="_blank">https://web.archive.org/web/20150109154102/http://botan.randombit.net/relnotes/1_11_13.html</a> <a href="#fnref:43" class="footnote-back-ref">↩</a></p></li> <li id="fn:44"><p>"RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09. <a href="https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf" target="_blank">https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf</a> <a href="#fnref:44" class="footnote-back-ref">↩</a></p></li> <li id="fn:45"><p>As of SSL-J 7.0, support for TLS 1.0 and 1.1 has been removed <a href="#fnref:45" class="footnote-back-ref">↩</a></p></li> <li id="fn:46"><p>As of SSL-J 7.0, support for TLS 1.0 and 1.1 has been removed <a href="#fnref:46" class="footnote-back-ref">↩</a></p></li> <li id="fn:47"><p>SSL 2.0 client hello is supported for backward compatibility reasons even though SSL 2.0 is not supported. <a href="#fnref:47" class="footnote-back-ref">↩</a></p></li> <li id="fn:48"><p>"[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. <a href="http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html" target="_blank">http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html</a> <a href="#fnref:48" class="footnote-back-ref">↩</a></p></li> <li id="fn:49"><p>"[gnutls-devel] GnuTLS 3.6.3". 2018-07-16. Retrieved 2018-09-16. <a href="https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008584.html" target="_blank">https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008584.html</a> <a href="#fnref:49" class="footnote-back-ref">↩</a></p></li> <li id="fn:50"><p>SSL 2.0 client hello is supported for backward compatibility reasons even though SSL 2.0 is not supported. <a href="#fnref:50" class="footnote-back-ref">↩</a></p></li> <li id="fn:51"><p>"Java SE Development Kit 8, Update 31 Release Notes". Retrieved 2024-01-14. <a href="https://www.oracle.com/java/technologies/javase/8u31-relnotes.html" target="_blank">https://www.oracle.com/java/technologies/javase/8u31-relnotes.html</a> <a href="#fnref:51" class="footnote-back-ref">↩</a></p></li> <li id="fn:52"><p>"Release Note: Disable TLS 1.0 and 1.1". Retrieved 2024-01-14. <a href="https://bugs.openjdk.org/browse/JDK-8256490" target="_blank">https://bugs.openjdk.org/browse/JDK-8256490</a> <a href="#fnref:52" class="footnote-back-ref">↩</a></p></li> <li id="fn:53"><p>"Release Note: Disable TLS 1.0 and 1.1". Retrieved 2024-01-14. <a href="https://bugs.openjdk.org/browse/JDK-8256490" target="_blank">https://bugs.openjdk.org/browse/JDK-8256490</a> <a href="#fnref:53" class="footnote-back-ref">↩</a></p></li> <li id="fn:54"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:54" class="footnote-back-ref">↩</a></p></li> <li id="fn:55"><p>"LibreSSL 2.3.0 Released". 2015-09-23. Retrieved 2015-09-24. <a href="https://marc.info/?l=openbsd-announce&m=144304330731220" target="_blank">https://marc.info/?l=openbsd-announce&m=144304330731220</a> <a href="#fnref:55" class="footnote-back-ref">↩</a></p></li> <li id="fn:56"><p>"LibreSSL 3.3.3 Released". 2021-05-04. Retrieved 2021-05-04. <a href="https://marc.info/?l=openbsd-announce&m=162009196519308" target="_blank">https://marc.info/?l=openbsd-announce&m=162009196519308</a> <a href="#fnref:56" class="footnote-back-ref">↩</a></p></li> <li id="fn:57"><p>"MatrixSSL - News". Archived from the original on 2015-02-14. Retrieved 2014-11-09. <a href="https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html" target="_blank">https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html</a> <a href="#fnref:57" class="footnote-back-ref">↩</a></p></li> <li id="fn:58"><p>"Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. <a href="https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog" target="_blank">https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog</a> <a href="#fnref:58" class="footnote-back-ref">↩</a></p></li> <li id="fn:59"><p>"Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. <a href="https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog" target="_blank">https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog</a> <a href="#fnref:59" class="footnote-back-ref">↩</a></p></li> <li id="fn:60"><p>"Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. <a href="https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog" target="_blank">https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog</a> <a href="#fnref:60" class="footnote-back-ref">↩</a></p></li> <li id="fn:61"><p>"mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14. <a href="https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released" target="_blank">https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released</a> <a href="#fnref:61" class="footnote-back-ref">↩</a></p></li> <li id="fn:62"><p>"mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14. <a href="https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released" target="_blank">https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released</a> <a href="#fnref:62" class="footnote-back-ref">↩</a></p></li> <li id="fn:63"><p>Server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages."NSS 3.24 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2016-08-26. Retrieved 2016-06-19. <a href="https://web.archive.org/web/20160826100711/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes" target="_blank">https://web.archive.org/web/20160826100711/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes</a> <a href="#fnref:63" class="footnote-back-ref">↩</a></p></li> <li id="fn:64"><p>"NSS 3.19 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2015-06-05. Retrieved 2015-05-06. <a href="https://web.archive.org/web/20150605054647/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes" target="_blank">https://web.archive.org/web/20150605054647/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes</a> <a href="#fnref:64" class="footnote-back-ref">↩</a></p></li> <li id="fn:65"><p>"NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27. <a href="https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes" target="_blank">https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes</a> <a href="#fnref:65" class="footnote-back-ref">↩</a></p></li> <li id="fn:66"><p>"NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10. <a href="https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes" target="_blank">https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes</a> <a href="#fnref:66" class="footnote-back-ref">↩</a></p></li> <li id="fn:67"><p>"NSS 3.39 release notes". Mozilla Developer Network. Mozilla. 2018-08-31. Archived from the original on 2021-12-07. Retrieved 2018-09-15. <a href="https://web.archive.org/web/20211207014212/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes#Notable_Changes_in_NSS_3.39" target="_blank">https://web.archive.org/web/20211207014212/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes#Notable_Changes_in_NSS_3.39</a> <a href="#fnref:67" class="footnote-back-ref">↩</a></p></li> <li id="fn:68"><p>"NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27. <a href="https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes" target="_blank">https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes</a> <a href="#fnref:68" class="footnote-back-ref">↩</a></p></li> <li id="fn:69"><p>"NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Archived from the original on 2021-12-07. Retrieved 2014-06-30. <a href="https://web.archive.org/web/20211207015257/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes" target="_blank">https://web.archive.org/web/20211207015257/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes</a> <a href="#fnref:69" class="footnote-back-ref">↩</a></p></li> <li id="fn:70"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:70" class="footnote-back-ref">↩</a></p></li> <li id="fn:71"><p>"Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012-03-14. Archived from the original on December 5, 2014. Retrieved 2015-01-20. <a href="https://web.archive.org/web/20141205180836/http://www.openssl.org/news/openssl-1.0.1-notes.html" target="_blank">https://web.archive.org/web/20141205180836/http://www.openssl.org/news/openssl-1.0.1-notes.html</a> <a href="#fnref:71" class="footnote-back-ref">↩</a></p></li> <li id="fn:72"><p>"Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012-03-14. Archived from the original on December 5, 2014. Retrieved 2015-01-20. <a href="https://web.archive.org/web/20141205180836/http://www.openssl.org/news/openssl-1.0.1-notes.html" target="_blank">https://web.archive.org/web/20141205180836/http://www.openssl.org/news/openssl-1.0.1-notes.html</a> <a href="#fnref:72" class="footnote-back-ref">↩</a></p></li> <li id="fn:73"><p>"Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. <a href="https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html" target="_blank">https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html</a> <a href="#fnref:73" class="footnote-back-ref">↩</a></p></li> <li id="fn:74"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:74" class="footnote-back-ref">↩</a></p></li> <li id="fn:75"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:75" class="footnote-back-ref">↩</a></p></li> <li id="fn:76"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:76" class="footnote-back-ref">↩</a></p></li> <li id="fn:77"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:77" class="footnote-back-ref">↩</a></p></li> <li id="fn:78"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:78" class="footnote-back-ref">↩</a></p></li> <li id="fn:79"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:79" class="footnote-back-ref">↩</a></p></li> <li id="fn:80"><p>"S2N Readme". GitHub. 2019-12-21. <a href="https://github.com/awslabs/s2n/blob/master/README.md" target="_blank">https://github.com/awslabs/s2n/blob/master/README.md</a> <a href="#fnref:80" class="footnote-back-ref">↩</a></p></li> <li id="fn:81"><p>"TLS Cipher Suites (Windows)". msdn.microsoft.com. 14 July 2023. <a href="http://msdn.microsoft.com/en-us/library/aa380512.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/aa380512.aspx</a> <a href="#fnref:81" class="footnote-back-ref">↩</a></p></li> <li id="fn:82"><p>"TLS Cipher Suites in Windows Vista (Windows)". msdn.microsoft.com. 25 October 2021. <a href="http://msdn.microsoft.com/en-us/library/ff468651.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/ff468651.aspx</a> <a href="#fnref:82" class="footnote-back-ref">↩</a></p></li> <li id="fn:83"><p>"TLS Cipher Suites in Windows Vista (Windows)". msdn.microsoft.com. 25 October 2021. <a href="http://msdn.microsoft.com/en-us/library/ff468651.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/ff468651.aspx</a> <a href="#fnref:83" class="footnote-back-ref">↩</a></p></li> <li id="fn:84"><p>"Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023. <a href="http://msdn.microsoft.com/en-us/library/aa374757.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/aa374757.aspx</a> <a href="#fnref:84" class="footnote-back-ref">↩</a></p></li> <li id="fn:85"><p>"An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012. <a href="http://support.microsoft.com/kb/2574819/en-us" target="_blank">http://support.microsoft.com/kb/2574819/en-us</a> <a href="#fnref:85" class="footnote-back-ref">↩</a></p></li> <li id="fn:86"><p>"An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012. <a href="http://support.microsoft.com/kb/2574819/en-us" target="_blank">http://support.microsoft.com/kb/2574819/en-us</a> <a href="#fnref:86" class="footnote-back-ref">↩</a></p></li> <li id="fn:87"><p>"Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023. <a href="http://msdn.microsoft.com/en-us/library/aa374757.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/aa374757.aspx</a> <a href="#fnref:87" class="footnote-back-ref">↩</a></p></li> <li id="fn:88"><p>"Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023. <a href="http://msdn.microsoft.com/en-us/library/aa374757.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/aa374757.aspx</a> <a href="#fnref:88" class="footnote-back-ref">↩</a></p></li> <li id="fn:89"><p>"Protocols in TLS/SSL (Schannel SSP)". Microsoft. 2022-05-25. Retrieved 2023-11-18. <a href="https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-" target="_blank">https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-</a> <a href="#fnref:89" class="footnote-back-ref">↩</a></p></li> <li id="fn:90"><p>"Protocols in TLS/SSL (Schannel SSP)". 25 May 2022. Retrieved 6 November 2022. <a href="https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-" target="_blank">https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-</a> <a href="#fnref:90" class="footnote-back-ref">↩</a></p></li> <li id="fn:91"><p>Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. <a href="https://developer.apple.com/library/ios/technotes/tn2287/" target="_blank">https://developer.apple.com/library/ios/technotes/tn2287/</a> <a href="#fnref:91" class="footnote-back-ref">↩</a></p></li> <li id="fn:92"><p>Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. <a href="https://developer.apple.com/library/ios/technotes/tn2287/" target="_blank">https://developer.apple.com/library/ios/technotes/tn2287/</a> <a href="#fnref:92" class="footnote-back-ref">↩</a></p></li> <li id="fn:93"><p>Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. <a href="https://developer.apple.com/library/ios/technotes/tn2287/" target="_blank">https://developer.apple.com/library/ios/technotes/tn2287/</a> <a href="#fnref:93" class="footnote-back-ref">↩</a></p></li> <li id="fn:94"><p>Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. <a href="https://developer.apple.com/library/ios/technotes/tn2287/" target="_blank">https://developer.apple.com/library/ios/technotes/tn2287/</a> <a href="#fnref:94" class="footnote-back-ref">↩</a></p></li> <li id="fn:95"><p>Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. <a href="https://developer.apple.com/library/ios/technotes/tn2287/" target="_blank">https://developer.apple.com/library/ios/technotes/tn2287/</a> <a href="#fnref:95" class="footnote-back-ref">↩</a></p></li> <li id="fn:96"><p>Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. <a href="https://developer.apple.com/library/ios/technotes/tn2287/" target="_blank">https://developer.apple.com/library/ios/technotes/tn2287/</a> <a href="#fnref:96" class="footnote-back-ref">↩</a></p></li> <li id="fn:97"><p>"@badger: the 1.3 stuff is apparently in iOS 11 and macOS 10.13". 2018-03-09. Retrieved 2018-03-09. <a href="https://twitter.com/bagder/status/972234259774820352" target="_blank">https://twitter.com/bagder/status/972234259774820352</a> <a href="#fnref:97" class="footnote-back-ref">↩</a></p></li> <li id="fn:98"><p>"[wolfssl] wolfSSL 3.6.6 Released". 2015-08-20. Retrieved 2015-08-24. <a href="http://wolfssl.com/wolfSSL/Blog/Entries/2015/8/24_wolfSSL_3.6.6_is_Now_Available.html" target="_blank">http://wolfssl.com/wolfSSL/Blog/Entries/2015/8/24_wolfSSL_3.6.6_is_Now_Available.html</a> <a href="#fnref:98" class="footnote-back-ref">↩</a></p></li> <li id="fn:99"><p>"[wolfssl] wolfSSL 3.13.0 Released". 2017-12-21. Retrieved 2022-01-17. <a href="https://www.wolfssl.com/wolfssl-3-13-0-now-available/" target="_blank">https://www.wolfssl.com/wolfssl-3-13-0-now-available/</a> <a href="#fnref:99" class="footnote-back-ref">↩</a></p></li> <li id="fn:100"><p>"Erlang -- Standards Compliance". <a href="https://www.erlang.org/doc/apps/ssl/standards_compliance.html" target="_blank">https://www.erlang.org/doc/apps/ssl/standards_compliance.html</a> <a href="#fnref:100" class="footnote-back-ref">↩</a></p></li> <li id="fn:101"><p>Since OTP 22 <a href="#fnref:101" class="footnote-back-ref">↩</a></p></li> <li id="fn:102"><p>Since OTP 23 <a href="#fnref:102" class="footnote-back-ref">↩</a></p></li> <li id="fn:103"><p>Since OTP 22 <a href="#fnref:103" class="footnote-back-ref">↩</a></p></li> <li id="fn:104"><p>Since OTP 22 <a href="#fnref:104" class="footnote-back-ref">↩</a></p></li> <li id="fn:105"><p>"Erlang OTP SSL application TLS 1.3 compliance table". <a href="https://www.erlang.org/doc/apps/ssl/standards_compliance.html#tls-1.3" target="_blank">https://www.erlang.org/doc/apps/ssl/standards_compliance.html#tls-1.3</a> <a href="#fnref:105" class="footnote-back-ref">↩</a></p></li> <li id="fn:106"><p>Since OTP 22 <a href="#fnref:106" class="footnote-back-ref">↩</a></p></li> <li id="fn:107"><p>Elgamal, Taher; Hickman, Kipp E. B. (19 April 1995). The SSL Protocol. I-D draft-hickman-netscape-ssl-00. <a href="https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00" target="_blank">https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00</a> <a href="#fnref:107" class="footnote-back-ref">↩</a></p></li> <li id="fn:108"><p>RFC 6101. doi:10.17487/RFC6101. <a href="https://datatracker.ietf.org/doc/html/rfc6101" target="_blank">https://datatracker.ietf.org/doc/html/rfc6101</a> <a href="#fnref:108" class="footnote-back-ref">↩</a></p></li> <li id="fn:109"><p>RFC 2246. doi:10.17487/RFC2246. <a href="https://datatracker.ietf.org/doc/html/rfc2246" target="_blank">https://datatracker.ietf.org/doc/html/rfc2246</a> <a href="#fnref:109" class="footnote-back-ref">↩</a></p></li> <li id="fn:110"><p>RFC 4346. doi:10.17487/RFC4346. <a href="https://datatracker.ietf.org/doc/html/rfc4346" target="_blank">https://datatracker.ietf.org/doc/html/rfc4346</a> <a href="#fnref:110" class="footnote-back-ref">↩</a></p></li> <li id="fn:111"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:111" class="footnote-back-ref">↩</a></p></li> <li id="fn:112"><p>RFC 4347. doi:10.17487/RFC4347. <a href="https://datatracker.ietf.org/doc/html/rfc4347" target="_blank">https://datatracker.ietf.org/doc/html/rfc4347</a> <a href="#fnref:112" class="footnote-back-ref">↩</a></p></li> <li id="fn:113"><p>RFC 6347. doi:10.17487/RFC6347. <a href="https://datatracker.ietf.org/doc/html/rfc6347" target="_blank">https://datatracker.ietf.org/doc/html/rfc6347</a> <a href="#fnref:113" class="footnote-back-ref">↩</a></p></li> <li id="fn:114"><p>"RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09. <a href="https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf" target="_blank">https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf</a> <a href="#fnref:114" class="footnote-back-ref">↩</a></p></li> <li id="fn:115"><p>"Security Enhancements in JDK 8". docs.oracle.com. <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html</a> <a href="#fnref:115" class="footnote-back-ref">↩</a></p></li> <li id="fn:116"><p>"Bug 663320 - (NSA-Suite-B-TLS) Implement RFC6460 (NSA Suite B profile for TLS)". Mozilla. Retrieved 2014-05-19. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=663320" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=663320</a> <a href="#fnref:116" class="footnote-back-ref">↩</a></p></li> <li id="fn:117"><p>"Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. <a href="https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html" target="_blank">https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html</a> <a href="#fnref:117" class="footnote-back-ref">↩</a></p></li> <li id="fn:118"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:118" class="footnote-back-ref">↩</a></p></li> <li id="fn:119"><p>"Introducing Compliance to Suite B Cryptography". 18 September 2012. <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd566200(v=ws.10)" target="_blank">https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd566200(v=ws.10)</a> <a href="#fnref:119" class="footnote-back-ref">↩</a></p></li> <li id="fn:120"><p>"Speeds and Feeds › Secure or Compliant, Pick One". Archived from the original on December 27, 2013. <a href="https://web.archive.org/web/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/" target="_blank">https://web.archive.org/web/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/</a> <a href="#fnref:120" class="footnote-back-ref">↩</a></p></li> <li id="fn:121"><p>"Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. Archived from the original on 2014-12-26. Retrieved 2014-03-18. <a href="https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm" target="_blank">https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm</a> <a href="#fnref:121" class="footnote-back-ref">↩</a></p></li> <li id="fn:122"><p>""Is botan FIPS 140 certified?" Frequently Asked Questions — Botan". Archived from the original on 2014-11-29. Retrieved 2014-11-16. <a href="https://web.archive.org/web/20141129042131/http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified" target="_blank">https://web.archive.org/web/20141129042131/http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified</a> <a href="#fnref:122" class="footnote-back-ref">↩</a></p></li> <li id="fn:123"><p>"Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. 11 October 2016. <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search" target="_blank">https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search</a> <a href="#fnref:123" class="footnote-back-ref">↩</a></p></li> <li id="fn:124"><p>"cryptlib". 11 October 2013. Archived from the original on 11 October 2013. <a href="https://web.archive.org/web/20131011085917/http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8" target="_blank">https://web.archive.org/web/20131011085917/http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8</a> <a href="#fnref:124" class="footnote-back-ref">↩</a></p></li> <li id="fn:125"><p>"B.5 Certification". GnuTLS 3.7.7. Retrieved 26 September 2022. <a href="https://www.gnutls.org/manual/gnutls.html#Certification" target="_blank">https://www.gnutls.org/manual/gnutls.html#Certification</a> <a href="#fnref:125" class="footnote-back-ref">↩</a></p></li> <li id="fn:126"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:126" class="footnote-back-ref">↩</a></p></li> <li id="fn:127"><p>"Matrix SSL Toolkit" (PDF). <a href="http://cdn2.hubspot.net/hub/327778/file-618993629-pdf/Matrix+SSL-3.pdf" target="_blank">http://cdn2.hubspot.net/hub/327778/file-618993629-pdf/Matrix+SSL-3.pdf</a> <a href="#fnref:127" class="footnote-back-ref">↩</a></p></li> <li id="fn:128"><p>"Is mbed TLS FIPS certified? - Mbed TLS documentation". Mbed TLS documentation. <a href="https://mbed-tls.readthedocs.io/en/latest/kb/generic/is-mbedtls-fips-certified/" target="_blank">https://mbed-tls.readthedocs.io/en/latest/kb/generic/is-mbedtls-fips-certified/</a> <a href="#fnref:128" class="footnote-back-ref">↩</a></p></li> <li id="fn:129"><p>"FIPS Validation - MozillaWiki". wiki.mozilla.org. <a href="https://wiki.mozilla.org/FIPS_Validation" target="_blank">https://wiki.mozilla.org/FIPS_Validation</a> <a href="#fnref:129" class="footnote-back-ref">↩</a></p></li> <li id="fn:130"><p>with Sun Sparc 5 w/ Sun Solaris v 2.4SE (ITSEC-rated) <a href="/wiki/Sparc" target="_blank">/wiki/Sparc</a> <a href="#fnref:130" class="footnote-back-ref">↩</a></p></li> <li id="fn:131"><p>with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated) <a href="/wiki/Ultra_5/10" target="_blank">/wiki/Ultra_5/10</a> <a href="#fnref:131" class="footnote-back-ref">↩</a></p></li> <li id="fn:132"><p>with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1 <a href="/wiki/Solaris_(operating_system)" target="_blank">/wiki/Solaris_(operating_system)</a> <a href="#fnref:132" class="footnote-back-ref">↩</a></p></li> <li id="fn:133"><p>with these platforms; Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU, Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU <a href="/wiki/Red_Hat_Enterprise_Linux" target="_blank">/wiki/Red_Hat_Enterprise_Linux</a> <a href="#fnref:133" class="footnote-back-ref">↩</a></p></li> <li id="fn:134"><p>with these platforms; Red Hat Enterprise Linux v5 running on an IBM System x3550, Red Hat Enterprise Linux v5 running on an HP ProLiant DL145, Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation, Sun Solaris 10 5/08 running on a Sun W2100z workstation <a href="/wiki/Red_Hat_Enterprise_Linux" target="_blank">/wiki/Red_Hat_Enterprise_Linux</a> <a href="#fnref:134" class="footnote-back-ref">↩</a></p></li> <li id="fn:135"><p>"OpenSSL and FIPS 140-2". Archived from the original on 2013-05-28. Retrieved 2014-11-15. <a href="https://web.archive.org/web/20130528170840/http://www.openssl.org/docs/fips/fipsnotes.html" target="_blank">https://web.archive.org/web/20130528170840/http://www.openssl.org/docs/fips/fipsnotes.html</a> <a href="#fnref:135" class="footnote-back-ref">↩</a></p></li> <li id="fn:136"><p>"rustls FIPS documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_06_fips/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_06_fips/index.html</a> <a href="#fnref:136" class="footnote-back-ref">↩</a></p></li> <li id="fn:137"><p>"Microsoft FIPS 140 Validated Cryptographic Modules". <a href="https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140" target="_blank">https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140</a> <a href="#fnref:137" class="footnote-back-ref">↩</a></p></li> <li id="fn:138"><p>"wolfCrypt FIPS 140-2 Information - wolfSSL Embedded SSL/TLS Library". <a href="http://www.wolfssl.com/yaSSL/fips.html" target="_blank">http://www.wolfssl.com/yaSSL/fips.html</a> <a href="#fnref:138" class="footnote-back-ref">↩</a></p></li> <li id="fn:139"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:139" class="footnote-back-ref">↩</a></p></li> <li id="fn:140"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:140" class="footnote-back-ref">↩</a></p></li> <li id="fn:141"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:141" class="footnote-back-ref">↩</a></p></li> <li id="fn:142"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:142" class="footnote-back-ref">↩</a></p></li> <li id="fn:143"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:143" class="footnote-back-ref">↩</a></p></li> <li id="fn:144"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:144" class="footnote-back-ref">↩</a></p></li> <li id="fn:145"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:145" class="footnote-back-ref">↩</a></p></li> <li id="fn:146"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:146" class="footnote-back-ref">↩</a></p></li> <li id="fn:147"><p>GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. <a href="https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04" target="_blank">https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04</a> <a href="#fnref:147" class="footnote-back-ref">↩</a></p></li> <li id="fn:148"><p>"[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. <a href="http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html" target="_blank">http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html</a> <a href="#fnref:148" class="footnote-back-ref">↩</a></p></li> <li id="fn:149"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:149" class="footnote-back-ref">↩</a></p></li> <li id="fn:150"><p>"LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141809396501638" target="_blank">https://marc.info/?l=openbsd-announce&m=141809396501638</a> <a href="#fnref:150" class="footnote-back-ref">↩</a></p></li> <li id="fn:151"><p>"NSS 3.20 release notes". Mozilla. 2015-08-19. Archived from the original on 2021-12-07. Retrieved 2015-08-20. <a href="https://web.archive.org/web/20211207015903/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes" target="_blank">https://web.archive.org/web/20211207015903/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes</a> <a href="#fnref:151" class="footnote-back-ref">↩</a></p></li> <li id="fn:152"><p>Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=518787" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=518787</a> <a href="#fnref:152" class="footnote-back-ref">↩</a></p></li> <li id="fn:153"><p>Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=608725" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=608725</a> <a href="#fnref:153" class="footnote-back-ref">↩</a></p></li> <li id="fn:154"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:154" class="footnote-back-ref">↩</a></p></li> <li id="fn:155"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:155" class="footnote-back-ref">↩</a></p></li> <li id="fn:156"><p>"OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. <a href="https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost" target="_blank">https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost</a> <a href="#fnref:156" class="footnote-back-ref">↩</a></p></li> <li id="fn:157"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:157" class="footnote-back-ref">↩</a></p></li> <li id="fn:158"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:158" class="footnote-back-ref">↩</a></p></li> <li id="fn:159"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:159" class="footnote-back-ref">↩</a></p></li> <li id="fn:160"><p>"Microsoft Security Advisory 3174644". 14 October 2022. <a href="https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644" target="_blank">https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644</a> <a href="#fnref:160" class="footnote-back-ref">↩</a></p></li> <li id="fn:161"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:161" class="footnote-back-ref">↩</a></p></li> <li id="fn:162"><p>"Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014. <a href="https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC" target="_blank">https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC</a> <a href="#fnref:162" class="footnote-back-ref">↩</a></p></li> <li id="fn:163"><p>Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014. <a href="http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/" target="_blank">http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/</a> <a href="#fnref:163" class="footnote-back-ref">↩</a></p></li> <li id="fn:164"><p>"Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2". support.microsoft.com. <a href="https://support.microsoft.com/en-us/topic/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities-in-windows-8-1-and-windows-server-2012-r2-8e395e43-c8ef-27d8-b60c-0fc57d526d94" target="_blank">https://support.microsoft.com/en-us/topic/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities-in-windows-8-1-and-windows-server-2012-r2-8e395e43-c8ef-27d8-b60c-0fc57d526d94</a> <a href="#fnref:164" class="footnote-back-ref">↩</a></p></li> <li id="fn:165"><p>"Microsoft Security Advisory 3174644". 14 October 2022. <a href="https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644" target="_blank">https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644</a> <a href="#fnref:165" class="footnote-back-ref">↩</a></p></li> <li id="fn:166"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:166" class="footnote-back-ref">↩</a></p></li> <li id="fn:167"><p>"Microsoft Security Advisory 3174644". 14 October 2022. <a href="https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644" target="_blank">https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644</a> <a href="#fnref:167" class="footnote-back-ref">↩</a></p></li> <li id="fn:168"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:168" class="footnote-back-ref">↩</a></p></li> <li id="fn:169"><p>"Microsoft Security Advisory 3174644". 14 October 2022. <a href="https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644" target="_blank">https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644</a> <a href="#fnref:169" class="footnote-back-ref">↩</a></p></li> <li id="fn:170"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:170" class="footnote-back-ref">↩</a></p></li> <li id="fn:171"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:171" class="footnote-back-ref">↩</a></p></li> <li id="fn:172"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:172" class="footnote-back-ref">↩</a></p></li> <li id="fn:173"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:173" class="footnote-back-ref">↩</a></p></li> <li id="fn:174"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:174" class="footnote-back-ref">↩</a></p></li> <li id="fn:175"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:175" class="footnote-back-ref">↩</a></p></li> <li id="fn:176"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:176" class="footnote-back-ref">↩</a></p></li> <li id="fn:177"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:177" class="footnote-back-ref">↩</a></p></li> <li id="fn:178"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:178" class="footnote-back-ref">↩</a></p></li> <li id="fn:179"><p>GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. <a href="https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04" target="_blank">https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04</a> <a href="#fnref:179" class="footnote-back-ref">↩</a></p></li> <li id="fn:180"><p>RFC 5054. doi:10.17487/RFC5054. <a href="https://datatracker.ietf.org/doc/html/rfc5054" target="_blank">https://datatracker.ietf.org/doc/html/rfc5054</a> <a href="#fnref:180" class="footnote-back-ref">↩</a></p></li> <li id="fn:181"><p>RFC 5054. doi:10.17487/RFC5054. <a href="https://datatracker.ietf.org/doc/html/rfc5054" target="_blank">https://datatracker.ietf.org/doc/html/rfc5054</a> <a href="#fnref:181" class="footnote-back-ref">↩</a></p></li> <li id="fn:182"><p>RFC 5054. doi:10.17487/RFC5054. <a href="https://datatracker.ietf.org/doc/html/rfc5054" target="_blank">https://datatracker.ietf.org/doc/html/rfc5054</a> <a href="#fnref:182" class="footnote-back-ref">↩</a></p></li> <li id="fn:183"><p>RFC 4279. doi:10.17487/RFC4279. <a href="https://datatracker.ietf.org/doc/html/rfc4279" target="_blank">https://datatracker.ietf.org/doc/html/rfc4279</a> <a href="#fnref:183" class="footnote-back-ref">↩</a></p></li> <li id="fn:184"><p>RFC 4279. doi:10.17487/RFC4279. <a href="https://datatracker.ietf.org/doc/html/rfc4279" target="_blank">https://datatracker.ietf.org/doc/html/rfc4279</a> <a href="#fnref:184" class="footnote-back-ref">↩</a></p></li> <li id="fn:185"><p>RFC 4279. doi:10.17487/RFC4279. <a href="https://datatracker.ietf.org/doc/html/rfc4279" target="_blank">https://datatracker.ietf.org/doc/html/rfc4279</a> <a href="#fnref:185" class="footnote-back-ref">↩</a></p></li> <li id="fn:186"><p>RFC 5489. doi:10.17487/RFC5489. <a href="https://datatracker.ietf.org/doc/html/rfc5489" target="_blank">https://datatracker.ietf.org/doc/html/rfc5489</a> <a href="#fnref:186" class="footnote-back-ref">↩</a></p></li> <li id="fn:187"><p>RFC 2712. doi:10.17487/RFC2712. <a href="https://datatracker.ietf.org/doc/html/rfc2712" target="_blank">https://datatracker.ietf.org/doc/html/rfc2712</a> <a href="#fnref:187" class="footnote-back-ref">↩</a></p></li> <li id="fn:188"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:188" class="footnote-back-ref">↩</a></p></li> <li id="fn:189"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:189" class="footnote-back-ref">↩</a></p></li> <li id="fn:190"><p>"RSA BSAFE SSL-J 6.2.4 Release Notes". 2018-09-05. Archived from the original on 2018-09-10. <a href="https://web.archive.org/web/20180910204318/https://community.rsa.com/docs/DOC-95884" target="_blank">https://web.archive.org/web/20180910204318/https://community.rsa.com/docs/DOC-95884</a> <a href="#fnref:190" class="footnote-back-ref">↩</a></p></li> <li id="fn:191"><p>"LibreSSL 2.0.4 released". Retrieved 2014-08-04. <a href="https://marc.info/?l=openbsd-tech&m=140710904403657" target="_blank">https://marc.info/?l=openbsd-tech&m=140710904403657</a> <a href="#fnref:191" class="footnote-back-ref">↩</a></p></li> <li id="fn:192"><p>"LibreSSL 2.0.4 released". Retrieved 2014-08-04. <a href="https://marc.info/?l=openbsd-tech&m=140710904403657" target="_blank">https://marc.info/?l=openbsd-tech&m=140710904403657</a> <a href="#fnref:192" class="footnote-back-ref">↩</a></p></li> <li id="fn:193"><p>"LibreSSL 2.0.4 released". Retrieved 2014-08-04. <a href="https://marc.info/?l=openbsd-tech&m=140710904403657" target="_blank">https://marc.info/?l=openbsd-tech&m=140710904403657</a> <a href="#fnref:193" class="footnote-back-ref">↩</a></p></li> <li id="fn:194"><p>"Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=405155" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=405155</a> <a href="#fnref:194" class="footnote-back-ref">↩</a></p></li> <li id="fn:195"><p>"Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=405155" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=405155</a> <a href="#fnref:195" class="footnote-back-ref">↩</a></p></li> <li id="fn:196"><p>"Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=405155" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=405155</a> <a href="#fnref:196" class="footnote-back-ref">↩</a></p></li> <li id="fn:197"><p>"Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id6435" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id6435</a> <a href="#fnref:197" class="footnote-back-ref">↩</a></p></li> <li id="fn:198"><p>"Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id6435" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id6435</a> <a href="#fnref:198" class="footnote-back-ref">↩</a></p></li> <li id="fn:199"><p>"Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id6435" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id6435</a> <a href="#fnref:199" class="footnote-back-ref">↩</a></p></li> <li id="fn:200"><p>"Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id6435" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id6435</a> <a href="#fnref:200" class="footnote-back-ref">↩</a></p></li> <li id="fn:201"><p>"Bug 1170510 - Implement NSS server side support for DH_anon". Mozilla. Retrieved 2015-06-03. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1170510" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=1170510</a> <a href="#fnref:201" class="footnote-back-ref">↩</a></p></li> <li id="fn:202"><p>"Bug 236245 - Update ECC/TLS to conform to RFC 4492". Mozilla. Retrieved 2014-06-09. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=236245" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=236245</a> <a href="#fnref:202" class="footnote-back-ref">↩</a></p></li> <li id="fn:203"><p>"Changes between 0.9.6h and 0.9.7 [31 Dec 2002]". Retrieved 2016-01-29. <a href="https://www.openssl.org/news/changelog.html#x58" target="_blank">https://www.openssl.org/news/changelog.html#x58</a> <a href="#fnref:203" class="footnote-back-ref">↩</a></p></li> <li id="fn:204"><p>"Changes between 0.9.8n and 1.0.0 [29 Mar 2010]". Retrieved 2016-01-29. <a href="https://www.openssl.org/news/changelog.html#x29" target="_blank">https://www.openssl.org/news/changelog.html#x29</a> <a href="#fnref:204" class="footnote-back-ref">↩</a></p></li> <li id="fn:205"><p>"Changes between 0.9.8n and 1.0.0 [29 Mar 2010]". Retrieved 2016-01-29. <a href="https://www.openssl.org/news/changelog.html#x29" target="_blank">https://www.openssl.org/news/changelog.html#x29</a> <a href="#fnref:205" class="footnote-back-ref">↩</a></p></li> <li id="fn:206"><p>"wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016)". 2016-03-18. Retrieved 2016-04-05. <a href="https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html" target="_blank">https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html</a> <a href="#fnref:206" class="footnote-back-ref">↩</a></p></li> <li id="fn:207"><p>RFC 5054. doi:10.17487/RFC5054. <a href="https://datatracker.ietf.org/doc/html/rfc5054" target="_blank">https://datatracker.ietf.org/doc/html/rfc5054</a> <a href="#fnref:207" class="footnote-back-ref">↩</a></p></li> <li id="fn:208"><p>RFC 5054. doi:10.17487/RFC5054. <a href="https://datatracker.ietf.org/doc/html/rfc5054" target="_blank">https://datatracker.ietf.org/doc/html/rfc5054</a> <a href="#fnref:208" class="footnote-back-ref">↩</a></p></li> <li id="fn:209"><p>RFC 5054. doi:10.17487/RFC5054. <a href="https://datatracker.ietf.org/doc/html/rfc5054" target="_blank">https://datatracker.ietf.org/doc/html/rfc5054</a> <a href="#fnref:209" class="footnote-back-ref">↩</a></p></li> <li id="fn:210"><p>RFC 4279. doi:10.17487/RFC4279. <a href="https://datatracker.ietf.org/doc/html/rfc4279" target="_blank">https://datatracker.ietf.org/doc/html/rfc4279</a> <a href="#fnref:210" class="footnote-back-ref">↩</a></p></li> <li id="fn:211"><p>RFC 4279. doi:10.17487/RFC4279. <a href="https://datatracker.ietf.org/doc/html/rfc4279" target="_blank">https://datatracker.ietf.org/doc/html/rfc4279</a> <a href="#fnref:211" class="footnote-back-ref">↩</a></p></li> <li id="fn:212"><p>RFC 4279. doi:10.17487/RFC4279. <a href="https://datatracker.ietf.org/doc/html/rfc4279" target="_blank">https://datatracker.ietf.org/doc/html/rfc4279</a> <a href="#fnref:212" class="footnote-back-ref">↩</a></p></li> <li id="fn:213"><p>RFC 5489. doi:10.17487/RFC5489. <a href="https://datatracker.ietf.org/doc/html/rfc5489" target="_blank">https://datatracker.ietf.org/doc/html/rfc5489</a> <a href="#fnref:213" class="footnote-back-ref">↩</a></p></li> <li id="fn:214"><p>RFC 2712. doi:10.17487/RFC2712. <a href="https://datatracker.ietf.org/doc/html/rfc2712" target="_blank">https://datatracker.ietf.org/doc/html/rfc2712</a> <a href="#fnref:214" class="footnote-back-ref">↩</a></p></li> <li id="fn:215"><p>RFC 5246. doi:10.17487/RFC5246. <a href="https://datatracker.ietf.org/doc/html/rfc5246" target="_blank">https://datatracker.ietf.org/doc/html/rfc5246</a> <a href="#fnref:215" class="footnote-back-ref">↩</a></p></li> <li id="fn:216"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:216" class="footnote-back-ref">↩</a></p></li> <li id="fn:217"><p>RFC 5280. doi:10.17487/RFC5280. <a href="https://datatracker.ietf.org/doc/html/rfc5280" target="_blank">https://datatracker.ietf.org/doc/html/rfc5280</a> <a href="#fnref:217" class="footnote-back-ref">↩</a></p></li> <li id="fn:218"><p>RFC 3280. doi:10.17487/RFC3280. <a href="https://datatracker.ietf.org/doc/html/rfc3280" target="_blank">https://datatracker.ietf.org/doc/html/rfc3280</a> <a href="#fnref:218" class="footnote-back-ref">↩</a></p></li> <li id="fn:219"><p>RFC 2560. doi:10.17487/RFC2560. <a href="https://datatracker.ietf.org/doc/html/rfc2560" target="_blank">https://datatracker.ietf.org/doc/html/rfc2560</a> <a href="#fnref:219" class="footnote-back-ref">↩</a></p></li> <li id="fn:220"><p>RFC 6698. doi:10.17487/RFC6698. <a href="https://datatracker.ietf.org/doc/html/rfc6698" target="_blank">https://datatracker.ietf.org/doc/html/rfc6698</a> <a href="#fnref:220" class="footnote-back-ref">↩</a></p></li> <li id="fn:221"><p>RFC 7218. doi:10.17487/RFC7218. <a href="https://datatracker.ietf.org/doc/html/rfc7218" target="_blank">https://datatracker.ietf.org/doc/html/rfc7218</a> <a href="#fnref:221" class="footnote-back-ref">↩</a></p></li> <li id="fn:222"><p>Laurie, B.; Langley, A.; Kasper, E. (June 2013). Certificate Transparency. IETF. doi:10.17487/RFC6962. ISSN 2070-1721. RFC 6962. Retrieved 2020-08-31. <a href="/wiki/Ben_Laurie" target="_blank">/wiki/Ben_Laurie</a> <a href="#fnref:222" class="footnote-back-ref">↩</a></p></li> <li id="fn:223"><p>"MatrixSSL 3.8.3". Archived from the original on 2017-01-19. Retrieved 2017-01-18. <a href="https://web.archive.org/web/20170119052959/http://www.matrixssl.org/blog/releases/matrixssl_3_8_3" target="_blank">https://web.archive.org/web/20170119052959/http://www.matrixssl.org/blog/releases/matrixssl_3_8_3</a> <a href="#fnref:223" class="footnote-back-ref">↩</a></p></li> <li id="fn:224"><p>"mbed TLS 2.0 defaults implement best practices". Retrieved 2017-01-18. <a href="https://tls.mbed.org/tech-updates/blog/mbedtls-2.0-defaults-best-practices" target="_blank">https://tls.mbed.org/tech-updates/blog/mbedtls-2.0-defaults-best-practices</a> <a href="#fnref:224" class="footnote-back-ref">↩</a></p></li> <li id="fn:225"><p>"Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation". Mozilla. Retrieved 2014-06-18. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=672600" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=672600</a> <a href="#fnref:225" class="footnote-back-ref">↩</a></p></li> <li id="fn:226"><p>"CRL Validation · Issue #3499 · aws/s2n-tls". GitHub. Retrieved 2022-11-01. <a href="https://github.com/aws/s2n-tls/issues/3499" target="_blank">https://github.com/aws/s2n-tls/issues/3499</a> <a href="#fnref:226" class="footnote-back-ref">↩</a></p></li> <li id="fn:227"><p>"OCSP digest support for SHA-256 · Issue #2854 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01. <a href="https://github.com/aws/s2n-tls/issues/2854" target="_blank">https://github.com/aws/s2n-tls/issues/2854</a> <a href="#fnref:227" class="footnote-back-ref">↩</a></p></li> <li id="fn:228"><p>"[RFC 6962] s2n Client can Validate Signed Certificate Timestamp TLS Extension · Issue #457 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01. <a href="https://github.com/aws/s2n-tls/issues/457" target="_blank">https://github.com/aws/s2n-tls/issues/457</a> <a href="#fnref:228" class="footnote-back-ref">↩</a></p></li> <li id="fn:229"><p>"How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013. <a href="https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx" target="_blank">https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx</a> <a href="#fnref:229" class="footnote-back-ref">↩</a></p></li> <li id="fn:230"><p>"How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013. <a href="https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx" target="_blank">https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx</a> <a href="#fnref:230" class="footnote-back-ref">↩</a></p></li> <li id="fn:231"><p>RFC 5288. doi:10.17487/RFC5288. RFC 5289. doi:10.17487/RFC5289. <a href="https://datatracker.ietf.org/doc/html/rfc5288" target="_blank">https://datatracker.ietf.org/doc/html/rfc5288</a> <a href="#fnref:231" class="footnote-back-ref">↩</a></p></li> <li id="fn:232"><p>RFC 6655, RFC 7251 <a href="#fnref:232" class="footnote-back-ref">↩</a></p></li> <li id="fn:233"><p>RFC 6367. doi:10.17487/RFC6367. <a href="https://datatracker.ietf.org/doc/html/rfc6367" target="_blank">https://datatracker.ietf.org/doc/html/rfc6367</a> <a href="#fnref:233" class="footnote-back-ref">↩</a></p></li> <li id="fn:234"><p>RFC 5932. doi:10.17487/RFC5932. <a href="https://datatracker.ietf.org/doc/html/rfc5932" target="_blank">https://datatracker.ietf.org/doc/html/rfc5932</a> <a href="#fnref:234" class="footnote-back-ref">↩</a></p></li> <li id="fn:235"><p>RFC 6367. doi:10.17487/RFC6367. <a href="https://datatracker.ietf.org/doc/html/rfc6367" target="_blank">https://datatracker.ietf.org/doc/html/rfc6367</a> <a href="#fnref:235" class="footnote-back-ref">↩</a></p></li> <li id="fn:236"><p>RFC 6209. doi:10.17487/RFC6209. <a href="https://datatracker.ietf.org/doc/html/rfc6209" target="_blank">https://datatracker.ietf.org/doc/html/rfc6209</a> <a href="#fnref:236" class="footnote-back-ref">↩</a></p></li> <li id="fn:237"><p>RFC 6209. doi:10.17487/RFC6209. <a href="https://datatracker.ietf.org/doc/html/rfc6209" target="_blank">https://datatracker.ietf.org/doc/html/rfc6209</a> <a href="#fnref:237" class="footnote-back-ref">↩</a></p></li> <li id="fn:238"><p>RFC 4162. doi:10.17487/RFC4162. <a href="https://datatracker.ietf.org/doc/html/rfc4162" target="_blank">https://datatracker.ietf.org/doc/html/rfc4162</a> <a href="#fnref:238" class="footnote-back-ref">↩</a></p></li> <li id="fn:239"><p>"Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info. <a href="https://sweet32.info/" target="_blank">https://sweet32.info/</a> <a href="#fnref:239" class="footnote-back-ref">↩</a></p></li> <li id="fn:240"><p>GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. <a href="https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04" target="_blank">https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04</a> <a href="#fnref:240" class="footnote-back-ref">↩</a></p></li> <li id="fn:241"><p>This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts. <a href="#fnref:241" class="footnote-back-ref">↩</a></p></li> <li id="fn:242"><p>RFC 7905. doi:10.17487/RFC7905. <a href="https://datatracker.ietf.org/doc/html/rfc7905" target="_blank">https://datatracker.ietf.org/doc/html/rfc7905</a> <a href="#fnref:242" class="footnote-back-ref">↩</a></p></li> <li id="fn:243"><p>authentication only, no encryption <a href="#fnref:243" class="footnote-back-ref">↩</a></p></li> <li id="fn:244"><p>"Version 1.11.12, 2015-01-02 — Botan". 2015-01-02. Retrieved 2015-01-09. <a href="http://botan.randombit.net/relnotes/1_11_12.html" target="_blank">http://botan.randombit.net/relnotes/1_11_12.html</a> <a href="#fnref:244" class="footnote-back-ref">↩</a></p></li> <li id="fn:245"><p>"[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. <a href="http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html" target="_blank">http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html</a> <a href="#fnref:245" class="footnote-back-ref">↩</a></p></li> <li id="fn:246"><p>"gnutls 3.6.0". 2017-09-21. Retrieved 2018-01-07. <a href="https://lwn.net/Articles/731694/" target="_blank">https://lwn.net/Articles/731694/</a> <a href="#fnref:246" class="footnote-back-ref">↩</a></p></li> <li id="fn:247"><p>"gnutls 3.4.12". 2016-05-20. Archived from the original on 2016-10-13. Retrieved 2016-05-29. <a href="https://web.archive.org/web/20161013015630/http://permalink.gmane.org/gmane.network.gnutls.general/4131" target="_blank">https://web.archive.org/web/20161013015630/http://permalink.gmane.org/gmane.network.gnutls.general/4131</a> <a href="#fnref:247" class="footnote-back-ref">↩</a></p></li> <li id="fn:248"><p>"Java SE DevelopmentK Kit 10 - 10.0.1 Release Notes". 2018-04-17. Retrieved 2024-01-14. <a href="https://www.oracle.com/java/technologies/javase/10-0-1-relnotes.html" target="_blank">https://www.oracle.com/java/technologies/javase/10-0-1-relnotes.html</a> <a href="#fnref:248" class="footnote-back-ref">↩</a></p></li> <li id="fn:249"><p>"JDK 12 Release Notes". Retrieved 2024-01-14. <a href="https://www.oracle.com/java/technologies/javase/12-relnote-issues.html" target="_blank">https://www.oracle.com/java/technologies/javase/12-relnote-issues.html</a> <a href="#fnref:249" class="footnote-back-ref">↩</a></p></li> <li id="fn:250"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:250" class="footnote-back-ref">↩</a></p></li> <li id="fn:251"><p>"LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141809396501638" target="_blank">https://marc.info/?l=openbsd-announce&m=141809396501638</a> <a href="#fnref:251" class="footnote-back-ref">↩</a></p></li> <li id="fn:252"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:252" class="footnote-back-ref">↩</a></p></li> <li id="fn:253"><p>"LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141809396501638" target="_blank">https://marc.info/?l=openbsd-announce&m=141809396501638</a> <a href="#fnref:253" class="footnote-back-ref">↩</a></p></li> <li id="fn:254"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:254" class="footnote-back-ref">↩</a></p></li> <li id="fn:255"><p>"Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link] <a href="https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383" target="_blank">https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383</a> <a href="#fnref:255" class="footnote-back-ref">↩</a></p></li> <li id="fn:256"><p>"PolarSSL 1.3.8 release notes". Archived from the original on 2014-07-14. <a href="https://web.archive.org/web/20140714220749/https://polarssl.org/tech-updates/releases/polarssl-1.3.8-released" target="_blank">https://web.archive.org/web/20140714220749/https://polarssl.org/tech-updates/releases/polarssl-1.3.8-released</a> <a href="#fnref:256" class="footnote-back-ref">↩</a></p></li> <li id="fn:257"><p>"Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released". Retrieved 2018-08-30. <a href="https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released" target="_blank">https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released</a> <a href="#fnref:257" class="footnote-back-ref">↩</a></p></li> <li id="fn:258"><p>"Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released". Retrieved 2018-08-30. <a href="https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released" target="_blank">https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released</a> <a href="#fnref:258" class="footnote-back-ref">↩</a></p></li> <li id="fn:259"><p>"Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. <a href="https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog" target="_blank">https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog</a> <a href="#fnref:259" class="footnote-back-ref">↩</a></p></li> <li id="fn:260"><p>"Mbed TLS 2.12.0, 2.7.5 and 2.1.14 released". Retrieved 2018-08-30. <a href="https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released" target="_blank">https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released</a> <a href="#fnref:260" class="footnote-back-ref">↩</a></p></li> <li id="fn:261"><p>"NSS 3.25 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021-12-07. Retrieved 2016-07-01. <a href="https://web.archive.org/web/20211207020401/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes" target="_blank">https://web.archive.org/web/20211207020401/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes</a> <a href="#fnref:261" class="footnote-back-ref">↩</a></p></li> <li id="fn:262"><p>"Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites". Mozilla. Retrieved 2013-11-19. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=940119" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=940119</a> <a href="#fnref:262" class="footnote-back-ref">↩</a></p></li> <li id="fn:263"><p>This algorithm is implemented in an NSS fork used by Pale Moon. <a href="/wiki/Fork_(software_development)" target="_blank">/wiki/Fork_(software_development)</a> <a href="#fnref:263" class="footnote-back-ref">↩</a></p></li> <li id="fn:264"><p>"NSS 3.12 is released". Retrieved 2013-11-19. <a href="https://groups.google.com/forum/?hl=ja#!searchin/mozilla.dev.tech.crypto/camellia/mozilla.dev.tech.crypto/3NTvSYkF9MQ/O7Aj7oeiff8J" target="_blank">https://groups.google.com/forum/?hl=ja#!searchin/mozilla.dev.tech.crypto/camellia/mozilla.dev.tech.crypto/3NTvSYkF9MQ/O7Aj7oeiff8J</a> <a href="#fnref:264" class="footnote-back-ref">↩</a></p></li> <li id="fn:265"><p>"NSS 3.12.3 Release Notes". Mozilla Developer Network. Mozilla. Archived from the original on 2023-04-02. Retrieved 2023-04-01. <a href="https://web.archive.org/web/20230402220534/https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_releases/nss_3.12.3_release_notes/index.html" target="_blank">https://web.archive.org/web/20230402220534/https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_releases/nss_3.12.3_release_notes/index.html</a> <a href="#fnref:265" class="footnote-back-ref">↩</a></p></li> <li id="fn:266"><p>Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=518787" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=518787</a> <a href="#fnref:266" class="footnote-back-ref">↩</a></p></li> <li id="fn:267"><p>Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=608725" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=608725</a> <a href="#fnref:267" class="footnote-back-ref">↩</a></p></li> <li id="fn:268"><p>"NSS 3.23 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021-04-14. Retrieved 2016-03-09. <a href="https://web.archive.org/web/20210414233905/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes" target="_blank">https://web.archive.org/web/20210414233905/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes</a> <a href="#fnref:268" class="footnote-back-ref">↩</a></p></li> <li id="fn:269"><p>"openssl/CHANGES at OpenSSL_1_0_1-stable · openssl/openssl". GitHub. Retrieved 2015-01-20. <a href="https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES" target="_blank">https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES</a> <a href="#fnref:269" class="footnote-back-ref">↩</a></p></li> <li id="fn:270"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:270" class="footnote-back-ref">↩</a></p></li> <li id="fn:271"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:271" class="footnote-back-ref">↩</a></p></li> <li id="fn:272"><p>"OpenSSL 1.1.1 Series Release Notes". www.openssl.org. Archived from the original on 2024-01-16. <a href="https://web.archive.org/web/20240116202037/https://www.openssl.org/news/openssl-1.1.1-notes.html" target="_blank">https://web.archive.org/web/20240116202037/https://www.openssl.org/news/openssl-1.1.1-notes.html</a> <a href="#fnref:272" class="footnote-back-ref">↩</a></p></li> <li id="fn:273"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:273" class="footnote-back-ref">↩</a></p></li> <li id="fn:274"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:274" class="footnote-back-ref">↩</a></p></li> <li id="fn:275"><p>"OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. <a href="https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost" target="_blank">https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost</a> <a href="#fnref:275" class="footnote-back-ref">↩</a></p></li> <li id="fn:276"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:276" class="footnote-back-ref">↩</a></p></li> <li id="fn:277"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:277" class="footnote-back-ref">↩</a></p></li> <li id="fn:278"><p>"rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. <a href="https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html" target="_blank">https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html</a> <a href="#fnref:278" class="footnote-back-ref">↩</a></p></li> <li id="fn:279"><p>"Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps". docs.microsoft.com. 14 July 2023. <a href="https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel" target="_blank">https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel</a> <a href="#fnref:279" class="footnote-back-ref">↩</a></p></li> <li id="fn:280"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:280" class="footnote-back-ref">↩</a></p></li> <li id="fn:281"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:281" class="footnote-back-ref">↩</a></p></li> <li id="fn:282"><p>"Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014. <a href="https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC" target="_blank">https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC</a> <a href="#fnref:282" class="footnote-back-ref">↩</a></p></li> <li id="fn:283"><p>Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014. <a href="http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/" target="_blank">http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/</a> <a href="#fnref:283" class="footnote-back-ref">↩</a></p></li> <li id="fn:284"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:284" class="footnote-back-ref">↩</a></p></li> <li id="fn:285"><p>"Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023-07-14. <a href="https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview" target="_blank">https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview</a> <a href="#fnref:285" class="footnote-back-ref">↩</a></p></li> <li id="fn:286"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:286" class="footnote-back-ref">↩</a></p></li> <li id="fn:287"><p>RFC 5288. doi:10.17487/RFC5288. RFC 5289. doi:10.17487/RFC5289. <a href="https://datatracker.ietf.org/doc/html/rfc5288" target="_blank">https://datatracker.ietf.org/doc/html/rfc5288</a> <a href="#fnref:287" class="footnote-back-ref">↩</a></p></li> <li id="fn:288"><p>RFC 6655, RFC 7251 <a href="#fnref:288" class="footnote-back-ref">↩</a></p></li> <li id="fn:289"><p>RFC 6367. doi:10.17487/RFC6367. <a href="https://datatracker.ietf.org/doc/html/rfc6367" target="_blank">https://datatracker.ietf.org/doc/html/rfc6367</a> <a href="#fnref:289" class="footnote-back-ref">↩</a></p></li> <li id="fn:290"><p>RFC 5932. doi:10.17487/RFC5932. <a href="https://datatracker.ietf.org/doc/html/rfc5932" target="_blank">https://datatracker.ietf.org/doc/html/rfc5932</a> <a href="#fnref:290" class="footnote-back-ref">↩</a></p></li> <li id="fn:291"><p>RFC 6367. doi:10.17487/RFC6367. <a href="https://datatracker.ietf.org/doc/html/rfc6367" target="_blank">https://datatracker.ietf.org/doc/html/rfc6367</a> <a href="#fnref:291" class="footnote-back-ref">↩</a></p></li> <li id="fn:292"><p>RFC 6209. doi:10.17487/RFC6209. <a href="https://datatracker.ietf.org/doc/html/rfc6209" target="_blank">https://datatracker.ietf.org/doc/html/rfc6209</a> <a href="#fnref:292" class="footnote-back-ref">↩</a></p></li> <li id="fn:293"><p>RFC 6209. doi:10.17487/RFC6209. <a href="https://datatracker.ietf.org/doc/html/rfc6209" target="_blank">https://datatracker.ietf.org/doc/html/rfc6209</a> <a href="#fnref:293" class="footnote-back-ref">↩</a></p></li> <li id="fn:294"><p>RFC 4162. doi:10.17487/RFC4162. <a href="https://datatracker.ietf.org/doc/html/rfc4162" target="_blank">https://datatracker.ietf.org/doc/html/rfc4162</a> <a href="#fnref:294" class="footnote-back-ref">↩</a></p></li> <li id="fn:295"><p>"Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info. <a href="https://sweet32.info/" target="_blank">https://sweet32.info/</a> <a href="#fnref:295" class="footnote-back-ref">↩</a></p></li> <li id="fn:296"><p>GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. <a href="https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04" target="_blank">https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04</a> <a href="#fnref:296" class="footnote-back-ref">↩</a></p></li> <li id="fn:297"><p>This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts. <a href="#fnref:297" class="footnote-back-ref">↩</a></p></li> <li id="fn:298"><p>RFC 7905. doi:10.17487/RFC7905. <a href="https://datatracker.ietf.org/doc/html/rfc7905" target="_blank">https://datatracker.ietf.org/doc/html/rfc7905</a> <a href="#fnref:298" class="footnote-back-ref">↩</a></p></li> <li id="fn:299"><p>authentication only, no encryption <a href="#fnref:299" class="footnote-back-ref">↩</a></p></li> <li id="fn:300"><p>IDEA and DES have been removed from TLS 1.2.[152] <a href="#fnref:300" class="footnote-back-ref">↩</a></p></li> <li id="fn:301"><p>"Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". <a href="https://sweet32.info" target="_blank">https://sweet32.info</a> <a href="#fnref:301" class="footnote-back-ref">↩</a></p></li> <li id="fn:302"><p>IDEA and DES have been removed from TLS 1.2.[152] <a href="#fnref:302" class="footnote-back-ref">↩</a></p></li> <li id="fn:303"><p>40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. <a href="/wiki/Export_of_cryptography_from_the_United_States" target="_blank">/wiki/Export_of_cryptography_from_the_United_States</a> <a href="#fnref:303" class="footnote-back-ref">↩</a></p></li> <li id="fn:304"><p>40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. <a href="/wiki/Export_of_cryptography_from_the_United_States" target="_blank">/wiki/Export_of_cryptography_from_the_United_States</a> <a href="#fnref:304" class="footnote-back-ref">↩</a></p></li> <li id="fn:305"><p>The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465. <a href="/wiki/Transport_Layer_Security#RC4_attacks" target="_blank">/wiki/Transport_Layer_Security#RC4_attacks</a> <a href="#fnref:305" class="footnote-back-ref">↩</a></p></li> <li id="fn:306"><p>The RC4 attacks weaken or break RC4 used in SSL/TLS. <a href="/wiki/Transport_Layer_Security#RC4_attacks" target="_blank">/wiki/Transport_Layer_Security#RC4_attacks</a> <a href="#fnref:306" class="footnote-back-ref">↩</a></p></li> <li id="fn:307"><p>40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. <a href="/wiki/Export_of_cryptography_from_the_United_States" target="_blank">/wiki/Export_of_cryptography_from_the_United_States</a> <a href="#fnref:307" class="footnote-back-ref">↩</a></p></li> <li id="fn:308"><p>"Version 1.11.15, 2015-03-08 — Botan". 2015-03-08. Retrieved 2015-03-11. <a href="http://botan.randombit.net/relnotes/1_11_15.html" target="_blank">http://botan.randombit.net/relnotes/1_11_15.html</a> <a href="#fnref:308" class="footnote-back-ref">↩</a></p></li> <li id="fn:309"><p>"[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. <a href="http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html" target="_blank">http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html</a> <a href="#fnref:309" class="footnote-back-ref">↩</a></p></li> <li id="fn:310"><p>"Java Cryptography Architecture Oracle Providers Documentation". docs.oracle.com. <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html</a> <a href="#fnref:310" class="footnote-back-ref">↩</a></p></li> <li id="fn:311"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:311" class="footnote-back-ref">↩</a></p></li> <li id="fn:312"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:312" class="footnote-back-ref">↩</a></p></li> <li id="fn:313"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:313" class="footnote-back-ref">↩</a></p></li> <li id="fn:314"><p>"mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14. <a href="https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released" target="_blank">https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released</a> <a href="#fnref:314" class="footnote-back-ref">↩</a></p></li> <li id="fn:315"><p>"NSS 3.15.3 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2014-06-05. Retrieved 2014-07-13. <a href="https://web.archive.org/web/20140605001016/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes" target="_blank">https://web.archive.org/web/20140605001016/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes</a> <a href="#fnref:315" class="footnote-back-ref">↩</a></p></li> <li id="fn:316"><p>"MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities". Mozilla. Retrieved 2014-07-13. <a href="https://www.mozilla.org/security/announce/2013/mfsa2013-103.html" target="_blank">https://www.mozilla.org/security/announce/2013/mfsa2013-103.html</a> <a href="#fnref:316" class="footnote-back-ref">↩</a></p></li> <li id="fn:317"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:317" class="footnote-back-ref">↩</a></p></li> <li id="fn:318"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:318" class="footnote-back-ref">↩</a></p></li> <li id="fn:319"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:319" class="footnote-back-ref">↩</a></p></li> <li id="fn:320"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:320" class="footnote-back-ref">↩</a></p></li> <li id="fn:321"><p>"RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016-08-09. <a href="https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/" target="_blank">https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/</a> <a href="#fnref:321" class="footnote-back-ref">↩</a></p></li> <li id="fn:322"><p>"RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016-08-09. <a href="https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/" target="_blank">https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/</a> <a href="#fnref:322" class="footnote-back-ref">↩</a></p></li> <li id="fn:323"><p>"Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023-07-14. <a href="https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview" target="_blank">https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview</a> <a href="#fnref:323" class="footnote-back-ref">↩</a></p></li> <li id="fn:324"><p>"RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016-08-09. <a href="https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/" target="_blank">https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/</a> <a href="#fnref:324" class="footnote-back-ref">↩</a></p></li> <li id="fn:325"><p>"wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)". 2015-10-26. Retrieved 2015-11-19. <a href="https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html" target="_blank">https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html</a> <a href="#fnref:325" class="footnote-back-ref">↩</a></p></li> <li id="fn:326"><p>IDEA and DES have been removed from TLS 1.2.[152] <a href="#fnref:326" class="footnote-back-ref">↩</a></p></li> <li id="fn:327"><p>"Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". <a href="https://sweet32.info" target="_blank">https://sweet32.info</a> <a href="#fnref:327" class="footnote-back-ref">↩</a></p></li> <li id="fn:328"><p>IDEA and DES have been removed from TLS 1.2.[152] <a href="#fnref:328" class="footnote-back-ref">↩</a></p></li> <li id="fn:329"><p>40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. <a href="/wiki/Export_of_cryptography_from_the_United_States" target="_blank">/wiki/Export_of_cryptography_from_the_United_States</a> <a href="#fnref:329" class="footnote-back-ref">↩</a></p></li> <li id="fn:330"><p>40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. <a href="/wiki/Export_of_cryptography_from_the_United_States" target="_blank">/wiki/Export_of_cryptography_from_the_United_States</a> <a href="#fnref:330" class="footnote-back-ref">↩</a></p></li> <li id="fn:331"><p>The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465. <a href="/wiki/Transport_Layer_Security#RC4_attacks" target="_blank">/wiki/Transport_Layer_Security#RC4_attacks</a> <a href="#fnref:331" class="footnote-back-ref">↩</a></p></li> <li id="fn:332"><p>The RC4 attacks weaken or break RC4 used in SSL/TLS. <a href="/wiki/Transport_Layer_Security#RC4_attacks" target="_blank">/wiki/Transport_Layer_Security#RC4_attacks</a> <a href="#fnref:332" class="footnote-back-ref">↩</a></p></li> <li id="fn:333"><p>40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. <a href="/wiki/Export_of_cryptography_from_the_United_States" target="_blank">/wiki/Export_of_cryptography_from_the_United_States</a> <a href="#fnref:333" class="footnote-back-ref">↩</a></p></li> <li id="fn:334"><p>RFC 8446 <a href="#fnref:334" class="footnote-back-ref">↩</a></p></li> <li id="fn:335"><p>RFC 8422 <a href="#fnref:335" class="footnote-back-ref">↩</a></p></li> <li id="fn:336"><p>RFC 8446 <a href="#fnref:336" class="footnote-back-ref">↩</a></p></li> <li id="fn:337"><p>RFC 8422 <a href="#fnref:337" class="footnote-back-ref">↩</a></p></li> <li id="fn:338"><p>RFC 8446 <a href="#fnref:338" class="footnote-back-ref">↩</a></p></li> <li id="fn:339"><p>RFC 8422 <a href="#fnref:339" class="footnote-back-ref">↩</a></p></li> <li id="fn:340"><p>RFC 8446 <a href="#fnref:340" class="footnote-back-ref">↩</a></p></li> <li id="fn:341"><p>RFC 8422 <a href="#fnref:341" class="footnote-back-ref">↩</a></p></li> <li id="fn:342"><p>RFC 8446 <a href="#fnref:342" class="footnote-back-ref">↩</a></p></li> <li id="fn:343"><p>RFC 8422 <a href="#fnref:343" class="footnote-back-ref">↩</a></p></li> <li id="fn:344"><p>RFC 7027 <a href="#fnref:344" class="footnote-back-ref">↩</a></p></li> <li id="fn:345"><p>RFC 7027 <a href="#fnref:345" class="footnote-back-ref">↩</a></p></li> <li id="fn:346"><p>RFC 7027 <a href="#fnref:346" class="footnote-back-ref">↩</a></p></li> <li id="fn:347"><p>"Version 1.11.12, 2015-01-02 — Botan". 2015-01-02. Retrieved 2015-01-09. <a href="http://botan.randombit.net/relnotes/1_11_12.html" target="_blank">http://botan.randombit.net/relnotes/1_11_12.html</a> <a href="#fnref:347" class="footnote-back-ref">↩</a></p></li> <li id="fn:348"><p>"Version 1.11.5, 2013-11-10 — Botan". 2013-11-10. Retrieved 2015-01-23. <a href="http://botan.randombit.net/relnotes/1_11_5.html" target="_blank">http://botan.randombit.net/relnotes/1_11_5.html</a> <a href="#fnref:348" class="footnote-back-ref">↩</a></p></li> <li id="fn:349"><p>"Version 1.11.5, 2013-11-10 — Botan". 2013-11-10. Retrieved 2015-01-23. <a href="http://botan.randombit.net/relnotes/1_11_5.html" target="_blank">http://botan.randombit.net/relnotes/1_11_5.html</a> <a href="#fnref:349" class="footnote-back-ref">↩</a></p></li> <li id="fn:350"><p>"Version 1.11.5, 2013-11-10 — Botan". 2013-11-10. Retrieved 2015-01-23. <a href="http://botan.randombit.net/relnotes/1_11_5.html" target="_blank">http://botan.randombit.net/relnotes/1_11_5.html</a> <a href="#fnref:350" class="footnote-back-ref">↩</a></p></li> <li id="fn:351"><p>"An overview of the new features in GnuTLS 3.5.0". 2016-05-02. Retrieved 2016-12-09. <a href="http://nmav.gnutls.org/2016/05/gnutls-3-5-0.html" target="_blank">http://nmav.gnutls.org/2016/05/gnutls-3-5-0.html</a> <a href="#fnref:351" class="footnote-back-ref">↩</a></p></li> <li id="fn:352"><p>"gnutls 3.6.12". 2020-02-01. Retrieved 2021-08-31. <a href="https://lists.gnupg.org/pipermail/gnutls-help/2020-February/004621.html" target="_blank">https://lists.gnupg.org/pipermail/gnutls-help/2020-February/004621.html</a> <a href="#fnref:352" class="footnote-back-ref">↩</a></p></li> <li id="fn:353"><p>"JDK 13 Early-Access Release Notes". Archived from the original on 2020-04-01. Retrieved 2019-06-20. <a href="https://web.archive.org/web/20200401060808/http://jdk.java.net/13/release-notes" target="_blank">https://web.archive.org/web/20200401060808/http://jdk.java.net/13/release-notes</a> <a href="#fnref:353" class="footnote-back-ref">↩</a></p></li> <li id="fn:354"><p>"JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA)". Retrieved 2024-01-14. <a href="https://bugs.openjdk.org/browse/JDK-8199231" target="_blank">https://bugs.openjdk.org/browse/JDK-8199231</a> <a href="#fnref:354" class="footnote-back-ref">↩</a></p></li> <li id="fn:355"><p>"JDK 13 Early-Access Release Notes". Archived from the original on 2020-04-01. Retrieved 2019-06-20. <a href="https://web.archive.org/web/20200401060808/http://jdk.java.net/13/release-notes" target="_blank">https://web.archive.org/web/20200401060808/http://jdk.java.net/13/release-notes</a> <a href="#fnref:355" class="footnote-back-ref">↩</a></p></li> <li id="fn:356"><p>"JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA)". Retrieved 2024-01-14. <a href="https://bugs.openjdk.org/browse/JDK-8199231" target="_blank">https://bugs.openjdk.org/browse/JDK-8199231</a> <a href="#fnref:356" class="footnote-back-ref">↩</a></p></li> <li id="fn:357"><p>"LibreSSL 2.5.1 release notes". OpenBSD. 2017-01-31. Retrieved 2017-02-23. <a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.1-relnotes.txt" target="_blank">https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.1-relnotes.txt</a> <a href="#fnref:357" class="footnote-back-ref">↩</a></p></li> <li id="fn:358"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:358" class="footnote-back-ref">↩</a></p></li> <li id="fn:359"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:359" class="footnote-back-ref">↩</a></p></li> <li id="fn:360"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:360" class="footnote-back-ref">↩</a></p></li> <li id="fn:361"><p>"MatrixSSL 4.0 changelog". GitHub. Retrieved 2018-09-18. <a href="https://github.com/matrixssl/matrixssl/blob/4-0-0-open/doc/CHANGES_v4.0.md" target="_blank">https://github.com/matrixssl/matrixssl/blob/4-0-0-open/doc/CHANGES_v4.0.md</a> <a href="#fnref:361" class="footnote-back-ref">↩</a></p></li> <li id="fn:362"><p>"PolarSSL 1.3.3 released". 2013-12-31. Archived from the original on 2014-01-07. Retrieved 2015-01-23. <a href="https://web.archive.org/web/20140107122023/https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released" target="_blank">https://web.archive.org/web/20140107122023/https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released</a> <a href="#fnref:362" class="footnote-back-ref">↩</a></p></li> <li id="fn:363"><p>"Mbed TLS 2.9.0, 2.7.3 and 2.1.12 released". Retrieved 2018-08-30. <a href="https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released" target="_blank">https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released</a> <a href="#fnref:363" class="footnote-back-ref">↩</a></p></li> <li id="fn:364"><p>"PolarSSL 1.3.1 released". 2013-10-15. Archived from the original on 2015-01-23. Retrieved 2015-01-23. <a href="https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released" target="_blank">https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released</a> <a href="#fnref:364" class="footnote-back-ref">↩</a></p></li> <li id="fn:365"><p>"PolarSSL 1.3.1 released". 2013-10-15. Archived from the original on 2015-01-23. Retrieved 2015-01-23. <a href="https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released" target="_blank">https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released</a> <a href="#fnref:365" class="footnote-back-ref">↩</a></p></li> <li id="fn:366"><p>"PolarSSL 1.3.1 released". 2013-10-15. Archived from the original on 2015-01-23. Retrieved 2015-01-23. <a href="https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released" target="_blank">https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released</a> <a href="#fnref:366" class="footnote-back-ref">↩</a></p></li> <li id="fn:367"><p>"Bug 957105 - Add support for curve25519 Key Exchange and UMAC MAC support for TLS". Mozilla. Retrieved 2017-02-23. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=957105" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=957105</a> <a href="#fnref:367" class="footnote-back-ref">↩</a></p></li> <li id="fn:368"><p>"Bug 1305243 - Support for X448". Mozilla. Retrieved 2022-08-04. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1305243" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=1305243</a> <a href="#fnref:368" class="footnote-back-ref">↩</a></p></li> <li id="fn:369"><p>"Bug 1597057 - Curve448 or named Ed448-Goldilocks support needed (both X448 key exchange and Ed448 signature algorithm )". Mozilla. Retrieved 2022-08-04. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1597057" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=1597057</a> <a href="#fnref:369" class="footnote-back-ref">↩</a></p></li> <li id="fn:370"><p>"Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=943639" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=943639</a> <a href="#fnref:370" class="footnote-back-ref">↩</a></p></li> <li id="fn:371"><p>"Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=943639" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=943639</a> <a href="#fnref:371" class="footnote-back-ref">↩</a></p></li> <li id="fn:372"><p>"Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014-01-25. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=943639" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=943639</a> <a href="#fnref:372" class="footnote-back-ref">↩</a></p></li> <li id="fn:373"><p>"OpenSSL 1.1.0x Release Notes". 25 August 2016. Archived from the original on 18 May 2018. Retrieved 18 May 2018. <a href="https://web.archive.org/web/20180518200620/https://www.openssl.org/news/cl110.txt" target="_blank">https://web.archive.org/web/20180518200620/https://www.openssl.org/news/cl110.txt</a> <a href="#fnref:373" class="footnote-back-ref">↩</a></p></li> <li id="fn:374"><p>"OpenSSL GitHub Issue #487 Tracker". GitHub. 2 December 2015. Retrieved 18 May 2018. <a href="https://github.com/openssl/openssl/issues/487" target="_blank">https://github.com/openssl/openssl/issues/487</a> <a href="#fnref:374" class="footnote-back-ref">↩</a></p></li> <li id="fn:375"><p>"OpenSSL CHANGES". 1 May 2018. Archived from the original on 18 May 2018. Retrieved 18 May 2018. <a href="https://web.archive.org/web/20180518200747/https://www.openssl.org/news/cl111.txt" target="_blank">https://web.archive.org/web/20180518200747/https://www.openssl.org/news/cl111.txt</a> <a href="#fnref:375" class="footnote-back-ref">↩</a></p></li> <li id="fn:376"><p>"OpenSSL GitHub Issue #5049 Tracker". GitHub. 9 January 2018. Retrieved 18 May 2018. <a href="https://github.com/openssl/openssl/issues/5049" target="_blank">https://github.com/openssl/openssl/issues/5049</a> <a href="#fnref:376" class="footnote-back-ref">↩</a></p></li> <li id="fn:377"><p>"Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. <a href="https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html" target="_blank">https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html</a> <a href="#fnref:377" class="footnote-back-ref">↩</a></p></li> <li id="fn:378"><p>"Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. <a href="https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html" target="_blank">https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html</a> <a href="#fnref:378" class="footnote-back-ref">↩</a></p></li> <li id="fn:379"><p>"Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. <a href="https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html" target="_blank">https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html</a> <a href="#fnref:379" class="footnote-back-ref">↩</a></p></li> <li id="fn:380"><p>"wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)". 2015-03-30. Retrieved 2015-11-19. <a href="https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html" target="_blank">https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html</a> <a href="#fnref:380" class="footnote-back-ref">↩</a></p></li> <li id="fn:381"><p>"wolfSSL Release 4.4.0 (04/22/2020)". 2020-04-22. Retrieved 2022-10-18. <a href="https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html" target="_blank">https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html</a> <a href="#fnref:381" class="footnote-back-ref">↩</a></p></li> <li id="fn:382"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:382" class="footnote-back-ref">↩</a></p></li> <li id="fn:383"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:383" class="footnote-back-ref">↩</a></p></li> <li id="fn:384"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:384" class="footnote-back-ref">↩</a></p></li> <li id="fn:385"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:385" class="footnote-back-ref">↩</a></p></li> <li id="fn:386"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:386" class="footnote-back-ref">↩</a></p></li> <li id="fn:387"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:387" class="footnote-back-ref">↩</a></p></li> <li id="fn:388"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:388" class="footnote-back-ref">↩</a></p></li> <li id="fn:389"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:389" class="footnote-back-ref">↩</a></p></li> <li id="fn:390"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:390" class="footnote-back-ref">↩</a></p></li> <li id="fn:391"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:391" class="footnote-back-ref">↩</a></p></li> <li id="fn:392"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:392" class="footnote-back-ref">↩</a></p></li> <li id="fn:393"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:393" class="footnote-back-ref">↩</a></p></li> <li id="fn:394"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:394" class="footnote-back-ref">↩</a></p></li> <li id="fn:395"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:395" class="footnote-back-ref">↩</a></p></li> <li id="fn:396"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:396" class="footnote-back-ref">↩</a></p></li> <li id="fn:397"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:397" class="footnote-back-ref">↩</a></p></li> <li id="fn:398"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:398" class="footnote-back-ref">↩</a></p></li> <li id="fn:399"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:399" class="footnote-back-ref">↩</a></p></li> <li id="fn:400"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:400" class="footnote-back-ref">↩</a></p></li> <li id="fn:401"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:401" class="footnote-back-ref">↩</a></p></li> <li id="fn:402"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:402" class="footnote-back-ref">↩</a></p></li> <li id="fn:403"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:403" class="footnote-back-ref">↩</a></p></li> <li id="fn:404"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:404" class="footnote-back-ref">↩</a></p></li> <li id="fn:405"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:405" class="footnote-back-ref">↩</a></p></li> <li id="fn:406"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:406" class="footnote-back-ref">↩</a></p></li> <li id="fn:407"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:407" class="footnote-back-ref">↩</a></p></li> <li id="fn:408"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:408" class="footnote-back-ref">↩</a></p></li> <li id="fn:409"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:409" class="footnote-back-ref">↩</a></p></li> <li id="fn:410"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:410" class="footnote-back-ref">↩</a></p></li> <li id="fn:411"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:411" class="footnote-back-ref">↩</a></p></li> <li id="fn:412"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:412" class="footnote-back-ref">↩</a></p></li> <li id="fn:413"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:413" class="footnote-back-ref">↩</a></p></li> <li id="fn:414"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:414" class="footnote-back-ref">↩</a></p></li> <li id="fn:415"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:415" class="footnote-back-ref">↩</a></p></li> <li id="fn:416"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:416" class="footnote-back-ref">↩</a></p></li> <li id="fn:417"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:417" class="footnote-back-ref">↩</a></p></li> <li id="fn:418"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:418" class="footnote-back-ref">↩</a></p></li> <li id="fn:419"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:419" class="footnote-back-ref">↩</a></p></li> <li id="fn:420"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:420" class="footnote-back-ref">↩</a></p></li> <li id="fn:421"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:421" class="footnote-back-ref">↩</a></p></li> <li id="fn:422"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:422" class="footnote-back-ref">↩</a></p></li> <li id="fn:423"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:423" class="footnote-back-ref">↩</a></p></li> <li id="fn:424"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:424" class="footnote-back-ref">↩</a></p></li> <li id="fn:425"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:425" class="footnote-back-ref">↩</a></p></li> <li id="fn:426"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:426" class="footnote-back-ref">↩</a></p></li> <li id="fn:427"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:427" class="footnote-back-ref">↩</a></p></li> <li id="fn:428"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:428" class="footnote-back-ref">↩</a></p></li> <li id="fn:429"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:429" class="footnote-back-ref">↩</a></p></li> <li id="fn:430"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:430" class="footnote-back-ref">↩</a></p></li> <li id="fn:431"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:431" class="footnote-back-ref">↩</a></p></li> <li id="fn:432"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:432" class="footnote-back-ref">↩</a></p></li> <li id="fn:433"><p>Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart (2012). "A cross-protocol attack on the TLS protocol" (PDF). Proceedings of the 2012 ACM conference on Computer and communications security. Association for Computing Machinery. pp. 62–72. doi:10.1145/2382196.2382206. ISBN 978-1-4503-1651-4.{{cite conference}}: CS1 maint: multiple names: authors list (link) <a href="978-1-4503-1651-4" target="_blank">978-1-4503-1651-4</a> <a href="#fnref:433" class="footnote-back-ref">↩</a></p></li> <li id="fn:434"><p>RFC 4492. doi:10.17487/RFC4492. <a href="https://datatracker.ietf.org/doc/html/rfc4492" target="_blank">https://datatracker.ietf.org/doc/html/rfc4492</a> <a href="#fnref:434" class="footnote-back-ref">↩</a></p></li> <li id="fn:435"><p>Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart (2012). "A cross-protocol attack on the TLS protocol" (PDF). Proceedings of the 2012 ACM conference on Computer and communications security. Association for Computing Machinery. pp. 62–72. doi:10.1145/2382196.2382206. ISBN 978-1-4503-1651-4.{{cite conference}}: CS1 maint: multiple names: authors list (link) <a href="978-1-4503-1651-4" target="_blank">978-1-4503-1651-4</a> <a href="#fnref:435" class="footnote-back-ref">↩</a></p></li> <li id="fn:436"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:436" class="footnote-back-ref">↩</a></p></li> <li id="fn:437"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:437" class="footnote-back-ref">↩</a></p></li> <li id="fn:438"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:438" class="footnote-back-ref">↩</a></p></li> <li id="fn:439"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:439" class="footnote-back-ref">↩</a></p></li> <li id="fn:440"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:440" class="footnote-back-ref">↩</a></p></li> <li id="fn:441"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:441" class="footnote-back-ref">↩</a></p></li> <li id="fn:442"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:442" class="footnote-back-ref">↩</a></p></li> <li id="fn:443"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:443" class="footnote-back-ref">↩</a></p></li> <li id="fn:444"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:444" class="footnote-back-ref">↩</a></p></li> <li id="fn:445"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:445" class="footnote-back-ref">↩</a></p></li> <li id="fn:446"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:446" class="footnote-back-ref">↩</a></p></li> <li id="fn:447"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:447" class="footnote-back-ref">↩</a></p></li> <li id="fn:448"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:448" class="footnote-back-ref">↩</a></p></li> <li id="fn:449"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:449" class="footnote-back-ref">↩</a></p></li> <li id="fn:450"><p>These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183] <a href="#fnref:450" class="footnote-back-ref">↩</a></p></li> <li id="fn:451"><p>These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184] <a href="#fnref:451" class="footnote-back-ref">↩</a></p></li> <li id="fn:452"><p>GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. <a href="https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04" target="_blank">https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04</a> <a href="#fnref:452" class="footnote-back-ref">↩</a></p></li> <li id="fn:453"><p>GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. <a href="https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04" target="_blank">https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04</a> <a href="#fnref:453" class="footnote-back-ref">↩</a></p></li> <li id="fn:454"><p>"LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141809396501638" target="_blank">https://marc.info/?l=openbsd-announce&m=141809396501638</a> <a href="#fnref:454" class="footnote-back-ref">↩</a></p></li> <li id="fn:455"><p>"LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141809396501638" target="_blank">https://marc.info/?l=openbsd-announce&m=141809396501638</a> <a href="#fnref:455" class="footnote-back-ref">↩</a></p></li> <li id="fn:456"><p>Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=518787" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=518787</a> <a href="#fnref:456" class="footnote-back-ref">↩</a></p></li> <li id="fn:457"><p>Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=608725" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=608725</a> <a href="#fnref:457" class="footnote-back-ref">↩</a></p></li> <li id="fn:458"><p>Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=518787" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=518787</a> <a href="#fnref:458" class="footnote-back-ref">↩</a></p></li> <li id="fn:459"><p>Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=608725" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=608725</a> <a href="#fnref:459" class="footnote-back-ref">↩</a></p></li> <li id="fn:460"><p>"OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. <a href="https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost" target="_blank">https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost</a> <a href="#fnref:460" class="footnote-back-ref">↩</a></p></li> <li id="fn:461"><p>"OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. <a href="https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost" target="_blank">https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost</a> <a href="#fnref:461" class="footnote-back-ref">↩</a></p></li> <li id="fn:462"><p>"SHA2 and Windows". Retrieved 2024-12-25. <a href="https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/sha2-and-windows/1128617" target="_blank">https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/sha2-and-windows/1128617</a> <a href="#fnref:462" class="footnote-back-ref">↩</a></p></li> <li id="fn:463"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:463" class="footnote-back-ref">↩</a></p></li> <li id="fn:464"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:464" class="footnote-back-ref">↩</a></p></li> <li id="fn:465"><p>"Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014. <a href="https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC" target="_blank">https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC</a> <a href="#fnref:465" class="footnote-back-ref">↩</a></p></li> <li id="fn:466"><p>Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014. <a href="http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/" target="_blank">http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/</a> <a href="#fnref:466" class="footnote-back-ref">↩</a></p></li> <li id="fn:467"><p>"Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2". support.microsoft.com. <a href="https://support.microsoft.com/en-us/topic/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities-in-windows-8-1-and-windows-server-2012-r2-8e395e43-c8ef-27d8-b60c-0fc57d526d94" target="_blank">https://support.microsoft.com/en-us/topic/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities-in-windows-8-1-and-windows-server-2012-r2-8e395e43-c8ef-27d8-b60c-0fc57d526d94</a> <a href="#fnref:467" class="footnote-back-ref">↩</a></p></li> <li id="fn:468"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:468" class="footnote-back-ref">↩</a></p></li> <li id="fn:469"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:469" class="footnote-back-ref">↩</a></p></li> <li id="fn:470"><p>"Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023-07-14. <a href="https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview" target="_blank">https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview</a> <a href="#fnref:470" class="footnote-back-ref">↩</a></p></li> <li id="fn:471"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:471" class="footnote-back-ref">↩</a></p></li> <li id="fn:472"><p>Extensions to support GOST in Schannel might be available.[citation needed] <a href="/wiki/Wikipedia:Citation_needed" target="_blank">/wiki/Wikipedia:Citation_needed</a> <a href="#fnref:472" class="footnote-back-ref">↩</a></p></li> <li id="fn:473"><p>RFC 3749 <a href="#fnref:473" class="footnote-back-ref">↩</a></p></li> <li id="fn:474"><p>"RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09. <a href="https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf" target="_blank">https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf</a> <a href="#fnref:474" class="footnote-back-ref">↩</a></p></li> <li id="fn:475"><p>"OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. <a href="https://marc.info/?l=openbsd-announce&m=141486254309079" target="_blank">https://marc.info/?l=openbsd-announce&m=141486254309079</a> <a href="#fnref:475" class="footnote-back-ref">↩</a></p></li> <li id="fn:476"><p>RFC 5746 <a href="#fnref:476" class="footnote-back-ref">↩</a></p></li> <li id="fn:477"><p>RFC 6066 <a href="#fnref:477" class="footnote-back-ref">↩</a></p></li> <li id="fn:478"><p>RFC 7301 <a href="#fnref:478" class="footnote-back-ref">↩</a></p></li> <li id="fn:479"><p>RFC 6066 <a href="#fnref:479" class="footnote-back-ref">↩</a></p></li> <li id="fn:480"><p>RFC 6091 <a href="#fnref:480" class="footnote-back-ref">↩</a></p></li> <li id="fn:481"><p>RFC 4680 <a href="#fnref:481" class="footnote-back-ref">↩</a></p></li> <li id="fn:482"><p>RFC 5077. doi:10.17487/RFC5077. <a href="https://datatracker.ietf.org/doc/html/rfc5077" target="_blank">https://datatracker.ietf.org/doc/html/rfc5077</a> <a href="#fnref:482" class="footnote-back-ref">↩</a></p></li> <li id="fn:483"><p>RFC 5705. doi:10.17487/RFC5705. <a href="https://datatracker.ietf.org/doc/html/rfc5705" target="_blank">https://datatracker.ietf.org/doc/html/rfc5705</a> <a href="#fnref:483" class="footnote-back-ref">↩</a></p></li> <li id="fn:484"><p>RFC 6066 <a href="#fnref:484" class="footnote-back-ref">↩</a></p></li> <li id="fn:485"><p>Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security. doi:10.17487/RFC7366. RFC 7366. <a href="https://datatracker.ietf.org/doc/html/rfc7366" target="_blank">https://datatracker.ietf.org/doc/html/rfc7366</a> <a href="#fnref:485" class="footnote-back-ref">↩</a></p></li> <li id="fn:486"><p>RFC 7507. doi:10.17487/RFC7507. <a href="https://datatracker.ietf.org/doc/html/rfc7507" target="_blank">https://datatracker.ietf.org/doc/html/rfc7507</a> <a href="#fnref:486" class="footnote-back-ref">↩</a></p></li> <li id="fn:487"><p>RFC 7627 <a href="#fnref:487" class="footnote-back-ref">↩</a></p></li> <li id="fn:488"><p>RFC 7685 <a href="#fnref:488" class="footnote-back-ref">↩</a></p></li> <li id="fn:489"><p>RFC 7250 <a href="#fnref:489" class="footnote-back-ref">↩</a></p></li> <li id="fn:490"><p>"Version 1.11.16, 2015-03-29 — Botan". 2016-03-29. Retrieved 2016-09-08. <a href="https://botan.randombit.net/news.html#version-1-11-16-2015-03-29" target="_blank">https://botan.randombit.net/news.html#version-1-11-16-2015-03-29</a> <a href="#fnref:490" class="footnote-back-ref">↩</a></p></li> <li id="fn:491"><p>"Version 1.11.10, 2014-12-10 — Botan". 2014-12-10. Retrieved 2014-12-14. <a href="http://botan.randombit.net/relnotes/1_11_10.html" target="_blank">http://botan.randombit.net/relnotes/1_11_10.html</a> <a href="#fnref:491" class="footnote-back-ref">↩</a></p></li> <li id="fn:492"><p>"Version 1.11.26, 2016-01-04 — Botan". 2016-01-04. Retrieved 2016-02-25. <a href="http://botan.randombit.net/news.html#version-1-11-26-2016-01-04" target="_blank">http://botan.randombit.net/news.html#version-1-11-26-2016-01-04</a> <a href="#fnref:492" class="footnote-back-ref">↩</a></p></li> <li id="fn:493"><p>Present, but disabled by default due to lack of use by any implementation. <a href="#fnref:493" class="footnote-back-ref">↩</a></p></li> <li id="fn:494"><p>"gnutls 3.2.0". Archived from the original on 2016-01-31. Retrieved 2015-01-26. <a href="https://web.archive.org/web/20160131230710/http://article.gmane.org/gmane.network.gnutls.general/3136" target="_blank">https://web.archive.org/web/20160131230710/http://article.gmane.org/gmane.network.gnutls.general/3136</a> <a href="#fnref:494" class="footnote-back-ref">↩</a></p></li> <li id="fn:495"><p>Mavrogiannopoulos, Nikos (August 21, 2017). "[gnutls-help] GnuTLS 3.6.0 released". <a href="https://lists.gnupg.org/pipermail/gnutls-help/2017-August/004364.html" target="_blank">https://lists.gnupg.org/pipermail/gnutls-help/2017-August/004364.html</a> <a href="#fnref:495" class="footnote-back-ref">↩</a></p></li> <li id="fn:496"><p>"[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. <a href="http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html" target="_blank">http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html</a> <a href="#fnref:496" class="footnote-back-ref">↩</a></p></li> <li id="fn:497"><p>"gnutls 3.4.4". Archived from the original on 2017-07-17. Retrieved 2015-08-25. <a href="https://web.archive.org/web/20170717020648/http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267" target="_blank">https://web.archive.org/web/20170717020648/http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267</a> <a href="#fnref:497" class="footnote-back-ref">↩</a></p></li> <li id="fn:498"><p>"[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. <a href="http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html" target="_blank">http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html</a> <a href="#fnref:498" class="footnote-back-ref">↩</a></p></li> <li id="fn:499"><p>"%DUMBFW priority keyword". Retrieved 2017-04-30. <a href="https://gnutls.org/manual/html_node/Priority-Strings.html" target="_blank">https://gnutls.org/manual/html_node/Priority-Strings.html</a> <a href="#fnref:499" class="footnote-back-ref">↩</a></p></li> <li id="fn:500"><p>"gnutls 3.6.6". 2019-01-25. Retrieved 2019-09-01. <a href="https://lists.gnupg.org/pipermail/gnutls-help/2019-January/004484.html" target="_blank">https://lists.gnupg.org/pipermail/gnutls-help/2019-January/004484.html</a> <a href="#fnref:500" class="footnote-back-ref">↩</a></p></li> <li id="fn:501"><p>"Security Enhancements in JDK 8". docs.oracle.com. <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html</a> <a href="#fnref:501" class="footnote-back-ref">↩</a></p></li> <li id="fn:502"><p>"Security Enhancements in JDK 8". docs.oracle.com. <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html</a> <a href="#fnref:502" class="footnote-back-ref">↩</a></p></li> <li id="fn:503"><p>"LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-22. <a href="https://marc.info/?l=openbsd-announce&m=142193407304782" target="_blank">https://marc.info/?l=openbsd-announce&m=142193407304782</a> <a href="#fnref:503" class="footnote-back-ref">↩</a></p></li> <li id="fn:504"><p>"LibreSSL 2.1.4 released". 2015-03-04. Retrieved 2015-03-04. <a href="https://marc.info/?l=openbsd-announce&m=142543818707898" target="_blank">https://marc.info/?l=openbsd-announce&m=142543818707898</a> <a href="#fnref:504" class="footnote-back-ref">↩</a></p></li> <li id="fn:505"><p>"MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26. <a href="https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html" target="_blank">https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html</a> <a href="#fnref:505" class="footnote-back-ref">↩</a></p></li> <li id="fn:506"><p>"Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link] <a href="https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383" target="_blank">https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383</a> <a href="#fnref:506" class="footnote-back-ref">↩</a></p></li> <li id="fn:507"><p>"Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link] <a href="https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383" target="_blank">https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383</a> <a href="#fnref:507" class="footnote-back-ref">↩</a></p></li> <li id="fn:508"><p>"Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link] <a href="https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383" target="_blank">https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383</a> <a href="#fnref:508" class="footnote-back-ref">↩</a></p></li> <li id="fn:509"><p>"Download overview - PolarSSL". 2014-04-11. Archived from the original on 2015-02-09. Retrieved 2015-01-26. <a href="https://web.archive.org/web/20150209195111/https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released" target="_blank">https://web.archive.org/web/20150209195111/https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released</a> <a href="#fnref:509" class="footnote-back-ref">↩</a></p></li> <li id="fn:510"><p>"mbed TLS 1.3.10 released". 2015-02-08. Archived from the original on 2015-02-09. Retrieved 2015-02-09. <a href="https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released" target="_blank">https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released</a> <a href="#fnref:510" class="footnote-back-ref">↩</a></p></li> <li id="fn:511"><p>"mbed TLS 1.3.10 released". 2015-02-08. Archived from the original on 2015-02-09. Retrieved 2015-02-09. <a href="https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released" target="_blank">https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released</a> <a href="#fnref:511" class="footnote-back-ref">↩</a></p></li> <li id="fn:512"><p>"mbed TLS 1.3.10 released". 2015-02-08. Archived from the original on 2015-02-09. Retrieved 2015-02-09. <a href="https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released" target="_blank">https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released</a> <a href="#fnref:512" class="footnote-back-ref">↩</a></p></li> <li id="fn:513"><p>"NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Archived from the original on January 26, 2015. Retrieved 2015-01-26. <a href="https://archive.today/20150126155403/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes" target="_blank">https://archive.today/20150126155403/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes</a> <a href="#fnref:513" class="footnote-back-ref">↩</a></p></li> <li id="fn:514"><p>"Bug 961416 - Support RFC6091 - Using OpenPGP Keys for Transport Layer Security Authentication (TLS1.2)". Mozilla. Retrieved 2014-06-18. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=961416" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=961416</a> <a href="#fnref:514" class="footnote-back-ref">↩</a></p></li> <li id="fn:515"><p>"Bug 972145 - Implement the encrypt-then-MAC TLS extension". Mozilla. Retrieved 2014-11-06. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=972145" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=972145</a> <a href="#fnref:515" class="footnote-back-ref">↩</a></p></li> <li id="fn:516"><p>"NSS 3.17.1 release notes". Archived from the original on 2019-04-19. Retrieved 2014-10-17. <a href="https://web.archive.org/web/20190419152214/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes" target="_blank">https://web.archive.org/web/20190419152214/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes</a> <a href="#fnref:516" class="footnote-back-ref">↩</a></p></li> <li id="fn:517"><p>"NSS 3.21 release notes". Archived from the original on 2021-12-07. Retrieved 2015-11-14. <a href="https://web.archive.org/web/20211207025807/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes" target="_blank">https://web.archive.org/web/20211207025807/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes</a> <a href="#fnref:517" class="footnote-back-ref">↩</a></p></li> <li id="fn:518"><p>"NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Archived from the original on January 26, 2015. Retrieved 2015-01-26. <a href="https://archive.today/20150126155403/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes" target="_blank">https://archive.today/20150126155403/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes</a> <a href="#fnref:518" class="footnote-back-ref">↩</a></p></li> <li id="fn:519"><p>"Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. <a href="https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html" target="_blank">https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html</a> <a href="#fnref:519" class="footnote-back-ref">↩</a></p></li> <li id="fn:520"><p>"OpenSSL Security Advisory [15 Oct 2014]". 2014-10-15. <a href="https://openssl-library.org/news/secadv/20141015.txt" target="_blank">https://openssl-library.org/news/secadv/20141015.txt</a> <a href="#fnref:520" class="footnote-back-ref">↩</a></p></li> <li id="fn:521"><p>"OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. <a href="https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html" target="_blank">https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html</a> <a href="#fnref:521" class="footnote-back-ref">↩</a></p></li> <li id="fn:522"><p>"Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]". 2014-04-07. Archived from the original on 2015-01-20. Retrieved 2015-02-10. <a href="https://web.archive.org/web/20150120120428/https://www.openssl.org/news/openssl-1.0.1-notes.html" target="_blank">https://web.archive.org/web/20150120120428/https://www.openssl.org/news/openssl-1.0.1-notes.html</a> <a href="#fnref:522" class="footnote-back-ref">↩</a></p></li> <li id="fn:523"><p>"OpenSSL Announces Final Release of OpenSSL 3.2.0". 2023-11-23. Retrieved 2024-10-11. <a href="https://openssl-library.org/post/2023-11-06-openssl32/" target="_blank">https://openssl-library.org/post/2023-11-06-openssl32/</a> <a href="#fnref:523" class="footnote-back-ref">↩</a></p></li> <li id="fn:524"><p>rustls does not implement earlier versions that would warrant protection against insecure downgrade <a href="#fnref:524" class="footnote-back-ref">↩</a></p></li> <li id="fn:525"><p>"Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. <a href="https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121" target="_blank">https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121</a> <a href="#fnref:525" class="footnote-back-ref">↩</a></p></li> <li id="fn:526"><p>"Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. <a href="https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121" target="_blank">https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121</a> <a href="#fnref:526" class="footnote-back-ref">↩</a></p></li> <li id="fn:527"><p>"What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2024-04-28. <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)" target="_blank">https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)</a> <a href="#fnref:527" class="footnote-back-ref">↩</a></p></li> <li id="fn:528"><p>"Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. <a href="https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121" target="_blank">https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121</a> <a href="#fnref:528" class="footnote-back-ref">↩</a></p></li> <li id="fn:529"><p>"What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2024-04-28. <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)" target="_blank">https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)</a> <a href="#fnref:529" class="footnote-back-ref">↩</a></p></li> <li id="fn:530"><p>"Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. <a href="https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121" target="_blank">https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121</a> <a href="#fnref:530" class="footnote-back-ref">↩</a></p></li> <li id="fn:531"><p>"wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)". 2015-10-26. Retrieved 2015-11-19. <a href="https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html" target="_blank">https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html</a> <a href="#fnref:531" class="footnote-back-ref">↩</a></p></li> <li id="fn:532"><p>"wolfSSL Version 4.2.0 is Now Available!". 22 October 2019. Retrieved 2021-08-13. <a href="https://www.wolfssl.com/wolfssl-version-4-2-0-now-available/" target="_blank">https://www.wolfssl.com/wolfssl-version-4-2-0-now-available/</a> <a href="#fnref:532" class="footnote-back-ref">↩</a></p></li> <li id="fn:533"><p>"wolfSSL supports Raw Public Keys". August 2023. Retrieved 2024-10-25. <a href="https://www.wolfssl.com/wolfssl-supports-raw-public-keys/" target="_blank">https://www.wolfssl.com/wolfssl-supports-raw-public-keys/</a> <a href="#fnref:533" class="footnote-back-ref">↩</a></p></li> <li id="fn:534"><p>"Version 1.11.31, 2015-08-30 — Botan". 2016-08-30. Retrieved 2016-09-08. <a href="https://botan.randombit.net/news.html#version-1-11-31-2016-08-30" target="_blank">https://botan.randombit.net/news.html#version-1-11-31-2016-08-30</a> <a href="#fnref:534" class="footnote-back-ref">↩</a></p></li> <li id="fn:535"><p>"Trusted Platform Module (TPM) — Botan". <a href="https://botan.randombit.net/handbook/api_ref/tpm.html" target="_blank">https://botan.randombit.net/handbook/api_ref/tpm.html</a> <a href="#fnref:535" class="footnote-back-ref">↩</a></p></li> <li id="fn:536"><p>Pure Java implementations relies on JVM processor optimization capabilities, such as OpenJDK support for AES-NI[228] <a href="/wiki/Java_virtual_machine" target="_blank">/wiki/Java_virtual_machine</a> <a href="#fnref:536" class="footnote-back-ref">↩</a></p></li> <li id="fn:537"><p>BSAFE SSL-J can be configured to run in native mode, using BSAFE Crypto-C Micro Edition to benefit from processor optimization.[229] <a href="#fnref:537" class="footnote-back-ref">↩</a></p></li> <li id="fn:538"><p>"Comparison of BSAFE TLS libraries: Micro Edition Suite vs SSL-J | Dell Malaysia". <a href="https://www.dell.com/support/kbdoc/en-my/000204717/comparison-of-bsafe-tls-libraries-micro-edition-suite-vs-ssl-j" target="_blank">https://www.dell.com/support/kbdoc/en-my/000204717/comparison-of-bsafe-tls-libraries-micro-edition-suite-vs-ssl-j</a> <a href="#fnref:538" class="footnote-back-ref">↩</a></p></li> <li id="fn:539"><p>Mavrogiannopoulos, Nikos (October 9, 2016). "[gnutls-devel] gnutls 3.5.5". <a href="https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.html" target="_blank">https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.html</a> <a href="#fnref:539" class="footnote-back-ref">↩</a></p></li> <li id="fn:540"><p>"Trusted Platform Module (GnuTLS 3.8.4)". <a href="https://www.gnutls.org/manual/html_node/Trusted-Platform-Module.html" target="_blank">https://www.gnutls.org/manual/html_node/Trusted-Platform-Module.html</a> <a href="#fnref:540" class="footnote-back-ref">↩</a></p></li> <li id="fn:541"><p>"Java SSL provider with AES-NI support". stackoverflow.com. <a href="https://stackoverflow.com/questions/14259671/java-ssl-provider-with-aes-ni-support" target="_blank">https://stackoverflow.com/questions/14259671/java-ssl-provider-with-aes-ni-support</a> <a href="#fnref:541" class="footnote-back-ref">↩</a></p></li> <li id="fn:542"><p>"PolarSSL 1.3.3 released". 2013-12-31. Archived from the original on 2014-01-07. Retrieved 2014-01-07. We've incorporated support for AES-NI in our AES and GCM modules. <a href="https://web.archive.org/web/20140107122023/https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released" target="_blank">https://web.archive.org/web/20140107122023/https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released</a> <a href="#fnref:542" class="footnote-back-ref">↩</a></p></li> <li id="fn:543"><p>"NXP/Plug-and-trust". GitHub. <a href="https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file" target="_blank">https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file</a> <a href="#fnref:543" class="footnote-back-ref">↩</a></p></li> <li id="fn:544"><p>"ARMmbed/Mbed-os-atecc608a". GitHub. <a href="https://github.com/ARMmbed/mbed-os-atecc608a/" target="_blank">https://github.com/ARMmbed/mbed-os-atecc608a/</a> <a href="#fnref:544" class="footnote-back-ref">↩</a></p></li> <li id="fn:545"><p>Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens <a href="#fnref:545" class="footnote-back-ref">↩</a></p></li> <li id="fn:546"><p>"Bug 706024 - AES-NI enhancements to NSS on Sandy Bridge systems". Retrieved 2013-09-28. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=706024" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=706024</a> <a href="#fnref:546" class="footnote-back-ref">↩</a></p></li> <li id="fn:547"><p>"Bug 479744 - RFE : VIA Padlock ACE support (hardware RNG, AES, SHA1 and SHA256)". Retrieved 2014-04-11. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=479744" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=479744</a> <a href="#fnref:547" class="footnote-back-ref">↩</a></p></li> <li id="fn:548"><p>"Подключаем Рутокен ЭЦП к OpenSSL" (in Russian). 16 December 2011. <a href="https://habrahabr.ru/post/134725/" target="_blank">https://habrahabr.ru/post/134725/</a> <a href="#fnref:548" class="footnote-back-ref">↩</a></p></li> <li id="fn:549"><p>"Поддержка Рутокен ЭЦП в OpenSSL (Страница 1) — Рутокен и Open Source — Форум Рутокен" (in Russian). <a href="http://forum.rutoken.ru/topic/1639/" target="_blank">http://forum.rutoken.ru/topic/1639/</a> <a href="#fnref:549" class="footnote-back-ref">↩</a></p></li> <li id="fn:550"><p>"OpenSSL ГОСТ" (in Russian). Archived from the original on 2018-06-23. <a href="https://web.archive.org/web/20180623005200/https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184" target="_blank">https://web.archive.org/web/20180623005200/https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184</a> <a href="#fnref:550" class="footnote-back-ref">↩</a></p></li> <li id="fn:551"><p>"git.openssl.org Git - openssl.git/commitdiff". git.openssl.org. <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddacb8f27ba4c8a8d51c306c150e1a8703b008f2" target="_blank">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddacb8f27ba4c8a8d51c306c150e1a8703b008f2</a> <a href="#fnref:551" class="footnote-back-ref">↩</a></p></li> <li id="fn:552"><p>"Tpm2-software/Tpm2-openssl". GitHub. <a href="https://github.com/tpm2-software/tpm2-openssl" target="_blank">https://github.com/tpm2-software/tpm2-openssl</a> <a href="#fnref:552" class="footnote-back-ref">↩</a></p></li> <li id="fn:553"><p>"Provider - OpenSSL Documentation". <a href="https://docs.openssl.org/3.0/man7/provider/" target="_blank">https://docs.openssl.org/3.0/man7/provider/</a> <a href="#fnref:553" class="footnote-back-ref">↩</a></p></li> <li id="fn:554"><p>"NXP/Plug-and-trust". GitHub. <a href="https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file" target="_blank">https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file</a> <a href="#fnref:554" class="footnote-back-ref">↩</a></p></li> <li id="fn:555"><p>"STSW-STSA110-SSL - STSAFE-A integration within OpenSSL security stack". STMicroelectronics. <a href="https://www.st.com/en/embedded-software/stsw-stsa110-ssl.html" target="_blank">https://www.st.com/en/embedded-software/stsw-stsa110-ssl.html</a> <a href="#fnref:555" class="footnote-back-ref">↩</a></p></li> <li id="fn:556"><p>SecECKey.c on GitHub <a href="https://github.com/apple-oss-distributions/Security/blob/Security-55179.13/sec/Security/SecECKey.c" target="_blank">https://github.com/apple-oss-distributions/Security/blob/Security-55179.13/sec/Security/SecECKey.c</a> <a href="#fnref:556" class="footnote-back-ref">↩</a></p></li> <li id="fn:557"><p>"Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8" (PDF). Apple Inc. 2013. <a href="http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT5396/Crypto_Officer_Role_Guide_for_FIPS_140-2_Compliance_OS_X_Mountain_Lion_v10.8.pdf" target="_blank">http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT5396/Crypto_Officer_Role_Guide_for_FIPS_140-2_Compliance_OS_X_Mountain_Lion_v10.8.pdf</a> <a href="#fnref:557" class="footnote-back-ref">↩</a></p></li> <li id="fn:558"><p>"CAAM support in wolfSSL". 10 March 2020. <a href="https://community.nxp.com/t5/i-MX-Processors/CAAM-support-in-wolfSSL/m-p/1013736" target="_blank">https://community.nxp.com/t5/i-MX-Processors/CAAM-support-in-wolfSSL/m-p/1013736</a> <a href="#fnref:558" class="footnote-back-ref">↩</a></p></li> <li id="fn:559"><p>"wolfTPM Portable TPM 2.0 Library". <a href="https://www.wolfssl.com/products/wolftpm/" target="_blank">https://www.wolfssl.com/products/wolftpm/</a> <a href="#fnref:559" class="footnote-back-ref">↩</a></p></li> <li id="fn:560"><p>"Announcing wolfSSL TPM support for the Espressif ESP32". 20 June 2024. <a href="https://www.wolfssl.com/announcing-wolfssl-tpm-support-for-the-espressif-esp32/" target="_blank">https://www.wolfssl.com/announcing-wolfssl-tpm-support-for-the-espressif-esp32/</a> <a href="#fnref:560" class="footnote-back-ref">↩</a></p></li> <li id="fn:561"><p>"WolfSSL SSL/TLS Support for NXP SE050 – wolfSSL". 22 February 2024. <a href="https://www.wolfssl.com/wolfssl-ssl-tls-support-for-nxp-se050/" target="_blank">https://www.wolfssl.com/wolfssl-ssl-tls-support-for-nxp-se050/</a> <a href="#fnref:561" class="footnote-back-ref">↩</a></p></li> <li id="fn:562"><p>"WolfSSL support for the ATECC608 Crypto Coprocessor – wolfSSL". 13 October 2021. <a href="https://www.wolfssl.com/blog-wolfssl-support-atecc608-crypto-coprocessor/" target="_blank">https://www.wolfssl.com/blog-wolfssl-support-atecc608-crypto-coprocessor/</a> <a href="#fnref:562" class="footnote-back-ref">↩</a></p></li> <li id="fn:563"><p>"WolfSSL support for STSAFE-A100 crypto coprocessor – wolfSSL". 20 September 2018. <a href="https://www.wolfssl.com/wolfssl-support-stsafe-a100-crypto-coprocessor/" target="_blank">https://www.wolfssl.com/wolfssl-support-stsafe-a100-crypto-coprocessor/</a> <a href="#fnref:563" class="footnote-back-ref">↩</a></p></li> <li id="fn:564"><p>"Support for MAXQ1065 in wolfSSL – wolfSSL". 29 November 2022. <a href="https://www.wolfssl.com/support-maxq1065-wolfssl/" target="_blank">https://www.wolfssl.com/support-maxq1065-wolfssl/</a> <a href="#fnref:564" class="footnote-back-ref">↩</a></p></li> <li id="fn:565"><p>"LibreSSL 2.2.1 Released". 2015-07-08. Retrieved 2016-01-30. <a href="https://marc.info/?l=openbsd-announce&m=143635991232240" target="_blank">https://marc.info/?l=openbsd-announce&m=143635991232240</a> <a href="#fnref:565" class="footnote-back-ref">↩</a></p></li> <li id="fn:566"><p>"ktls integration for rustls". GitHub. Retrieved 2024-08-29. <a href="https://github.com/rustls/ktls" target="_blank">https://github.com/rustls/ktls</a> <a href="#fnref:566" class="footnote-back-ref">↩</a></p></li> <li id="fn:567"><p>"wolfProvider". 2021-11-10. Retrieved 2022-01-17. <a href="https://www.wolfssl.com/wolfengine-openssl-provider-solution-now-public/" target="_blank">https://www.wolfssl.com/wolfengine-openssl-provider-solution-now-public/</a> <a href="#fnref:567" class="footnote-back-ref">↩</a></p></li> <li id="fn:568"><p>"Version 1.11.26, 2016-01-04 — Botan". 2016-01-04. Retrieved 2016-02-25. <a href="http://botan.randombit.net/news.html#version-1-11-26-2016-01-04" target="_blank">http://botan.randombit.net/news.html#version-1-11-26-2016-01-04</a> <a href="#fnref:568" class="footnote-back-ref">↩</a></p></li> <li id="fn:569"><p>The PKCS #11 URI Scheme. doi:10.17487/RFC7512. RFC 7512. <a href="https://datatracker.ietf.org/doc/html/rfc7512" target="_blank">https://datatracker.ietf.org/doc/html/rfc7512</a> <a href="#fnref:569" class="footnote-back-ref">↩</a></p></li> <li id="fn:570"><p>"libp11: PKCS#11 wrapper library". 19 January 2018 – via GitHub. <a href="https://github.com/OpenSC/libp11" target="_blank">https://github.com/OpenSC/libp11</a> <a href="#fnref:570" class="footnote-back-ref">↩</a></p></li> <li id="fn:571"><p>The PKCS #11 URI Scheme. doi:10.17487/RFC7512. RFC 7512. <a href="https://datatracker.ietf.org/doc/html/rfc7512" target="_blank">https://datatracker.ietf.org/doc/html/rfc7512</a> <a href="#fnref:571" class="footnote-back-ref">↩</a></p></li> <li id="fn:572"><p>"Windows CNG bridge for rustls". GitHub. Retrieved 2024-08-29. <a href="https://github.com/rustls/rustls-cng" target="_blank">https://github.com/rustls/rustls-cng</a> <a href="#fnref:572" class="footnote-back-ref">↩</a></p></li> <li id="fn:573"><p>On the fly replaceable/augmentable. <a href="#fnref:573" class="footnote-back-ref">↩</a></p></li> <li id="fn:574"><p>"Nss compat ossl - Fedora Project Wiki". fedoraproject.org. <a href="https://fedoraproject.org/wiki/Nss_compat_ossl" target="_blank">https://fedoraproject.org/wiki/Nss_compat_ossl</a> <a href="#fnref:574" class="footnote-back-ref">↩</a></p></li> <li id="fn:575"><p>"rustls-openssl compatibility layer". GitHub. Retrieved 2024-08-29. <a href="https://github.com/rustls/rustls-openssl-compat/" target="_blank">https://github.com/rustls/rustls-openssl-compat/</a> <a href="#fnref:575" class="footnote-back-ref">↩</a></p></li> <li id="fn:576"><p>"NSPR". Mozilla Developer Network. <a href="https://www.mozilla.org/projects/nspr/" target="_blank">https://www.mozilla.org/projects/nspr/</a> <a href="#fnref:576" class="footnote-back-ref">↩</a></p></li> <li id="fn:577"><p>"NSPR". Mozilla Developer Network. <a href="https://www.mozilla.org/projects/nspr/" target="_blank">https://www.mozilla.org/projects/nspr/</a> <a href="#fnref:577" class="footnote-back-ref">↩</a></p></li> <li id="fn:578"><p>For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For other platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions it uses to determine randomness. <a href="#fnref:578" class="footnote-back-ref">↩</a></p></li> </ol>