Menu
Home Explore People Places Arts History Plants & Animals Science Life & Culture Technology
On this page
Comparison of TLS implementations
List article

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.

Overview

ImplementationDeveloped byOpen sourceSoftware licenseCopyright holderWritten inLatest stable version, release dateOrigin
BotanJack LloydYesSimplified BSD LicenseJack LloydC++3.6.1 (October 26, 2024; 5 months ago (2024-10-26)1) [±]US (Vermont)
BoringSSLGoogleYesOpenSSL-SSLeay dual-license, ISC licenseEric Young, Tim Hudson, Sun, OpenSSL project, Google, and othersC, C++, Go, assembly??Australia/EU
Bouncy CastleThe Legion of the Bouncy Castle Inc.YesMIT LicenseLegion of the Bouncy Castle Inc.Java, C#
Java1.80 / January 14, 2025; 2 months ago (2025-01-14)2
Java LTSBC-LJA 2.73.7 / November 8, 2024; 4 months ago (2024-11-08)3
Java FIPSBC-FJA 2.0.0 / July 30, 2024; 8 months ago (2024-07-30)4
C#2.5.1 / February 14, 2025; 46 days ago (2025-02-14)5
C# FIPSBC-FNA 1.0.2 / March 11, 2024; 12 months ago (2024-03-11)6
Australia
BSAFEDell, formerly RSA SecurityNoProprietaryDellJava, C, assemblySSL-J 6.6 (July 2, 2024; 8 months ago (2024-07-02)7) [±]

SSL-J 7.3.1 (October 7, 2024; 5 months ago (2024-10-07)8) [±]Micro Edition Suite 5.0.3 (December 3, 2024; 3 months ago (2024-12-03)9) [±]

Australia
cryptlibPeter GutmannYesSleepycat License and commercial licensePeter GutmannC3.4.5 (2019; 6 years ago (2019)10) [±]NZ
GnuTLSGnuTLS projectYesLGPL-2.1-or-laterFree Software FoundationC3.8.911  2025-02-08EU (Greece and Sweden)
Java Secure Socket Extension (JSSE)OracleYesGNU GPLv2 and commercial licenseOracleJava

23.0.1 (October 15, 2024; 5 months ago (2024-10-15)12) [±]21.0.5 LTS (October 15, 2024; 5 months ago (2024-10-15)13) [±]17.0.13 LTS (October 15, 2024; 5 months ago (2024-10-15)14) [±]11.0.25 LTS (October 15, 2024; 5 months ago (2024-10-15)15) [±]8u431 LTS (October 15, 2024; 5 months ago (2024-10-15)16) [±]

US
LibreSSLOpenBSD ProjectYesApache-1.0, BSD-4-Clause, ISC, and public domainEric Young, Tim Hudson, Sun, OpenSSL project, OpenBSD Project, and othersC, assembly4.0.017  2024-10-14Canada
MatrixSSL18PeerSec NetworksYesGNU GPLv2+ and commercial licensePeerSec NetworksC4.2.2 (September 11, 2019; 5 years ago (2019-09-11) 19) [±]US
Mbed TLS (previously PolarSSL)ArmYesApache License 2.0, GNU GPLv2+ and commercial licenseArm HoldingsC3.6.320 (24 March 2025; 8 days ago (24 March 2025)) [±]EU (Netherlands)
Network Security Services (NSS)Mozilla, AOL, Red Hat, Sun, Oracle, Google and othersYesMPL 2.0NSS contributorsC, assembly
Standard3.84 / October 12, 2022; 2 years ago (2022-10-12)21
Extended Support Release3.79.1 / August 18, 2022; 2 years ago (2022-08-18)22
US
OpenSSLOpenSSL projectYesApache-2.023Eric Young, Tim Hudson, Sun, OpenSSL project, and othersC, assembly3.4.124  2025-02-11Australia/EU
RustlsJoe Birr-Pixton, Dirkjan Ochtman, Daniel McCarney, Josh Aas, and open source contributorsYesApache-2.0, MIT License and ISCOpen source contributorsRustv0.23.25 (March 17, 2025; 15 days ago (2025-03-17)25) [±]United Kingdom
s2nAmazonYesApache License 2.0, GNU GPLv2+ and commercial licenseAmazon.com, Inc.CContinuousUS
SchannelMicrosoftNoProprietaryMicrosoft CorporationWindows 11, 2021-10-05US
Secure TransportApple Inc.YesAPSL 2.0Apple Inc.57337.20.44 (OS X 10.11.2), 2015-12-08US
wolfSSL (previously CyaSSL)wolfSSL26YesGNU GPLv2+ and commercial licensewolfSSL Inc.27C, assembly5.7.6 (December 31, 2024; 3 months ago (2024-12-31)28) [±]US
Erlang/OTP SSL applicationEricssonYesApache License 2.0EricssonErlangOTP-21, 2018-06-19Sweden
ImplementationDeveloped byOpen sourceSoftware licenseCopyright ownerWritten inLatest stable version, release dateOrigin

TLS/SSL protocol version support

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated29 protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.30 TLS 1.1 (2006) fixed only one of the problems, by switching to random initialization vectors (IV) for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC 7366.31 A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011.32 In 2014, the POODLE vulnerability of SSL 3.0 was discovered, which takes advantage of the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.33

TLS 1.2 (2008) introduced a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).34

Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012.35

TLS 1.3 (2018) specified in RFC 8446 includes major optimizations and security improvements. QUIC (2021) specified in RFC 9000 and DTLS 1.3 (2022) specified in RFC 9147 builds on TLS 1.3. The publishing of TLS 1.3 and DTLS 1.3 obsoleted TLS 1.2 and DTLS 1.2.

Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. In 2021, IETF published RFC 8996 also forbidding negotiation of TLS 1.0, TLS 1.1, and DTLS 1.0 due to known vulnerabilities. NIST SP 800-52 requires support of TLS 1.3 by January 2024. Support of TLS 1.3 means that two compliant nodes will never negotiate TLS 1.2.

ImplementationSSL 2.0 (insecure)36SSL 3.0 (insecure)37TLS 1.0 (deprecated)38TLS 1.1 (deprecated)39TLS 1.240TLS 1.3DTLS 1.0 (deprecated)41DTLS 1.242
BotanNoNo43NoNoYesYesNoYes
BoringSSLYesYesYesYesYesYes
Bouncy CastleNoNoYesYesYesYes(draft version)YesYes
BSAFE SSL-J44NoDisabled by defaultNo45No46YesYesNoNo
cryptlibNoDisabled by default at compile timeYesYesYesNoNo
GnuTLSNo47Disabled by default48YesYesYesYes49YesYes
JSSENo50Disabled by default51Disabled by default52Disabled by default53YesYesYesYes
LibreSSLNo54No55YesYesYesYesYesYes56
MatrixSSLNoDisabled by default at compile time57YesYesYesYesYesYes
Mbed TLSNoNo58No59No60YesYes(experimental)Yes61Yes62
NSSNo63Disabled by default64YesYes65Yes66Yes67Yes68Yes69
OpenSSLNo70Disabled by defaultYesYes71Yes72YesYesYes73
RustlsNo74No75No76No77Yes78Yes79NoNo
s2n80NoDisabled by defaultYesYesYesYesNoNo
Schannel XP, 200381Disabled by default in MSIE 7Enabled by defaultEnabled by default in MSIE 7NoNoNoNoNo
Schannel Vista82Disabled by defaultEnabled by defaultYesNoNoNoNoNo
Schannel 200883Disabled by defaultEnabled by defaultYesDisabled by default (KB4019276)Disabled by default (KB4019276)NoNoNo
Schannel 7, 2008R284Disabled by defaultDisabled by default in MSIE 11YesEnabled by default in MSIE 11Enabled by default in MSIE 11NoYes85No86
Schannel 8, 201287Disabled by defaultEnabled by defaultYesDisabled by defaultDisabled by defaultNoYesNo
Schannel 8.1, 2012R2, 10 RTM & v151188Disabled by defaultDisabled by default in MSIE 11YesYesYesNoYesNo
Schannel 10 v1607 / 201689NoDisabled by defaultYesYesYesNoYesYes
Schannel 11 / 202290NoDisabled by defaultYesYesYesYesYesYes
Secure Transport

OS X 10.2-10.7, iOS 1-4

YesYesYesNoNoNoNo
Secure Transport OS X 10.8-10.10, iOS 5-8No91YesYesYes92Yes93Yes94No
Secure Transport OS X 10.11, iOS 9NoNo95YesYesYesYesUn­known
Secure Transport OS X 10.13, iOS 11NoNo96YesYesYesYes(draft version)97YesUn­known
wolfSSLNoDisabled by default98Disabled by default99YesYesYesYesYes
Erlang/OTP SSL application100No 101No 102Disabled by default 103Disabled by default 104YesPartially 105Disabled by default 106Yes
ImplementationSSL 2.0 (insecure)107SSL 3.0 (insecure)108TLS 1.0 (deprecated)109TLS 1.1 (deprecated)110TLS 1.2111TLS 1.3DTLS 1.0 (deprecated)112DTLS 1.2113

NSA Suite B Cryptography

Required components for NSA Suite B Cryptography (RFC 6460) are:

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

ImplementationTLS 1.2 Suite B
BotanYes
Bouncy CastleYes
BSAFEYes114
cryptlibYes
GnuTLSYes
JSSEYes115
LibreSSLYes
MatrixSSLYes
Mbed TLSYes
NSSNo116
OpenSSLYes117
RustlsYes118
S2n
SchannelYes119
Secure TransportNo
wolfSSLYes
ImplementationTLS 1.2 Suite B

Certifications

Note that certain certifications have received serious negative criticism from people who are actually involved in them.120

ImplementationFIPS 140-1, FIPS 140-2121FIPS 140-3
Level 1Level 2[disputed – discuss]Level 1
Botan122
Bouncy CastleBC-FJA 1.0.0 (#2768) BC-FJA 1.0.1 (#3152)
BSAFE SSL-J123Crypto-J 6.0 (1785, 1786)Crypto-J 6.1 / 6.1.1.0.1 (2057, 2058)Crypto-J 6.2 / 6.2.1.1 (2468, 2469)Crypto-J 6.2.4 (3172, 3184)Crypto-J 6.2.5 (#3819, #3820)Crypto-J 6.3 (#4696, #4697)Crypto-J 7.0 (4892)
cryptlib124
GnuTLS125Red Hat Enterprise Linux GnuTLS Cryptographic Module (#2780)
JSSE
LibreSSL126no support
MatrixSSL127SafeZone FIPS Cryptographic Module: 1.1 (#2389)
Mbed TLS128
NSS129Network Security Services: 3.2.2 (#247)Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837)Netscape Security Module: 1 (#7130), 1.01 (#47131)Network Security Services: 3.2.2 (#248132)Network Security Services Cryptographic Module: 3.11.4 (#814133), 3.12.4 (#1279, #1280134)
OpenSSL135OpenSSL FIPS Object Module: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051)2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)
Rustlsaws-lc FIPS module136 (#4759)
Schannel137Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8See details on Microsoft FIPS 140 Validated Cryptographic Modules
Secure TransportApple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701)Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016)Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7, #2020, #2021)
wolfSSL138wolfCrypt FIPS Module: 4.0 (#3389)See details on NIST certificate for validated Operating EnvironmentswolfCrypt FIPS Module: 3.6.0 (#2425)See details on NIST certificate for validated Operating EnvironmentswolfCrypt FIPS Module (#4178)See details on NIST certificate
ImplementationLevel 1Level 2Level 1
FIPS 140-1, FIPS 140-2FIPS 140-3

Key exchange algorithms (certificate-only)

This section lists the certificate verification functionality available in the various implementations.

ImplementationRSA139RSA-EXPORT (insecure)140DHE-RSA (forward secrecy)141DHE-DSS (forward secrecy)142ECDH-ECDSA143ECDHE-ECDSA (forward secrecy)144ECDH-RSA145ECDHE-RSA (forward secrecy)146GOST R 34.10-94, 34.10-2001147
BotanDisabled by defaultNoYesDisabled by defaultNoYesNoYesNo
BSAFEYesNoYesYesYesYesYesYesNo
cryptlibYesNoYesYesNoYesNoNoNo
GnuTLSYesNoYesDisabled by default148NoYesNoYesNo
JSSEYesDisabled by defaultYesYesYesYesYesYesNo
LibreSSLYesNo149YesYesNoYesNoYesYes150
MatrixSSLYesNoYesNoYesYesYesYesNo
Mbed TLSYesNoYesNoYesYesYesYesNo
NSSYesDisabled by defaultYes151YesYesYesYesYesNo152153
OpenSSLYesNo154YesDisabled by default155NoYesNoYesYes156
RustlsNoNoNoNoNoYes157NoYes158No
Schannel XP/2003YesYesNoXP: Max 1024 bits2003: 1024 bits onlyNoNoNoNoNo159
Schannel Vista/2008YesDisabled by defaultNo1024 bits by default160NoYesNoexcept AES_GCMNo161
Schannel 8/2012YesDisabled by defaultAES_GCM only1621631641024 bits by default165NoYesNoexcept AES_GCMNo166
Schannel 7/2008R2, 8.1/2012R2YesDisabled by defaultYes2048 bits by default167NoYesNoexcept AES_GCMNo168
Schannel 10YesDisabled by defaultYes2048 bits by default169NoYesNoYesNo170
Secure Transport OS X 10.6YesYesexcept AES_GCMYesYesexcept AES_GCMyesexcept AES_GCMNo
Secure Transport OS X 10.8-10.10YesNoexcept AES_GCMNoYesexcept AES_GCMYesexcept AES_GCMNo
Secure Transport OS X 10.11YesNoYesNoNoYesNoYesNo
wolfSSLYesNoYesNoYesYesYesYesNo
Erlang/OTP SSL applicationYesNoYesYesYesYesYesYesNo
ImplementationRSA171RSA-EXPORT (insecure)172DHE-RSA (forward secrecy)173DHE-DSS (forward secrecy)174ECDH-ECDSA175ECDHE-ECDSA (forward secrecy)176ECDH-RSA177ECDHE-RSA (forward secrecy)178GOST R 34.10-94, 34.10-2001179

Key exchange algorithms (alternative key-exchanges)

ImplementationSRP180SRP-DSS181SRP-RSA182PSK-RSA183PSK184DHE-PSK (forward secrecy)185ECDHE-PSK (forward secrecy)186KRB5187DH-ANON188 (insecure)ECDH-ANON189 (insecure)
BotanNoNoNoNoYesNoYesNoNoNo
BSAFE SSL-JNoNoNoNoYes190NoNoNoDisabled by defaultDisabled by default
cryptlibNoNoNoNoYesYesNoUn­knownNoNo
GnuTLSYesYesYesYesYesYesYesNoDisabled by defaultDisabled by default
JSSENoNoNoNoNoNoNoNoDisabled by defaultDisabled by default
LibreSSLNo191No192No193NoNoNoNoNoYesYes
MatrixSSLNoNoNoYesYesYesNoNoDisabled by defaultNo
Mbed TLSNoNoNoYesYesYesYesNoNoNo
NSSNo194No195No196No197No198No199No200NoClient side only, disabled by default201Disabled by default202
OpenSSLYesYesYesYesYesYesYesYes203Disabled by default204Disabled by default205
RustlsNoNoNoNoNoNoNoNoNoNo
SchannelNoNoNoNoNoNoNoYesNoNo
Secure TransportNoNoNoNoNoNoNoUn­knownYesYes
wolfSSLYesYesYesYesYesYesYes206YesNoNo
Erlang/OTP SSL applicationDisabled by defaultDisabled by defaultDisabled by defaultDisabled by defaultDisabled by defaultDisabled by defaultNoNoDisabled by defaultDisabled by default
ImplementationSRP207SRP-DSS208SRP-RSA209PSK-RSA210PSK211DHE-PSK (forward secrecy)212ECDHE-PSK (forward secrecy)213KRB5214DH-ANON215 (insecure)ECDH-ANON216 (insecure)

Certificate verification methods

ImplementationApplication-definedPKIX path validation217CRL218OCSP219DANE (DNSSEC)220221CT222
BotanYesYesYesYesNoUn­known
Bouncy CastleYesYesYesYesYesUn­known
BSAFEYesYesYesYesNoUn­known
cryptlibYesYesYesYesNoUn­known
GnuTLSYesYesYesYesYesUn­known
JSSEYesYesYesYesNoNo
LibreSSLYesYesYesYesNoUn­known
MatrixSSLYesYesYesYes223NoUn­known
Mbed TLSYesYesYesNo224NoUn­known
NSSYesYesYesYesNo225Un­known
OpenSSLYesYesYesYesYesYes
RustlsYesYesYesNoNoNo
s2nNo 226Un­known 227Un­known 228
SchannelUn­knownYesYes229Yes230NoUn­known
Secure TransportYesYesYesYesNoUn­known
wolfSSLYesYesYesYesNoUn­known
Erlang/OTP SSL applicationYesYesYesNoNoUn­known
ImplementationApplication-definedPKIX path validationCRLOCSPDANE (DNSSEC)CT

Encryption algorithms

ImplementationBlock cipher with mode of operationStream cipherNone
AES GCM231AES CCM232AES CBCCamellia GCM233Camellia CBC234235ARIA GCM236ARIA CBC237SEED CBC2383DES EDE CBC(insecure)239GOST 28147-89 CNT(proposed)240241ChaCha20-Poly1305242Null(insecure)243
BotanYesYesYesYesYesNoNoDisabled by defaultDisabled by defaultNoYes244Not implemented
BoringSSLYesNoYesNoNoNoNoNoYesNoYes
BSAFE SSL-JYesYesYesNoNoNoNoNoDisabled by defaultNoNoDisabled by default
cryptlibYesNoYesNoNoNoNoNoYesNoNoNot implemented
GnuTLSYesYes245YesYesYesNoNoNoDisabled by default246NoYes247Disabled by default
JSSEYesNoYesNoNoNoNoNoDisabled by default248NoYes(JDK 12+)249Disabled by default
LibreSSLYes250NoYesNoYes251NoNoNo252YesYes253Yes254Disabled by default
MatrixSSLYesNoYesNoNoNoNoYesDisabled by defaultNoYes255Disabled by default
Mbed TLSYesYes 256YesYesYesYes257Yes258NoNo259NoYes260Disabled by default at compile time
NSSYes261NoYesNo262263Yes264NoNoYes265YesNo266267Yes268Disabled by default
OpenSSLYes269Disabled by default270YesNoDisabled by default271Disabled by default272NoDisabled by default273Disabled by default274Yes275Yes276Disabled by default
RustlsYes277NoNoNoNoNoNoNoNoNoYes278Not implemented
Schannel XP/2003NoNo2003 only279NoNoNoNoNoYesNo280NoDisabled by default
Schannel Vista/2008, 2008R2, 2012NoNoYesNoNoNoNoNoYesNo281NoDisabled by default
Schannel 7, 8, 8.1/2012R2Yes except ECDHE_RSA282283NoYesNoNoNoNoNoYesNo284NoDisabled by default
Schannel 10285YesNoYesNoNoNoNoNoYesNo286NoDisabled by default
Secure Transport OS X 10.6 - 10.10NoNoYesNoNoNoNoNoYesNoNoDisabled by default
Secure Transport OS X 10.11YesNoYesNoNoNoNoNoYesNoNoDisabled by default
wolfSSLYesYesYesNoNoNoNoNoYesNoYesDisabled by default
Erlang/OTP SSL applicationYesNoYesNoNoNoNoNoDisabled by defaultNoExperimentalDisable by default
ImplementationBlock cipher with mode of operationStream cipherNone
AES GCM287AES CCM288AES CBCCamellia GCM289Camellia CBC290291ARIA GCM292ARIA CBC293SEED CBC2943DES EDE CBC(insecure)295GOST 28147-89 CNT(proposed)296297ChaCha20-Poly1305298Null(insecure)299
Notes

Obsolete algorithms

ImplementationBlock cipher with mode of operationStream cipher
IDEA CBC300(insecure)301DES CBC(insecure)302DES-40 CBC(EXPORT, insecure)303RC2-40 CBC(EXPORT, insecure)304RC4-128(insecure)305RC4-40(EXPORT, insecure)306307
BotanNoNoNoNoNo308No
BoringSSLNoNoNoNoDisabled by default at compile timeNo
BSAFE SSL-JNoDisabled by defaultDisabled by defaultNoDisabled by defaultDisabled by default
cryptlibNoDisabled by default at compile timeNoNoDisabled by default at compile timeNo
GnuTLSNoNoNoNoDisabled by default309No
JSSENoDisabled by defaultDisabled by defaultNoDisabled by defaultDisabled by default 310
LibreSSLYesYesNo311No312YesNo313
MatrixSSLYesNoNoNoDisabled by defaultNo
Mbed TLSNoDisabled by default at compile timeNoNoDisabled by default at compile time314No
NSSYesDisabled by defaultDisabled by defaultDisabled by defaultLowest priority315316Disabled by default
OpenSSLDisabled by default317Disabled by defaultNo318No319Disabled by defaultNo320
RustlsNoNoNoNoNoNo
Schannel XP/2003NoYesYesYesYesYes
Schannel Vista/2008NoDisabled by defaultDisabled by defaultDisabled by defaultYesDisabled by default
Schannel 7/2008R2NoDisabled by defaultDisabled by defaultDisabled by defaultLowest prioritywill be disabled soon321Disabled by default
Schannel 8/2012NoDisabled by defaultDisabled by defaultDisabled by defaultOnly as fallbackDisabled by default
Schannel 8.1/2012R2NoDisabled by defaultDisabled by defaultDisabled by defaultDisabled by default322Disabled by default
Schannel 10323NoDisabled by defaultDisabled by defaultDisabled by defaultDisabled by default324Disabled by default
Secure Transport OS X 10.6YesYesYesYesYesYes
Secure Transport OS X 10.7YesUn­knownUn­knownUn­knownYesUn­known
Secure Transport OS X 10.8-10.9YesDisabled by defaultDisabled by defaultDisabled by defaultYesDisabled by default
Secure Transport OS X 10.10-10.11YesDisabled by defaultDisabled by defaultDisabled by defaultLowest priorityDisabled by default
Secure Transport macOS 10.12YesDisabled by defaultDisabled by defaultDisabled by defaultDisabled by defaultDisabled by default
wolfSSLDisabled by default325NoNoNoDisabled by defaultNo
Erlang/OTP SSL applicationnoDisabled by defaultnonoDisabled by defaultno
ImplementationBlock cipher with mode of operationStream cipher
IDEA CBC326(insecure)327DES CBC(insecure)328DES-40 CBC(EXPORT, insecure)329RC2-40 CBC(EXPORT, insecure)330RC4-128(insecure)331RC4-40(EXPORT, insecure)332333
Notes

Supported elliptic curves

This section lists the supported elliptic curves by each implementation.

Defined curves in RFC 8446 (for TLS 1.3) and RFC 8422, 7027 (for TLS 1.2 and earlier)

applicable TLS versionTLS 1.3 and earlierTLS 1.2 and earlier
Implementationsecp256r1prime256v1NIST P-256(0x0017,334 23335)secp384r1NIST P-384(0x0018,336 24337)secp521r1NIST P-521(0x0019,338 25339)X25519(0x001D,340 29341)X448(0x001E,342 30343)brainpoolP256r1(26)344brainpoolP384r1(27)345brainpoolP512r1(28)346
BotanYesYesYesYes347NoYes348Yes349Yes350
BoringSSLYesYesYes (disabled by default)YesNoNoNoNo
BSAFEYesYesYesNoNoNoNoNo
GnuTLSYesYesYesYes351Yes352NoNoNo
JSSEYesYesYesYesx25519: JDK 13+353Ed25519:JDK 15+354Yesx448: JDK 13+355Ed448: JDK 15+356NoNoNo
LibreSSLYesYesYesYes357NoYes358Yes359Yes360
MatrixSSLYesYesYesTLS 1.3 only361NoYesYesYes
Mbed TLSYesYesYesPrimitive only362Primitive only363Yes364Yes365Yes366
NSSYesYesYesYes367No368369No370No371No372
OpenSSLYesYesYesYes373374Yes375376Yes377Yes378Yes379
RustlsYesYesNoYesNoNoNoNo
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10YesYesYesNoNoNoNoNo
Secure TransportYesYesYesNoNoNoNoNo
wolfSSLYesYesYesYes380Yes381YesYesYes
Erlang/OTP SSL applicationYesYesYesNoNoYesYesYes
Implementationsecp256r1prime256v1NIST P-256(0x0017, 23)secp384r1NIST P-384(0x0018, 24)secp521r1NIST P-521(0x0019, 25)X25519(0x001D, 29)X448(0x001E, 30)brainpoolP256r1(26)brainpoolP384r1(27)brainpoolP512r1(28)

Deprecated curves in RFC 8422

Implementationsect163k1NIST K-163(1)382sect163r1(2)383sect163r2NIST B-163(3)384sect193r1(4)385sect193r2(5)386sect233k1NIST K-233(6)387sect233r1NIST B-233(7)388sect239k1(8)389sect283k1NIST K-283(9)390sect283r1NIST B-283(10)391sect409k1NIST K-409(11)392sect409r1NIST B-409(12)393sect571k1NIST K-571(13)394sect571r1NIST B-571(14)395
BotanNoNoNoNoNoNoNoNoNoNoNoNoNoNo
BoringSSLNoNoNoNoNoNoNoNoNoNoNoNoNoNo
BSAFEYesNoYesNoNoYesYesNoYesYesYesYesYesYes
GnuTLSNoNoNoNoNoNoNoNoNoNoNoNoNoNo
JSSENotes396397Notes398399Notes400401Notes402403Notes404405Notes406407Notes408409Notes410411Notes412413Notes414415Notes416417Notes418419Notes420421Notes422423
LibreSSLYesYesYesYesYesYesYesYesYesYesYesYesYesYes
MatrixSSLNoNoNoNoNoNoNoNoNoNoNoNoNoNo
Mbed TLSNoNoNoNoNoNoNoNoNoNoNoNoNoNo
NSSYesYesYesYesYesYesYesYesYesYesYesYesYesYes
OpenSSLYesYesYesYesYesYesYesYesYesYesYesYesYesYes
RustlsNoNoNoNoNoNoNoNoNoNoNoNoNoNo
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10NoNoNoNoNoNoNoNoNoNoNoNoNoNo
Secure TransportNoNoNoNoNoNoNoNoNoNoNoNoNoNo
wolfSSLNoNoNoNoNoNoNoNoNoNoNoNoNoNo
Erlang/OTP SSL applicationYesYesYesYesYesYesYesYesYesYesYesYesYesYes
Implementationsect163k1NIST K-163(1)sect163r1(2)sect163r2NIST B-163(3)sect193r1(4)sect193r2(5)sect233k1NIST K-233(6)sect233r1NIST B-233(7)sect239k1(8)sect283k1NIST K-283(9)sect283r1NIST B-283(10)sect409k1NIST K-409(11)sect409r1NIST B-409(12)sect571k1NIST K-571(13)sect571r1NIST B-571(14)
Implementationsecp160k1(15)424secp160r1(16)425secp160r2(17)426secp192k1(18)427secp192r1prime192v1NIST P-192(19)428secp224k1(20)429secp224r1NIST P-244(21)430secp256k1(22)431arbitrary prime curves(0xFF01)432433arbitrary char2 curves(0xFF02)434435
BotanNoNoNoNoNoNoNoNoNoNo
BoringSSLNoNoNoNoNoNoYesNoNoNo
BSAFENoNoNoNoYesNoYesNoNoNo
GnuTLSNoNoNoNoYesNoYesNoNoNo
JSSENotes436437Notes438439Notes440441Notes442443Notes444445Notes446447Notes448449Notes450451NoNo
LibreSSLYesYesYesYesYesYesYesYesNoNo
MatrixSSLNoNoNoNoYesNoYesNoNoNo
Mbed TLSNoNoNoYesYesYesYesYesNoNo
NSSYesYesYesYesYesYesYesYesNoNo
OpenSSLYesYesYesYesYesYesYesYesNoNo
RustlsNoNoNoNoNoNoNoNoNoNo
Schannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10NoNoNoNoNoNoNoNoNoNo
Secure TransportNoNoNoNoYesNoNoNoNoNo
wolfSSLYesYesYesYesYesYesYesYesNoNo
Erlang/OTP SSL applicationYesYesYesYesYesYesYesYesNoNo
Implementationsecp160k1(15)secp160r1(16)secp160r2(17)secp192k1(18)secp192r1prime192v1NIST P-192(19)secp224k1(20)secp224r1NIST P-244(21)secp256k1(22)arbitrary prime curves(0xFF01)arbitrary char2 curves(0xFF02)
Notes

Data integrity

ImplementationHMAC-MD5HMAC-SHA1HMAC-SHA256/384AEADGOST 28147-89 IMIT452GOST R 34.11-94453
BotanNoYesYesYesNoNo
BSAFEYesYesYesYesNoNo
cryptlibYesYesYesYesNoNo
GnuTLSYesYesYesYesNoNo
JSSEDisabled by DefaultYesYesYesNoNo
LibreSSLYesYesYesYesYes454Yes455
MatrixSSLYesYesYesYesNoNo
Mbed TLSYesYesYesYesNoNo
NSSYesYesYesYesNo456457No458459
OpenSSLYesYesYesYesYes460Yes461
RustlsNoNoNoYesNoNo
Schannel XP/2003, Vista/2008YesYesXP SP3, 2003 SP2 via hotfix462NoNo463No464
Schannel 7/2008R2, 8/2012, 8.1/2012R2YesYesYesexcept ECDHE_RSA465466467No468No469
Schannel 10YesYesYesYes470No471No472
Secure TransportYesYesYesYesNoNo
wolfSSLYesYesYesYesNoNo
Erlang/OTP SSL applicationYesYesYesYesNoNo
ImplementationHMAC-MD5HMAC-SHA1HMAC-SHA256/384AEADGOST 28147-89 IMITGOST R 34.11-94

Compression

Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.

ImplementationDEFLATE473(insecure)
BotanNo
BSAFE474No
cryptlibNo
GnuTLSDisabled by default
JSSENo
LibreSSLNo475
MatrixSSLDisabled by default
Mbed TLSDisabled by default
NSSDisabled by default
OpenSSLDisabled by default
RustlsNo
SchannelNo
Secure TransportNo
wolfSSLDisabled by default
Erlang/OTP SSL applicationNo
ImplementationDEFLATE

Extensions

In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security . TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.

ImplementationSecure Renegotiation476Server Name Indication477ALPN478Certificate Status Request479OpenPGP480Supplemental Data481Session Ticket482Keying Material Exporter483Maximum Fragment Length484Encrypt-then-MAC485TLS Fallback SCSV486Extended Master Secret487ClientHello Padding488Raw Public Keys489
BotanYesYesYes490NoNoNoYesYesYesYesYes491Yes492NoUn­known
BSAFE SSL-JYesYesNoYesNoNoNoNoYesNoNoYesNoNo
cryptlibYesYesNoNoNoYesNoNoNo493YesYesYesNoUn­known
GnuTLSYesYesYes494YesNo495YesYesYesYesYes496Yes497Yes498Yes499Yes500
JSSEYesYes501Yes502YesNoNoYesNoYesNoNoYesNoNo
LibreSSLYesYesYes503YesNoNo?YesYes?NoNoServer side only504NoYesNo
MatrixSSLYesYesYes505Yes506NoNoYesNoYesNoYes507Yes508NoUn­known
Mbed TLSYesYesYes509NoNoNoYesNoYesYes510Yes511Yes512NoNo
NSSYesYesYes513YesNo514NoYesYesNoNo515Yes516Yes517Yes518Un­known
OpenSSLYesYesYes519YesNoNo?YesYesYesYesYes520Yes521Yes522Yes523
RustlsYesYesYesYesNoNoYesYesNoNoNo 524YesNoUn­known
Schannel XP/2003NoNoNoNoNoYesNoNoNoNoNoNoNoUn­known
Schannel Vista/2008YesYesNoNoNoYesNoNoNoNoNoYes525NoUn­known
Schannel 7/2008R2YesYesNoYesNoYesNoNoNoNoNoYes526NoUn­known
Schannel 8/2012YesYesNoYesNoYesClient side only527NoNoNoNoYes528NoUn­known
Schannel 8.1/2012R2, 10YesYesYesYesNoYesYes529NoNoNoNoYes530NoUn­known
Secure TransportYesYesUn­knownNoNoYesNoNoNoNoNoNoNoUn­known
wolfSSLYesYesYes531YesNoNoYesNoYesYes532NoYesNoYes533
Erlang/OTP SSL applicationYesYesYesNoNoNoNoNoNoNoYesNoNoUn­known
ImplementationSecure RenegotiationServer Name IndicationALPNCertificate Status RequestOpenPGPSupplemental DataSession TicketKeying Material ExporterMaximum Fragment LengthEncrypt-then-MACTLS Fallback SCSVExtended Master SecretClientHello PaddingRaw Public Keys

Assisted cryptography

This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.

ImplementationPKCS #11 deviceIntel AES-NIVIA PadLockARMv8-AIntel SHANXP CAAMTPM 2.0NXP SE050Microchip ATECCSTMicro STSAFEMaxim MAXQ
BotanYes534YesNoYesNoYes535NoNoNoNo
BSAFE SSL-J 536537YesYesNoYesYesNoNo538NoNoNoNo
cryptlibYesYesYesNoNoNoNoNo
Crypto++YesYesNoNoNoNo
GnuTLSYesYesYesYes539YesNo540NoNoNoNo
JSSEYesYes541NoNoNoNoNoNoNo
LibreSSLNoYesYesNoNoNoNoNo
MatrixSSLYesYesNoYesNoNoNoNoNo
Mbed TLSYesYes542YesNoNoPartial543Yes544NoNo
NSSYes545Yes546No547NoNoNoNoNoNo
OpenSSLYes548549550YesYesYes551YesPartialPartial552553Partial554NoPartial555No
RustlsYesYesYesNoNoNoNo
SchannelNoYesNoNoNoNoNoNoNo
Secure TransportNoYes556557NoYesNoNoNoNoNo
wolfSSLYesYesNoYesYes558Yes559560Yes561Yes562Yes563Yes564
ImplementationPKCS #11 deviceIntel AES-NIVIA PadLockARMv8-AIntel SHANXP CAAMTPM 2.0NXP SE050Microchip ATECCSTMicro STSAFEMaxim MAXQ

System-specific backends

This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.

Implementation/dev/cryptoaf_algWindows CSPCommonCryptoOpenSSL engine
BotanNoNoNoNoPartial
BSAFENoNoNoNoNo
cryptlibNoNoNoNoNo
GnuTLSYesYesNoNoNo
JSSENoNoYesNoNo
LibreSSLNoNoNoNoNo565
MatrixSSLNoNoNoYesYes
Mbed TLSNoNoNoNoNo
NSSNoNoNoNoNo
OpenSSLYesYesNoNoYes
RustlsNoYes 566NoNoNo
SchannelNoNoYesNoNo
Secure TransportNoNoNoYesNo
wolfSSLYesYesPartialNoYes567
Erlang/OTP SSL applicationNoNoNoNoYes
Implementation/dev/cryptoaf_algWindows CSPCommonCryptoOpenSSL engine

Cryptographic module/token support

ImplementationTPM supportHardware token supportObjects identified via
BotanPartial568PKCS #11
BSAFE SSL-JNoNo
cryptlibNoPKCS #11User-defined label
GnuTLSYesPKCS #11RFC 7512 PKCS #11 URLs569
JSSENoPKCS11 Java Cryptography Architecture,Java Cryptography Extension
LibreSSLYesPKCS #11 (via 3rd party module)Custom method
MatrixSSLNoPKCS #11
Mbed TLSNoPKCS #11 (via libpkcs11-helper) or standard hooksCustom method
NSSNoPKCS #11
OpenSSLYesPKCS #11 (via 3rd party module)570RFC 7512 PKCS #11 URLs571
RustlsNoMicrosoft CryptoAPI 572Custom method
SchannelNoMicrosoft CryptoAPIUUID, User-defined label
Secure Transport
wolfSSLYesPKCS #11
ImplementationTPM supportHardware token supportObjects identified via

Code dependencies

ImplementationDependenciesOptional dependencies
BotanC++20SQLitezlib (compression)bzip2 (compression)liblzma (compression)boosttrousers (TPM)
GnuTLSlibcnettlegmpzlib (compression)p11-kit (PKCS #11)trousers (TPM)libunbound (DANE)
JSSEJava
MatrixSSLnonezlib (compression)
MatrixSSL-openlibc or newlib
Mbed TLSlibclibpkcs11-helper (PKCS #11)zlib (compression)
NSSlibclibnspr4libsoftokn3libplc4libplds4zlib (compression)
Rustlsrust core libraryrust std libraryzlib-rs (compression)brotli (compression)ring (cryptography)aws-lc-rs (cryptography)
OpenSSLlibczlib (compression)brotli (compression)zstd (compression)
wolfSSLNonelibczlib (compression)
Erlang/OTP SSL applicationlibcrypto (from OpenSSL), Erlang/OTP and its public_key, crypto and asn1 applicationsErlang/OTP -inets (http fetching of CRLs)
ImplementationDependenciesOptional dependencies

Development environment

ImplementationNamespaceBuild toolsAPI manualCrypto back-endOpenSSL compatibility Layer[clarify]
BotanBotan::TLSMakefileSphinxIncluded (pluggable)No
Bouncy Castleorg.bouncycastleJava Development EnvironmentProgrammers reference manual (PDF)Included (pluggable)No
BSAFE SSL-Jcom.rsa.asn1[a]

com.rsa.certj[b]com.rsa.jcp[c]com.rsa.jsafe[d]com.rsa.ssl[e]com.rsa.jsse[f]

Java class loaderJavadoc, Developer's guide (HTML)IncludedNo
cryptlibcrypt*makefile, MSVC project workspacesProgrammers reference manual (PDF), architecture design manual (PDF)Included (monolithic)No
GnuTLSgnutls_*Autoconf, automake, libtoolManual and API reference (HTML, PDF)External, libnettleYes (limited)
JSSEjavax.net.ssl

sun.security.ssl

MakefileAPI Reference (HTML) +

JSSE Reference Guide

Java Cryptography Architecture,Java Cryptography ExtensionNo
MatrixSSLmatrixSsl_*

ps*

Makefile, MSVC project workspaces, Xcode projects for OS X and iOSAPI Reference (PDF), Integration GuideIncluded (pluggable)Yes (Subset: SSL_read, SSL_write, etc.)
Mbed TLSmbedtls_ssl_*

mbedtls_sha1_*mbedtls_md5_*mbedtls_x509*...

Makefile, CMake, MSVC project workspaces, yottaAPI Reference + High Level and Module Level Documentation (HTML)Included (monolithic)No
NSSCERT_*

SEC_*SECKEY_*NSS_*PK11_*SSL_*...

MakefileManual (HTML)Included, PKCS#11 based573Yes (separate package called nss_compat_ossl574)
OpenSSLSSL_*

SHA1_*MD5_*EVP_*...

MakefileMan pagesIncluded (monolithic)
Rustlsrustls::cargoAPI reference and design manualTwo options included (pluggable)Yes575 (subset)
wolfSSLwolfSSL_*

CyaSSL_*SSL_*

Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC, e2StudioManual and API Reference (HTML, PDF)Included (monolithic)Yes (about 60% of API)
ImplementationNamespaceBuild toolsAPI manualCrypto back-endOpenSSL compatibility layer
  1. ^ ASN.1 manipulation classes
  2. ^ Cert-J proprietary API
  3. ^ Certificate Path manipulation classes
  4. ^ Crypto-J proprietary API, JCE, CMS and PKI
    5. API
  5. ^ SSLJ proprietary API
  6. ^ JSSE API

Portability concerns

ImplementationPlatform requirementsNetwork requirementsThread safetyRandom seedAble to cross-compileNo OS (bare metal)Supported operating systems
BotanC++11NoneThread-safePlatform-dependentYesWindows, Linux, macOS, Android, iOS, FreeBSD, OpenBSD, Solaris, AIX, HP-UX, QNX, BeOS, IncludeOS
BSAFE SSL-JJavaJava SE network componentsThread-safeDepends on java.security.SecureRandomYesNoFreeBSD, Linux, macOS, Microsoft Windows, Android, AIX, Solaris
cryptlibC89POSIX send() and recv(). API to supply your own replacementThread-safePlatform-dependent, including hardware sourcesYesYesAMX, BeOS, ChorusOS, DOS, eCos, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK
GnuTLSC89POSIX send() and recv(). API to supply your own replacement.Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available.Platform dependentYesNoGenerally any POSIX platforms or Windows, commonly tested platforms include Linux, Win32/64, macOS, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
JSSEJavaJava SE network componentsThread-safeDepends on java.security.SecureRandomYesJava based, platform-independent
MatrixSSLC89NoneThread-safePlatform dependentYesYesAll
Mbed TLSC89POSIX read() and write(). API to supply your own replacement.Threading layer available (POSIX or own hooks)Random seed set through entropy poolYesYesKnown to work on: Win32/64, Linux, macOS, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, eCos, SeggerOS, RISC OS
NSSC89, NSPR576NSPR577 PR_Send() and PR_Recv(). API to supply your own replacement.Thread-safePlatform dependent578Yes (but cumbersome)NoAIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, macOS, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation
RustlsRust (programming language)NoneThread-safePlatform dependentYesYesAll supported by Rust (programming language)
OpenSSLC89NoneThread-safePlatform dependentYesNoUnix-like, DOS (with djgpp), Windows, OpenVMS, NetWare, eCos
wolfSSLC89POSIX send() and recv(). API to supply your own replacement.Thread-safeRandom seed set through wolfCryptYesYesWin32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Yocto Project, OpenEmbedded, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/μITRON, eCos, Micrium μC/OS-III, FreeRTOS, SafeRTOS, NXP/Freescale MQX, Nucleus, TinyOS, HP/UX, AIX, ARC MQX, Keil RTX, TI-RTOS, uTasker, embOS, INtime, Mbed, uT-Kernel, RIOT, CMSIS-RTOS, FROSTED, Green Hills INTEGRITY, TOPPERS, PetaLinux, Apache mynewt
ImplementationPlatform requirementsNetwork requirementsThread safetyRandom seedAble to cross-compileNo OS (bare metal)Supported operating systems

See also

  • SCTP — with DTLS support
  • DCCP — with DTLS support
  • SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)

References

  1. "Botan: Release Notes". Retrieved 2025-01-22. https://botan.randombit.net/#releases

  2. "Download Bouncy Castle for Java - bouncycastle.org". 2025-01-14. Retrieved 2025-02-16. https://www.bouncycastle.org/download/bouncy-castle-java/

  3. "Download Bouncy Castle for Java LTS - bouncycastle.org". 2024-11-08. Retrieved 2024-11-29. https://www.bouncycastle.org/download/bouncy-castle-java-lts/

  4. "Download Bouncy Castle for Java FIPS - bouncycastle.org". 2024-07-30. Retrieved 2024-11-29. https://www.bouncycastle.org/download/bouncy-castle-java-fips/

  5. "Download Bouncy Castle for C# .NET - bouncycastle.org". 2025-02-14. Retrieved 2024-02-16. https://www.bouncycastle.org/download/bouncy-castle-c/

  6. "Download Bouncy Castle for C# .NET FIPS - bouncycastle.org". 2024-03-11. Retrieved 2024-11-29. https://www.bouncycastle.org/download/bouncy-castle-c-fips/

  7. "Dell BSAFE SSL-J 6.6 Release Advisory". Dell. https://www.dell.com/support/kbdoc/000226622/dell-bsafe-ssl-j-6-6-release-advisory

  8. "Dell BSAFE SSL-J 7.3.1 Release Advisory". Dell. https://www.dell.com/support/kbdoc/000233524/dell-bsafe-ssl-j-7-3-1-release-advisory

  9. "Dell BSAFE Micro Edition Suite 5.0.3 Release Advisory". https://www.dell.com/support/kbdoc/000254066

  10. Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07. /wiki/Peter_Gutmann_(computer_scientist)

  11. Daiki Ueno (8 February 2025). https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html. Retrieved 13 February 2025. {{cite web}}: Missing or empty |title= (help) https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html

  12. "Java™ SE Development Kit 23, 23.0.1 Release Notes". Oracle Corporation. Retrieved 2024-10-16. https://www.oracle.com/java/technologies/javase/23-0-1-relnotes.html

  13. "Java™ SE Development Kit 21, 21.0.5 Release Notes". Oracle Corporation. Retrieved 2024-10-16. https://www.oracle.com/java/technologies/javase/21-0-5-relnotes.html

  14. "Java™ SE Development Kit 17, 17.0.13 Release Notes". Oracle Corporation. Retrieved 2024-10-16. https://www.oracle.com/java/technologies/javase/17-0-13-relnotes.html

  15. "Java™ SE Development Kit 11, 11.0.25 Release Notes". Oracle Corporation. Retrieved 2024-10-16. https://www.oracle.com/java/technologies/javase/11-0-25-relnotes.html

  16. "Java™ SE Development Kit 8, Update 431 Release Notes". Oracle Corporation. Retrieved 2024-10-16. https://www.oracle.com/java/technologies/javase/8u431-relnotes.html

  17. "LibreSSL 4.0.0 Released". 14 October 2024. Retrieved 15 October 2024. https://marc.info/?l=openbsd-announce&m=172897399729957&w=2

  18. The features listed are for the closed source version

  19. "MatrixSSL 4.2.2 Open release". 2019-09-11. Retrieved 2020-03-20. https://github.com/matrixssl/matrixssl/releases/tag/4-2-2-open

  20. "Release 3.6.3". 24 March 2025. Retrieved 27 March 2025. https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3

  21. "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022. https://wiki.mozilla.org/NSS:Release_Versions

  22. "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022. https://wiki.mozilla.org/NSS:Release_Versions

  23. Apache-2.0 for OpenSSL 3.0 and later releases. OpenSSL-SSLeay dual-license for any release before OpenSSL 3.0. /wiki/OpenSSL_license#Licensing

  24. "OpenSSL 3.4.1". 11 February 2025. Retrieved 11 February 2025. https://github.com/openssl/openssl/releases/tag/openssl-3.4.1

  25. "rustls/rustls releases". Github. Retrieved 1 April 2025. https://github.com/rustls/rustls/releases

  26. "wolfSSL product description". Retrieved 2016-05-03. https://www.wolfssl.com/wolfSSL/Products-wolfssl.html

  27. "wolfSSL Embedded SSL/TLS". Retrieved 2016-05-03. https://www.wolfssl.com

  28. "wolfSSL ChangeLog". 2024-12-31. Retrieved 2024-12-31. https://www.wolfssl.com/docs/wolfssl-changelog/

  29. Prohibiting Secure Sockets Layer (SSL) Version 2.0. doi:10.17487/RFC6176. RFC 6176. https://datatracker.ietf.org/doc/html/rfc6176

  30. Vaudenay, Serge (2001). "CBC-Padding: Security Flaws in SSL, IPsec, WTLS,..." (PDF). http://infoscience.epfl.ch/record/52417/files/IC_TECH_REPORT_200150.pdf

  31. Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security. doi:10.17487/RFC7366. RFC 7366. https://datatracker.ietf.org/doc/html/rfc7366

  32. "Rizzo/Duong BEAST Countermeasures". Archived from the original on 2016-03-11. https://web.archive.org/web/20160311153448/https://educatedguesswork.org/2011/11/rizzoduong_beast_countermeasur.html

  33. Möller, Bodo; Duong, Thai; Kotowicz, Krzysztof (September 2014). "This POODLE Bites: Exploiting The SSL 3.0 Fallback" (PDF). Archived from the original (PDF) on 15 October 2014. Retrieved 15 October 2014. https://web.archive.org/web/20141015204410/https://www.openssl.org/~bodo/ssl-poodle.pdf

  34. "TLSv1.2's Major Differences from TLSv1.1". The Transport Layer Security (TLS) Protocol Version 1.2. sec. 1.2. doi:10.17487/RFC5246. RFC 5246. https://datatracker.ietf.org/doc/html/rfc5246#section-1.2

  35. RFC 6347. doi:10.17487/RFC6347. https://datatracker.ietf.org/doc/html/rfc6347

  36. Elgamal, Taher; Hickman, Kipp E. B. (19 April 1995). The SSL Protocol. I-D draft-hickman-netscape-ssl-00. https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00

  37. RFC 6101. doi:10.17487/RFC6101. https://datatracker.ietf.org/doc/html/rfc6101

  38. RFC 2246. doi:10.17487/RFC2246. https://datatracker.ietf.org/doc/html/rfc2246

  39. RFC 4346. doi:10.17487/RFC4346. https://datatracker.ietf.org/doc/html/rfc4346

  40. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  41. RFC 4347. doi:10.17487/RFC4347. https://datatracker.ietf.org/doc/html/rfc4347

  42. RFC 6347. doi:10.17487/RFC6347. https://datatracker.ietf.org/doc/html/rfc6347

  43. "Version 1.11.13, 2015-01-11 — Botan". 2015-01-11. Archived from the original on 2015-01-09. Retrieved 2015-01-16. https://web.archive.org/web/20150109154102/http://botan.randombit.net/relnotes/1_11_13.html

  44. "RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09. https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf

  45. As of SSL-J 7.0, support for TLS 1.0 and 1.1 has been removed

  46. As of SSL-J 7.0, support for TLS 1.0 and 1.1 has been removed

  47. SSL 2.0 client hello is supported for backward compatibility reasons even though SSL 2.0 is not supported.

  48. "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html

  49. "[gnutls-devel] GnuTLS 3.6.3". 2018-07-16. Retrieved 2018-09-16. https://lists.gnupg.org/pipermail/gnutls-devel/2018-July/008584.html

  50. SSL 2.0 client hello is supported for backward compatibility reasons even though SSL 2.0 is not supported.

  51. "Java SE Development Kit 8, Update 31 Release Notes". Retrieved 2024-01-14. https://www.oracle.com/java/technologies/javase/8u31-relnotes.html

  52. "Release Note: Disable TLS 1.0 and 1.1". Retrieved 2024-01-14. https://bugs.openjdk.org/browse/JDK-8256490

  53. "Release Note: Disable TLS 1.0 and 1.1". Retrieved 2024-01-14. https://bugs.openjdk.org/browse/JDK-8256490

  54. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  55. "LibreSSL 2.3.0 Released". 2015-09-23. Retrieved 2015-09-24. https://marc.info/?l=openbsd-announce&m=144304330731220

  56. "LibreSSL 3.3.3 Released". 2021-05-04. Retrieved 2021-05-04. https://marc.info/?l=openbsd-announce&m=162009196519308

  57. "MatrixSSL - News". Archived from the original on 2015-02-14. Retrieved 2014-11-09. https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html

  58. "Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog

  59. "Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog

  60. "Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog

  61. "mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14. https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released

  62. "mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14. https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released

  63. Server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages."NSS 3.24 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2016-08-26. Retrieved 2016-06-19. https://web.archive.org/web/20160826100711/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes

  64. "NSS 3.19 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2015-06-05. Retrieved 2015-05-06. https://web.archive.org/web/20150605054647/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

  65. "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27. https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes

  66. "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10. https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes

  67. "NSS 3.39 release notes". Mozilla Developer Network. Mozilla. 2018-08-31. Archived from the original on 2021-12-07. Retrieved 2018-09-15. https://web.archive.org/web/20211207014212/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes#Notable_Changes_in_NSS_3.39

  68. "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27. https://web.archive.org/web/20130117130029/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14_release_notes

  69. "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Archived from the original on 2021-12-07. Retrieved 2014-06-30. https://web.archive.org/web/20211207015257/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes

  70. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  71. "Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012-03-14. Archived from the original on December 5, 2014. Retrieved 2015-01-20. https://web.archive.org/web/20141205180836/http://www.openssl.org/news/openssl-1.0.1-notes.html

  72. "Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012-03-14. Archived from the original on December 5, 2014. Retrieved 2015-01-20. https://web.archive.org/web/20141205180836/http://www.openssl.org/news/openssl-1.0.1-notes.html

  73. "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html

  74. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  75. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  76. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  77. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  78. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  79. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  80. "S2N Readme". GitHub. 2019-12-21. https://github.com/awslabs/s2n/blob/master/README.md

  81. "TLS Cipher Suites (Windows)". msdn.microsoft.com. 14 July 2023. http://msdn.microsoft.com/en-us/library/aa380512.aspx

  82. "TLS Cipher Suites in Windows Vista (Windows)". msdn.microsoft.com. 25 October 2021. http://msdn.microsoft.com/en-us/library/ff468651.aspx

  83. "TLS Cipher Suites in Windows Vista (Windows)". msdn.microsoft.com. 25 October 2021. http://msdn.microsoft.com/en-us/library/ff468651.aspx

  84. "Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023. http://msdn.microsoft.com/en-us/library/aa374757.aspx

  85. "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012. http://support.microsoft.com/kb/2574819/en-us

  86. "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012. http://support.microsoft.com/kb/2574819/en-us

  87. "Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023. http://msdn.microsoft.com/en-us/library/aa374757.aspx

  88. "Cipher Suites in TLS/SSL (Schannel SSP) (Windows)". msdn.microsoft.com. 14 July 2023. http://msdn.microsoft.com/en-us/library/aa374757.aspx

  89. "Protocols in TLS/SSL (Schannel SSP)". Microsoft. 2022-05-25. Retrieved 2023-11-18. https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

  90. "Protocols in TLS/SSL (Schannel SSP)". 25 May 2022. Retrieved 6 November 2022. https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

  91. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. https://developer.apple.com/library/ios/technotes/tn2287/

  92. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. https://developer.apple.com/library/ios/technotes/tn2287/

  93. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. https://developer.apple.com/library/ios/technotes/tn2287/

  94. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. https://developer.apple.com/library/ios/technotes/tn2287/

  95. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. https://developer.apple.com/library/ios/technotes/tn2287/

  96. Secure Transport: SSL 2.0 was discontinued in OS X 10.8. SSL 3.0 was discontinued in OS X 10.11 and iOS 9.TLS 1.1, 1.2 and DTLS are available on iOS 5.0 and later, and OS X 10.9 and later."Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03. https://developer.apple.com/library/ios/technotes/tn2287/

  97. "@badger: the 1.3 stuff is apparently in iOS 11 and macOS 10.13". 2018-03-09. Retrieved 2018-03-09. https://twitter.com/bagder/status/972234259774820352

  98. "[wolfssl] wolfSSL 3.6.6 Released". 2015-08-20. Retrieved 2015-08-24. http://wolfssl.com/wolfSSL/Blog/Entries/2015/8/24_wolfSSL_3.6.6_is_Now_Available.html

  99. "[wolfssl] wolfSSL 3.13.0 Released". 2017-12-21. Retrieved 2022-01-17. https://www.wolfssl.com/wolfssl-3-13-0-now-available/

  100. "Erlang -- Standards Compliance". https://www.erlang.org/doc/apps/ssl/standards_compliance.html

  101. Since OTP 22

  102. Since OTP 23

  103. Since OTP 22

  104. Since OTP 22

  105. "Erlang OTP SSL application TLS 1.3 compliance table". https://www.erlang.org/doc/apps/ssl/standards_compliance.html#tls-1.3

  106. Since OTP 22

  107. Elgamal, Taher; Hickman, Kipp E. B. (19 April 1995). The SSL Protocol. I-D draft-hickman-netscape-ssl-00. https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00

  108. RFC 6101. doi:10.17487/RFC6101. https://datatracker.ietf.org/doc/html/rfc6101

  109. RFC 2246. doi:10.17487/RFC2246. https://datatracker.ietf.org/doc/html/rfc2246

  110. RFC 4346. doi:10.17487/RFC4346. https://datatracker.ietf.org/doc/html/rfc4346

  111. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  112. RFC 4347. doi:10.17487/RFC4347. https://datatracker.ietf.org/doc/html/rfc4347

  113. RFC 6347. doi:10.17487/RFC6347. https://datatracker.ietf.org/doc/html/rfc6347

  114. "RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09. https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf

  115. "Security Enhancements in JDK 8". docs.oracle.com. http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html

  116. "Bug 663320 - (NSA-Suite-B-TLS) Implement RFC6460 (NSA Suite B profile for TLS)". Mozilla. Retrieved 2014-05-19. https://bugzilla.mozilla.org/show_bug.cgi?id=663320

  117. "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html

  118. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  119. "Introducing Compliance to Suite B Cryptography". 18 September 2012. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd566200(v=ws.10)

  120. "Speeds and Feeds › Secure or Compliant, Pick One". Archived from the original on December 27, 2013. https://web.archive.org/web/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/

  121. "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. Archived from the original on 2014-12-26. Retrieved 2014-03-18. https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

  122. ""Is botan FIPS 140 certified?" Frequently Asked Questions — Botan". Archived from the original on 2014-11-29. Retrieved 2014-11-16. https://web.archive.org/web/20141129042131/http://botan.randombit.net/faq.html?highlight=fips#is-botan-fips-140-certified

  123. "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov. 11 October 2016. https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search

  124. "cryptlib". 11 October 2013. Archived from the original on 11 October 2013. https://web.archive.org/web/20131011085917/http://www.cs.auckland.ac.nz/~pgut001/cryptlib/faq.html#Q8

  125. "B.5 Certification". GnuTLS 3.7.7. Retrieved 26 September 2022. https://www.gnutls.org/manual/gnutls.html#Certification

  126. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  127. "Matrix SSL Toolkit" (PDF). http://cdn2.hubspot.net/hub/327778/file-618993629-pdf/Matrix+SSL-3.pdf

  128. "Is mbed TLS FIPS certified? - Mbed TLS documentation". Mbed TLS documentation. https://mbed-tls.readthedocs.io/en/latest/kb/generic/is-mbedtls-fips-certified/

  129. "FIPS Validation - MozillaWiki". wiki.mozilla.org. https://wiki.mozilla.org/FIPS_Validation

  130. with Sun Sparc 5 w/ Sun Solaris v 2.4SE (ITSEC-rated) /wiki/Sparc

  131. with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated) /wiki/Ultra_5/10

  132. with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1 /wiki/Solaris_(operating_system)

  133. with these platforms; Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU, Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU /wiki/Red_Hat_Enterprise_Linux

  134. with these platforms; Red Hat Enterprise Linux v5 running on an IBM System x3550, Red Hat Enterprise Linux v5 running on an HP ProLiant DL145, Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation, Sun Solaris 10 5/08 running on a Sun W2100z workstation /wiki/Red_Hat_Enterprise_Linux

  135. "OpenSSL and FIPS 140-2". Archived from the original on 2013-05-28. Retrieved 2014-11-15. https://web.archive.org/web/20130528170840/http://www.openssl.org/docs/fips/fipsnotes.html

  136. "rustls FIPS documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_06_fips/index.html

  137. "Microsoft FIPS 140 Validated Cryptographic Modules". https://technet.microsoft.com/en-us/library/security/cc750357.aspx#_Microsoft_FIPS_140

  138. "wolfCrypt FIPS 140-2 Information - wolfSSL Embedded SSL/TLS Library". http://www.wolfssl.com/yaSSL/fips.html

  139. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  140. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  141. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  142. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  143. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  144. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  145. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  146. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  147. GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04

  148. "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html

  149. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  150. "LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141809396501638

  151. "NSS 3.20 release notes". Mozilla. 2015-08-19. Archived from the original on 2021-12-07. Retrieved 2015-08-20. https://web.archive.org/web/20211207015903/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes

  152. Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=518787

  153. Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=608725

  154. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  155. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  156. "OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost

  157. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  158. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  159. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  160. "Microsoft Security Advisory 3174644". 14 October 2022. https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644

  161. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  162. "Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014. https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC

  163. Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014. http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/

  164. "Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2". support.microsoft.com. https://support.microsoft.com/en-us/topic/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities-in-windows-8-1-and-windows-server-2012-r2-8e395e43-c8ef-27d8-b60c-0fc57d526d94

  165. "Microsoft Security Advisory 3174644". 14 October 2022. https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644

  166. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  167. "Microsoft Security Advisory 3174644". 14 October 2022. https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644

  168. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  169. "Microsoft Security Advisory 3174644". 14 October 2022. https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644

  170. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  171. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  172. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  173. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  174. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  175. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  176. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  177. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  178. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  179. GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04

  180. RFC 5054. doi:10.17487/RFC5054. https://datatracker.ietf.org/doc/html/rfc5054

  181. RFC 5054. doi:10.17487/RFC5054. https://datatracker.ietf.org/doc/html/rfc5054

  182. RFC 5054. doi:10.17487/RFC5054. https://datatracker.ietf.org/doc/html/rfc5054

  183. RFC 4279. doi:10.17487/RFC4279. https://datatracker.ietf.org/doc/html/rfc4279

  184. RFC 4279. doi:10.17487/RFC4279. https://datatracker.ietf.org/doc/html/rfc4279

  185. RFC 4279. doi:10.17487/RFC4279. https://datatracker.ietf.org/doc/html/rfc4279

  186. RFC 5489. doi:10.17487/RFC5489. https://datatracker.ietf.org/doc/html/rfc5489

  187. RFC 2712. doi:10.17487/RFC2712. https://datatracker.ietf.org/doc/html/rfc2712

  188. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  189. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  190. "RSA BSAFE SSL-J 6.2.4 Release Notes". 2018-09-05. Archived from the original on 2018-09-10. https://web.archive.org/web/20180910204318/https://community.rsa.com/docs/DOC-95884

  191. "LibreSSL 2.0.4 released". Retrieved 2014-08-04. https://marc.info/?l=openbsd-tech&m=140710904403657

  192. "LibreSSL 2.0.4 released". Retrieved 2014-08-04. https://marc.info/?l=openbsd-tech&m=140710904403657

  193. "LibreSSL 2.0.4 released". Retrieved 2014-08-04. https://marc.info/?l=openbsd-tech&m=140710904403657

  194. "Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id=405155

  195. "Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id=405155

  196. "Bug 405155 - add support for TLS-SRP, rfc5054". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id=405155

  197. "Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id6435

  198. "Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id6435

  199. "Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id6435

  200. "Bug 306435 - Mozilla browsers should support the new IETF TLS-PSK protocol to help reduce phishing". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id6435

  201. "Bug 1170510 - Implement NSS server side support for DH_anon". Mozilla. Retrieved 2015-06-03. https://bugzilla.mozilla.org/show_bug.cgi?id=1170510

  202. "Bug 236245 - Update ECC/TLS to conform to RFC 4492". Mozilla. Retrieved 2014-06-09. https://bugzilla.mozilla.org/show_bug.cgi?id=236245

  203. "Changes between 0.9.6h and 0.9.7 [31 Dec 2002]". Retrieved 2016-01-29. https://www.openssl.org/news/changelog.html#x58

  204. "Changes between 0.9.8n and 1.0.0 [29 Mar 2010]". Retrieved 2016-01-29. https://www.openssl.org/news/changelog.html#x29

  205. "Changes between 0.9.8n and 1.0.0 [29 Mar 2010]". Retrieved 2016-01-29. https://www.openssl.org/news/changelog.html#x29

  206. "wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016)". 2016-03-18. Retrieved 2016-04-05. https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

  207. RFC 5054. doi:10.17487/RFC5054. https://datatracker.ietf.org/doc/html/rfc5054

  208. RFC 5054. doi:10.17487/RFC5054. https://datatracker.ietf.org/doc/html/rfc5054

  209. RFC 5054. doi:10.17487/RFC5054. https://datatracker.ietf.org/doc/html/rfc5054

  210. RFC 4279. doi:10.17487/RFC4279. https://datatracker.ietf.org/doc/html/rfc4279

  211. RFC 4279. doi:10.17487/RFC4279. https://datatracker.ietf.org/doc/html/rfc4279

  212. RFC 4279. doi:10.17487/RFC4279. https://datatracker.ietf.org/doc/html/rfc4279

  213. RFC 5489. doi:10.17487/RFC5489. https://datatracker.ietf.org/doc/html/rfc5489

  214. RFC 2712. doi:10.17487/RFC2712. https://datatracker.ietf.org/doc/html/rfc2712

  215. RFC 5246. doi:10.17487/RFC5246. https://datatracker.ietf.org/doc/html/rfc5246

  216. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  217. RFC 5280. doi:10.17487/RFC5280. https://datatracker.ietf.org/doc/html/rfc5280

  218. RFC 3280. doi:10.17487/RFC3280. https://datatracker.ietf.org/doc/html/rfc3280

  219. RFC 2560. doi:10.17487/RFC2560. https://datatracker.ietf.org/doc/html/rfc2560

  220. RFC 6698. doi:10.17487/RFC6698. https://datatracker.ietf.org/doc/html/rfc6698

  221. RFC 7218. doi:10.17487/RFC7218. https://datatracker.ietf.org/doc/html/rfc7218

  222. Laurie, B.; Langley, A.; Kasper, E. (June 2013). Certificate Transparency. IETF. doi:10.17487/RFC6962. ISSN 2070-1721. RFC 6962. Retrieved 2020-08-31. /wiki/Ben_Laurie

  223. "MatrixSSL 3.8.3". Archived from the original on 2017-01-19. Retrieved 2017-01-18. https://web.archive.org/web/20170119052959/http://www.matrixssl.org/blog/releases/matrixssl_3_8_3

  224. "mbed TLS 2.0 defaults implement best practices". Retrieved 2017-01-18. https://tls.mbed.org/tech-updates/blog/mbedtls-2.0-defaults-best-practices

  225. "Bug 672600 - Use DNSSEC/DANE chain stapled into TLS handshake in certificate chain validation". Mozilla. Retrieved 2014-06-18. https://bugzilla.mozilla.org/show_bug.cgi?id=672600

  226. "CRL Validation · Issue #3499 · aws/s2n-tls". GitHub. Retrieved 2022-11-01. https://github.com/aws/s2n-tls/issues/3499

  227. "OCSP digest support for SHA-256 · Issue #2854 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01. https://github.com/aws/s2n-tls/issues/2854

  228. "[RFC 6962] s2n Client can Validate Signed Certificate Timestamp TLS Extension · Issue #457 · aws/s2n-tls · GitHub". GitHub. Retrieved 2022-11-01. https://github.com/aws/s2n-tls/issues/457

  229. "How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013. https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx

  230. "How Certificate Revocation Works". Microsoft TechNet. Microsoft. March 16, 2012. Retrieved July 10, 2013. https://technet.microsoft.com/en-us/library/ee619754(WS.10).aspx

  231. RFC 5288. doi:10.17487/RFC5288. RFC 5289. doi:10.17487/RFC5289. https://datatracker.ietf.org/doc/html/rfc5288

  232. RFC 6655, RFC 7251

  233. RFC 6367. doi:10.17487/RFC6367. https://datatracker.ietf.org/doc/html/rfc6367

  234. RFC 5932. doi:10.17487/RFC5932. https://datatracker.ietf.org/doc/html/rfc5932

  235. RFC 6367. doi:10.17487/RFC6367. https://datatracker.ietf.org/doc/html/rfc6367

  236. RFC 6209. doi:10.17487/RFC6209. https://datatracker.ietf.org/doc/html/rfc6209

  237. RFC 6209. doi:10.17487/RFC6209. https://datatracker.ietf.org/doc/html/rfc6209

  238. RFC 4162. doi:10.17487/RFC4162. https://datatracker.ietf.org/doc/html/rfc4162

  239. "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info. https://sweet32.info/

  240. GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04

  241. This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.

  242. RFC 7905. doi:10.17487/RFC7905. https://datatracker.ietf.org/doc/html/rfc7905

  243. authentication only, no encryption

  244. "Version 1.11.12, 2015-01-02 — Botan". 2015-01-02. Retrieved 2015-01-09. http://botan.randombit.net/relnotes/1_11_12.html

  245. "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html

  246. "gnutls 3.6.0". 2017-09-21. Retrieved 2018-01-07. https://lwn.net/Articles/731694/

  247. "gnutls 3.4.12". 2016-05-20. Archived from the original on 2016-10-13. Retrieved 2016-05-29. https://web.archive.org/web/20161013015630/http://permalink.gmane.org/gmane.network.gnutls.general/4131

  248. "Java SE DevelopmentK Kit 10 - 10.0.1 Release Notes". 2018-04-17. Retrieved 2024-01-14. https://www.oracle.com/java/technologies/javase/10-0-1-relnotes.html

  249. "JDK 12 Release Notes". Retrieved 2024-01-14. https://www.oracle.com/java/technologies/javase/12-relnote-issues.html

  250. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  251. "LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141809396501638

  252. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  253. "LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141809396501638

  254. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  255. "Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link‍] https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383

  256. "PolarSSL 1.3.8 release notes". Archived from the original on 2014-07-14. https://web.archive.org/web/20140714220749/https://polarssl.org/tech-updates/releases/polarssl-1.3.8-released

  257. "Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released". Retrieved 2018-08-30. https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released

  258. "Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released". Retrieved 2018-08-30. https://tls.mbed.org/tech-updates/releases/mbedtls-2.11.0-2.7.4-and-2.1.13-released

  259. "Mbed TLS 3.0.0 branch released". GitHub. 2021-07-07. Retrieved 2021-08-13. https://github.com/ARMmbed/mbedtls/blob/93a3ca6caf20e0e1a90c86ee2fc03e9f1fb4ebfa/ChangeLog

  260. "Mbed TLS 2.12.0, 2.7.5 and 2.1.14 released". Retrieved 2018-08-30. https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released

  261. "NSS 3.25 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021-12-07. Retrieved 2016-07-01. https://web.archive.org/web/20211207020401/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes

  262. "Bug 940119 - libssl does not support any TLS_ECDHE_*_CAMELLIA_*_GCM cipher suites". Mozilla. Retrieved 2013-11-19. https://bugzilla.mozilla.org/show_bug.cgi?id=940119

  263. This algorithm is implemented in an NSS fork used by Pale Moon. /wiki/Fork_(software_development)

  264. "NSS 3.12 is released". Retrieved 2013-11-19. https://groups.google.com/forum/?hl=ja#!searchin/mozilla.dev.tech.crypto/camellia/mozilla.dev.tech.crypto/3NTvSYkF9MQ/O7Aj7oeiff8J

  265. "NSS 3.12.3 Release Notes". Mozilla Developer Network. Mozilla. Archived from the original on 2023-04-02. Retrieved 2023-04-01. https://web.archive.org/web/20230402220534/https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_releases/nss_3.12.3_release_notes/index.html

  266. Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=518787

  267. Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=608725

  268. "NSS 3.23 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2021-04-14. Retrieved 2016-03-09. https://web.archive.org/web/20210414233905/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes

  269. "openssl/CHANGES at OpenSSL_1_0_1-stable · openssl/openssl". GitHub. Retrieved 2015-01-20. https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES

  270. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  271. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  272. "OpenSSL 1.1.1 Series Release Notes". www.openssl.org. Archived from the original on 2024-01-16. https://web.archive.org/web/20240116202037/https://www.openssl.org/news/openssl-1.1.1-notes.html

  273. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  274. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  275. "OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost

  276. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  277. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  278. "rustls implemented and unimplemented features documentation". Retrieved 2024-08-28. https://docs.rs/rustls/0.23.12/rustls/manual/_04_features/index.html

  279. "Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps". docs.microsoft.com. 14 July 2023. https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel

  280. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  281. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  282. "Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014. https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC

  283. Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014. http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/

  284. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  285. "Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023-07-14. https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview

  286. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  287. RFC 5288. doi:10.17487/RFC5288. RFC 5289. doi:10.17487/RFC5289. https://datatracker.ietf.org/doc/html/rfc5288

  288. RFC 6655, RFC 7251

  289. RFC 6367. doi:10.17487/RFC6367. https://datatracker.ietf.org/doc/html/rfc6367

  290. RFC 5932. doi:10.17487/RFC5932. https://datatracker.ietf.org/doc/html/rfc5932

  291. RFC 6367. doi:10.17487/RFC6367. https://datatracker.ietf.org/doc/html/rfc6367

  292. RFC 6209. doi:10.17487/RFC6209. https://datatracker.ietf.org/doc/html/rfc6209

  293. RFC 6209. doi:10.17487/RFC6209. https://datatracker.ietf.org/doc/html/rfc6209

  294. RFC 4162. doi:10.17487/RFC4162. https://datatracker.ietf.org/doc/html/rfc4162

  295. "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info. https://sweet32.info/

  296. GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04

  297. This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.

  298. RFC 7905. doi:10.17487/RFC7905. https://datatracker.ietf.org/doc/html/rfc7905

  299. authentication only, no encryption

  300. IDEA and DES have been removed from TLS 1.2.[152]

  301. "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". https://sweet32.info

  302. IDEA and DES have been removed from TLS 1.2.[152]

  303. 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. /wiki/Export_of_cryptography_from_the_United_States

  304. 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. /wiki/Export_of_cryptography_from_the_United_States

  305. The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465. /wiki/Transport_Layer_Security#RC4_attacks

  306. The RC4 attacks weaken or break RC4 used in SSL/TLS. /wiki/Transport_Layer_Security#RC4_attacks

  307. 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. /wiki/Export_of_cryptography_from_the_United_States

  308. "Version 1.11.15, 2015-03-08 — Botan". 2015-03-08. Retrieved 2015-03-11. http://botan.randombit.net/relnotes/1_11_15.html

  309. "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html

  310. "Java Cryptography Architecture Oracle Providers Documentation". docs.oracle.com. http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html

  311. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  312. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  313. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  314. "mbed TLS 2.0.0 released". 2015-07-10. Retrieved 2015-07-14. https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released

  315. "NSS 3.15.3 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2014-06-05. Retrieved 2014-07-13. https://web.archive.org/web/20140605001016/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes

  316. "MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities". Mozilla. Retrieved 2014-07-13. https://www.mozilla.org/security/announce/2013/mfsa2013-103.html

  317. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  318. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  319. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  320. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  321. "RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016-08-09. https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/

  322. "RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016-08-09. https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/

  323. "Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023-07-14. https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview

  324. "RC4 is now disabled in Microsoft Edge and Internet Explorer 11 - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog". blogs.windows.com. 2016-08-09. https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/

  325. "wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)". 2015-10-26. Retrieved 2015-11-19. https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

  326. IDEA and DES have been removed from TLS 1.2.[152]

  327. "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". https://sweet32.info

  328. IDEA and DES have been removed from TLS 1.2.[152]

  329. 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. /wiki/Export_of_cryptography_from_the_United_States

  330. 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. /wiki/Export_of_cryptography_from_the_United_States

  331. The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465. /wiki/Transport_Layer_Security#RC4_attacks

  332. The RC4 attacks weaken or break RC4 used in SSL/TLS. /wiki/Transport_Layer_Security#RC4_attacks

  333. 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later. /wiki/Export_of_cryptography_from_the_United_States

  334. RFC 8446

  335. RFC 8422

  336. RFC 8446

  337. RFC 8422

  338. RFC 8446

  339. RFC 8422

  340. RFC 8446

  341. RFC 8422

  342. RFC 8446

  343. RFC 8422

  344. RFC 7027

  345. RFC 7027

  346. RFC 7027

  347. "Version 1.11.12, 2015-01-02 — Botan". 2015-01-02. Retrieved 2015-01-09. http://botan.randombit.net/relnotes/1_11_12.html

  348. "Version 1.11.5, 2013-11-10 — Botan". 2013-11-10. Retrieved 2015-01-23. http://botan.randombit.net/relnotes/1_11_5.html

  349. "Version 1.11.5, 2013-11-10 — Botan". 2013-11-10. Retrieved 2015-01-23. http://botan.randombit.net/relnotes/1_11_5.html

  350. "Version 1.11.5, 2013-11-10 — Botan". 2013-11-10. Retrieved 2015-01-23. http://botan.randombit.net/relnotes/1_11_5.html

  351. "An overview of the new features in GnuTLS 3.5.0". 2016-05-02. Retrieved 2016-12-09. http://nmav.gnutls.org/2016/05/gnutls-3-5-0.html

  352. "gnutls 3.6.12". 2020-02-01. Retrieved 2021-08-31. https://lists.gnupg.org/pipermail/gnutls-help/2020-February/004621.html

  353. "JDK 13 Early-Access Release Notes". Archived from the original on 2020-04-01. Retrieved 2019-06-20. https://web.archive.org/web/20200401060808/http://jdk.java.net/13/release-notes

  354. "JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA)". Retrieved 2024-01-14. https://bugs.openjdk.org/browse/JDK-8199231

  355. "JDK 13 Early-Access Release Notes". Archived from the original on 2020-04-01. Retrieved 2019-06-20. https://web.archive.org/web/20200401060808/http://jdk.java.net/13/release-notes

  356. "JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA)". Retrieved 2024-01-14. https://bugs.openjdk.org/browse/JDK-8199231

  357. "LibreSSL 2.5.1 release notes". OpenBSD. 2017-01-31. Retrieved 2017-02-23. https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.1-relnotes.txt

  358. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  359. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  360. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  361. "MatrixSSL 4.0 changelog". GitHub. Retrieved 2018-09-18. https://github.com/matrixssl/matrixssl/blob/4-0-0-open/doc/CHANGES_v4.0.md

  362. "PolarSSL 1.3.3 released". 2013-12-31. Archived from the original on 2014-01-07. Retrieved 2015-01-23. https://web.archive.org/web/20140107122023/https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released

  363. "Mbed TLS 2.9.0, 2.7.3 and 2.1.12 released". Retrieved 2018-08-30. https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released

  364. "PolarSSL 1.3.1 released". 2013-10-15. Archived from the original on 2015-01-23. Retrieved 2015-01-23. https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released

  365. "PolarSSL 1.3.1 released". 2013-10-15. Archived from the original on 2015-01-23. Retrieved 2015-01-23. https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released

  366. "PolarSSL 1.3.1 released". 2013-10-15. Archived from the original on 2015-01-23. Retrieved 2015-01-23. https://web.archive.org/web/20150123084424/https://polarssl.org/tech-updates/releases/polarssl-1.3.1-released

  367. "Bug 957105 - Add support for curve25519 Key Exchange and UMAC MAC support for TLS". Mozilla. Retrieved 2017-02-23. https://bugzilla.mozilla.org/show_bug.cgi?id=957105

  368. "Bug 1305243 - Support for X448". Mozilla. Retrieved 2022-08-04. https://bugzilla.mozilla.org/show_bug.cgi?id=1305243

  369. "Bug 1597057 - Curve448 or named Ed448-Goldilocks support needed (both X448 key exchange and Ed448 signature algorithm )". Mozilla. Retrieved 2022-08-04. https://bugzilla.mozilla.org/show_bug.cgi?id=1597057

  370. "Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id=943639

  371. "Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id=943639

  372. "Bug 943639 - Support for Brainpool ECC Curve (rfc5639)". Mozilla. Retrieved 2014-01-25. https://bugzilla.mozilla.org/show_bug.cgi?id=943639

  373. "OpenSSL 1.1.0x Release Notes". 25 August 2016. Archived from the original on 18 May 2018. Retrieved 18 May 2018. https://web.archive.org/web/20180518200620/https://www.openssl.org/news/cl110.txt

  374. "OpenSSL GitHub Issue #487 Tracker". GitHub. 2 December 2015. Retrieved 18 May 2018. https://github.com/openssl/openssl/issues/487

  375. "OpenSSL CHANGES". 1 May 2018. Archived from the original on 18 May 2018. Retrieved 18 May 2018. https://web.archive.org/web/20180518200747/https://www.openssl.org/news/cl111.txt

  376. "OpenSSL GitHub Issue #5049 Tracker". GitHub. 9 January 2018. Retrieved 18 May 2018. https://github.com/openssl/openssl/issues/5049

  377. "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html

  378. "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html

  379. "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html

  380. "wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)". 2015-03-30. Retrieved 2015-11-19. https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

  381. "wolfSSL Release 4.4.0 (04/22/2020)". 2020-04-22. Retrieved 2022-10-18. https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

  382. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  383. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  384. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  385. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  386. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  387. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  388. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  389. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  390. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  391. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  392. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  393. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  394. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  395. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  396. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  397. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  398. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  399. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  400. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  401. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  402. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  403. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  404. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  405. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  406. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  407. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  408. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  409. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  410. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  411. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  412. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  413. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  414. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  415. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  416. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  417. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  418. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  419. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  420. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  421. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  422. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  423. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  424. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  425. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  426. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  427. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  428. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  429. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  430. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  431. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  432. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  433. Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart (2012). "A cross-protocol attack on the TLS protocol" (PDF). Proceedings of the 2012 ACM conference on Computer and communications security. Association for Computing Machinery. pp. 62–72. doi:10.1145/2382196.2382206. ISBN 978-1-4503-1651-4.{{cite conference}}: CS1 maint: multiple names: authors list (link) 978-1-4503-1651-4

  434. RFC 4492. doi:10.17487/RFC4492. https://datatracker.ietf.org/doc/html/rfc4492

  435. Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart (2012). "A cross-protocol attack on the TLS protocol" (PDF). Proceedings of the 2012 ACM conference on Computer and communications security. Association for Computing Machinery. pp. 62–72. doi:10.1145/2382196.2382206. ISBN 978-1-4503-1651-4.{{cite conference}}: CS1 maint: multiple names: authors list (link) 978-1-4503-1651-4

  436. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  437. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  438. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  439. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  440. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  441. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  442. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  443. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  444. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  445. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  446. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  447. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  448. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  449. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  450. These elliptic curves were "Disabled by Default" in current JDK families as part of JDK-8236730.[183]

  451. These elliptic curves were subsequently removed in JDK 16+ as part of JDK-8252601.[184]

  452. GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04

  453. GOST 28147-89 Cipher Suites for Transport Layer Security (TLS). I-D draft-chudov-cryptopro-cptls-04. https://datatracker.ietf.org/doc/html/draft-chudov-cryptopro-cptls-04

  454. "LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141809396501638

  455. "LibreSSL 2.1.2 released". 2014-12-09. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141809396501638

  456. Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=518787

  457. Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=608725

  458. Mozilla.org. "Bug 518787 - Add GOST crypto algorithm support in NSS". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=518787

  459. Mozilla.org. "Bug 608725 - Add Russian GOST cryptoalgorithms to NSS and Thunderbird". Retrieved 2014-07-01. https://bugzilla.mozilla.org/show_bug.cgi?id=608725

  460. "OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost

  461. "OpenSSL: CVS Web Interface". Archived from the original on 2013-04-15. Retrieved 2014-11-12. https://archive.today/20130415122812/http://cvs.openssl.org/fileview?f=openssl%2Fengines%2Fccgost%2FREADME.gost

  462. "SHA2 and Windows". Retrieved 2024-12-25. https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/sha2-and-windows/1128617

  463. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  464. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  465. "Microsoft Security Bulletin MS14-066 - Critical (Section Update FAQ)". Microsoft. November 11, 2014. Retrieved 11 November 2014. https://technet.microsoft.com/library/security/MS14-066#ID0E5MAC

  466. Thomlinson, Matt (November 11, 2014). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 11 November 2014. http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption/

  467. "Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2". support.microsoft.com. https://support.microsoft.com/en-us/topic/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities-in-windows-8-1-and-windows-server-2012-r2-8e395e43-c8ef-27d8-b60c-0fc57d526d94

  468. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  469. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  470. "Qualys SSL Labs - Projects / User Agent Capabilities: IE 11 / Win 10 Preview". dev.ssllabs.com. Archived from the original on 2023-07-14. https://web.archive.org/web/20230714075523/https://dev.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win+10+Preview

  471. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  472. Extensions to support GOST in Schannel might be available.[citation needed] /wiki/Wikipedia:Citation_needed

  473. RFC 3749

  474. "RSA BSAFE Technical Specification Comparison Tables" (PDF). Archived from the original (PDF) on 2015-09-24. Retrieved 2015-01-09. https://web.archive.org/web/20150924043531/http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf

  475. "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20. https://marc.info/?l=openbsd-announce&m=141486254309079

  476. RFC 5746

  477. RFC 6066

  478. RFC 7301

  479. RFC 6066

  480. RFC 6091

  481. RFC 4680

  482. RFC 5077. doi:10.17487/RFC5077. https://datatracker.ietf.org/doc/html/rfc5077

  483. RFC 5705. doi:10.17487/RFC5705. https://datatracker.ietf.org/doc/html/rfc5705

  484. RFC 6066

  485. Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security. doi:10.17487/RFC7366. RFC 7366. https://datatracker.ietf.org/doc/html/rfc7366

  486. RFC 7507. doi:10.17487/RFC7507. https://datatracker.ietf.org/doc/html/rfc7507

  487. RFC 7627

  488. RFC 7685

  489. RFC 7250

  490. "Version 1.11.16, 2015-03-29 — Botan". 2016-03-29. Retrieved 2016-09-08. https://botan.randombit.net/news.html#version-1-11-16-2015-03-29

  491. "Version 1.11.10, 2014-12-10 — Botan". 2014-12-10. Retrieved 2014-12-14. http://botan.randombit.net/relnotes/1_11_10.html

  492. "Version 1.11.26, 2016-01-04 — Botan". 2016-01-04. Retrieved 2016-02-25. http://botan.randombit.net/news.html#version-1-11-26-2016-01-04

  493. Present, but disabled by default due to lack of use by any implementation.

  494. "gnutls 3.2.0". Archived from the original on 2016-01-31. Retrieved 2015-01-26. https://web.archive.org/web/20160131230710/http://article.gmane.org/gmane.network.gnutls.general/3136

  495. Mavrogiannopoulos, Nikos (August 21, 2017). "[gnutls-help] GnuTLS 3.6.0 released". https://lists.gnupg.org/pipermail/gnutls-help/2017-August/004364.html

  496. "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html

  497. "gnutls 3.4.4". Archived from the original on 2017-07-17. Retrieved 2015-08-25. https://web.archive.org/web/20170717020648/http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267

  498. "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16. http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html

  499. "%DUMBFW priority keyword". Retrieved 2017-04-30. https://gnutls.org/manual/html_node/Priority-Strings.html

  500. "gnutls 3.6.6". 2019-01-25. Retrieved 2019-09-01. https://lists.gnupg.org/pipermail/gnutls-help/2019-January/004484.html

  501. "Security Enhancements in JDK 8". docs.oracle.com. http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html

  502. "Security Enhancements in JDK 8". docs.oracle.com. http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html

  503. "LibreSSL 2.1.3 released". 2015-01-22. Retrieved 2015-01-22. https://marc.info/?l=openbsd-announce&m=142193407304782

  504. "LibreSSL 2.1.4 released". 2015-03-04. Retrieved 2015-03-04. https://marc.info/?l=openbsd-announce&m=142543818707898

  505. "MatrixSSL - News". 2014-12-04. Archived from the original on 2015-02-14. Retrieved 2015-01-26. https://web.archive.org/web/20150214105056/http://www.matrixssl.org/news.html

  506. "Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link‍] https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383

  507. "Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link‍] https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383

  508. "Changes in 3.8.3". GitHub. Retrieved 2016-06-19.[permanent dead link‍] https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#changes-in-383

  509. "Download overview - PolarSSL". 2014-04-11. Archived from the original on 2015-02-09. Retrieved 2015-01-26. https://web.archive.org/web/20150209195111/https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released

  510. "mbed TLS 1.3.10 released". 2015-02-08. Archived from the original on 2015-02-09. Retrieved 2015-02-09. https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released

  511. "mbed TLS 1.3.10 released". 2015-02-08. Archived from the original on 2015-02-09. Retrieved 2015-02-09. https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released

  512. "mbed TLS 1.3.10 released". 2015-02-08. Archived from the original on 2015-02-09. Retrieved 2015-02-09. https://web.archive.org/web/20150209180352/https://polarssl.org/tech-updates/releases/mbedtls-1.3.10-released

  513. "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Archived from the original on January 26, 2015. Retrieved 2015-01-26. https://archive.today/20150126155403/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes

  514. "Bug 961416 - Support RFC6091 - Using OpenPGP Keys for Transport Layer Security Authentication (TLS1.2)". Mozilla. Retrieved 2014-06-18. https://bugzilla.mozilla.org/show_bug.cgi?id=961416

  515. "Bug 972145 - Implement the encrypt-then-MAC TLS extension". Mozilla. Retrieved 2014-11-06. https://bugzilla.mozilla.org/show_bug.cgi?id=972145

  516. "NSS 3.17.1 release notes". Archived from the original on 2019-04-19. Retrieved 2014-10-17. https://web.archive.org/web/20190419152214/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes

  517. "NSS 3.21 release notes". Archived from the original on 2021-12-07. Retrieved 2015-11-14. https://web.archive.org/web/20211207025807/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes

  518. "NSS 3.15.5 release notes". Mozilla Developer Network. Mozilla. Archived from the original on January 26, 2015. Retrieved 2015-01-26. https://archive.today/20150126155403/https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes

  519. "Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]". Archived from the original on September 4, 2014. Retrieved 2015-01-22. https://web.archive.org/web/20140904045720/http://www.openssl.org/news/openssl-1.0.2-notes.html

  520. "OpenSSL Security Advisory [15 Oct 2014]". 2014-10-15. https://openssl-library.org/news/secadv/20141015.txt

  521. "OpenSSL 1.1.0 Series Release Notes". www.openssl.org. Archived from the original on 2018-03-17. Retrieved 2016-09-03. https://web.archive.org/web/20180317162208/https://www.openssl.org/news/openssl-1.1.0-notes.html

  522. "Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]". 2014-04-07. Archived from the original on 2015-01-20. Retrieved 2015-02-10. https://web.archive.org/web/20150120120428/https://www.openssl.org/news/openssl-1.0.1-notes.html

  523. "OpenSSL Announces Final Release of OpenSSL 3.2.0". 2023-11-23. Retrieved 2024-10-11. https://openssl-library.org/post/2023-11-06-openssl32/

  524. rustls does not implement earlier versions that would warrant protection against insecure downgrade

  525. "Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121

  526. "Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121

  527. "What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2024-04-28. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)

  528. "Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121

  529. "What's New in TLS/SSL (Schannel SSP)". 31 August 2016. Retrieved 2024-04-28. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831771(v=ws.11)

  530. "Microsoft Security Bulletin MS15-121". March 2023. Retrieved 2024-04-28. https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-121

  531. "wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)". 2015-10-26. Retrieved 2015-11-19. https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

  532. "wolfSSL Version 4.2.0 is Now Available!". 22 October 2019. Retrieved 2021-08-13. https://www.wolfssl.com/wolfssl-version-4-2-0-now-available/

  533. "wolfSSL supports Raw Public Keys". August 2023. Retrieved 2024-10-25. https://www.wolfssl.com/wolfssl-supports-raw-public-keys/

  534. "Version 1.11.31, 2015-08-30 — Botan". 2016-08-30. Retrieved 2016-09-08. https://botan.randombit.net/news.html#version-1-11-31-2016-08-30

  535. "Trusted Platform Module (TPM) — Botan". https://botan.randombit.net/handbook/api_ref/tpm.html

  536. Pure Java implementations relies on JVM processor optimization capabilities, such as OpenJDK support for AES-NI[228] /wiki/Java_virtual_machine

  537. BSAFE SSL-J can be configured to run in native mode, using BSAFE Crypto-C Micro Edition to benefit from processor optimization.[229]

  538. "Comparison of BSAFE TLS libraries: Micro Edition Suite vs SSL-J | Dell Malaysia". https://www.dell.com/support/kbdoc/en-my/000204717/comparison-of-bsafe-tls-libraries-micro-edition-suite-vs-ssl-j

  539. Mavrogiannopoulos, Nikos (October 9, 2016). "[gnutls-devel] gnutls 3.5.5". https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.html

  540. "Trusted Platform Module (GnuTLS 3.8.4)". https://www.gnutls.org/manual/html_node/Trusted-Platform-Module.html

  541. "Java SSL provider with AES-NI support". stackoverflow.com. https://stackoverflow.com/questions/14259671/java-ssl-provider-with-aes-ni-support

  542. "PolarSSL 1.3.3 released". 2013-12-31. Archived from the original on 2014-01-07. Retrieved 2014-01-07. We've incorporated support for AES-NI in our AES and GCM modules. https://web.archive.org/web/20140107122023/https://polarssl.org/tech-updates/releases/polarssl-1.3.3-released

  543. "NXP/Plug-and-trust". GitHub. https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file

  544. "ARMmbed/Mbed-os-atecc608a". GitHub. https://github.com/ARMmbed/mbed-os-atecc608a/

  545. Normally NSS's libssl performs all operations via the PKCS#11 interface, either to hardware or software tokens

  546. "Bug 706024 - AES-NI enhancements to NSS on Sandy Bridge systems". Retrieved 2013-09-28. https://bugzilla.mozilla.org/show_bug.cgi?id=706024

  547. "Bug 479744 - RFE : VIA Padlock ACE support (hardware RNG, AES, SHA1 and SHA256)". Retrieved 2014-04-11. https://bugzilla.mozilla.org/show_bug.cgi?id=479744

  548. "Подключаем Рутокен ЭЦП к OpenSSL" (in Russian). 16 December 2011. https://habrahabr.ru/post/134725/

  549. "Поддержка Рутокен ЭЦП в OpenSSL (Страница 1) — Рутокен и Open Source — Форум Рутокен" (in Russian). http://forum.rutoken.ru/topic/1639/

  550. "OpenSSL ГОСТ" (in Russian). Archived from the original on 2018-06-23. https://web.archive.org/web/20180623005200/https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184

  551. "git.openssl.org Git - openssl.git/commitdiff". git.openssl.org. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddacb8f27ba4c8a8d51c306c150e1a8703b008f2

  552. "Tpm2-software/Tpm2-openssl". GitHub. https://github.com/tpm2-software/tpm2-openssl

  553. "Provider - OpenSSL Documentation". https://docs.openssl.org/3.0/man7/provider/

  554. "NXP/Plug-and-trust". GitHub. https://github.com/NXP/plug-and-trust/tree/master?tab=readme-ov-file

  555. "STSW-STSA110-SSL - STSAFE-A integration within OpenSSL security stack". STMicroelectronics. https://www.st.com/en/embedded-software/stsw-stsa110-ssl.html

  556. SecECKey.c on GitHub https://github.com/apple-oss-distributions/Security/blob/Security-55179.13/sec/Security/SecECKey.c

  557. "Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8" (PDF). Apple Inc. 2013. http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT5396/Crypto_Officer_Role_Guide_for_FIPS_140-2_Compliance_OS_X_Mountain_Lion_v10.8.pdf

  558. "CAAM support in wolfSSL". 10 March 2020. https://community.nxp.com/t5/i-MX-Processors/CAAM-support-in-wolfSSL/m-p/1013736

  559. "wolfTPM Portable TPM 2.0 Library". https://www.wolfssl.com/products/wolftpm/

  560. "Announcing wolfSSL TPM support for the Espressif ESP32". 20 June 2024. https://www.wolfssl.com/announcing-wolfssl-tpm-support-for-the-espressif-esp32/

  561. "WolfSSL SSL/TLS Support for NXP SE050 – wolfSSL". 22 February 2024. https://www.wolfssl.com/wolfssl-ssl-tls-support-for-nxp-se050/

  562. "WolfSSL support for the ATECC608 Crypto Coprocessor – wolfSSL". 13 October 2021. https://www.wolfssl.com/blog-wolfssl-support-atecc608-crypto-coprocessor/

  563. "WolfSSL support for STSAFE-A100 crypto coprocessor – wolfSSL". 20 September 2018. https://www.wolfssl.com/wolfssl-support-stsafe-a100-crypto-coprocessor/

  564. "Support for MAXQ1065 in wolfSSL – wolfSSL". 29 November 2022. https://www.wolfssl.com/support-maxq1065-wolfssl/

  565. "LibreSSL 2.2.1 Released". 2015-07-08. Retrieved 2016-01-30. https://marc.info/?l=openbsd-announce&m=143635991232240

  566. "ktls integration for rustls". GitHub. Retrieved 2024-08-29. https://github.com/rustls/ktls

  567. "wolfProvider". 2021-11-10. Retrieved 2022-01-17. https://www.wolfssl.com/wolfengine-openssl-provider-solution-now-public/

  568. "Version 1.11.26, 2016-01-04 — Botan". 2016-01-04. Retrieved 2016-02-25. http://botan.randombit.net/news.html#version-1-11-26-2016-01-04

  569. The PKCS #11 URI Scheme. doi:10.17487/RFC7512. RFC 7512. https://datatracker.ietf.org/doc/html/rfc7512

  570. "libp11: PKCS#11 wrapper library". 19 January 2018 – via GitHub. https://github.com/OpenSC/libp11

  571. The PKCS #11 URI Scheme. doi:10.17487/RFC7512. RFC 7512. https://datatracker.ietf.org/doc/html/rfc7512

  572. "Windows CNG bridge for rustls". GitHub. Retrieved 2024-08-29. https://github.com/rustls/rustls-cng

  573. On the fly replaceable/augmentable.

  574. "Nss compat ossl - Fedora Project Wiki". fedoraproject.org. https://fedoraproject.org/wiki/Nss_compat_ossl

  575. "rustls-openssl compatibility layer". GitHub. Retrieved 2024-08-29. https://github.com/rustls/rustls-openssl-compat/

  576. "NSPR". Mozilla Developer Network. https://www.mozilla.org/projects/nspr/

  577. "NSPR". Mozilla Developer Network. https://www.mozilla.org/projects/nspr/

  578. For Unix/Linux it uses /dev/urandom if available, for Windows it uses CAPI. For other platforms it gets data from clock, and tries to open system files. NSS has a set of platform dependent functions it uses to determine randomness.