Comparison of TLS Implementations
Encyclopedia
The Transport Layer Security
(TLS) protocol provide the ability to secure communications across networks. There are several TLS implementations which are free and open source software
and sometimes choosing between the available implementations can be tough. Below, you will find a side-by-side comparison of several of the most prominent libraries.
All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.
Note that there are known vulnerabilities in SSL 2.0, SSL 3.0 and TLS 1.0 protocols.
MAC
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
(TLS) protocol provide the ability to secure communications across networks. There are several TLS implementations which are free and open source software
Free and open source software
Free and open-source software or free/libre/open-source software is software that is liberally licensed to grant users the right to use, study, change, and improve its design through the availability of its source code...
and sometimes choosing between the available implementations can be tough. Below, you will find a side-by-side comparison of several of the most prominent libraries.
All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.
Overview
| Implementation | Developed By | Open Source | Software License | Copyright Owner | Latest Stable Version | Release Date | Origin | Website |
|---|---|---|---|---|---|---|---|---|
| axTLS | Cameron Rich | Cameron Rich | 1.4.4 | 11/04/2011 | Australia | http://axtls.sourceforge.net/ | ||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
Peter Gutmann Peter Gutmann (computer scientist) Peter Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland, Auckland, New Zealand. He has a Ph.D. in computer science from the University of Auckland. His Ph.D. thesis and a book based on the thesis were about a cryptographic security architecture... |
and commercial license | Peter Gutmann Peter Gutmann (computer scientist) Peter Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland, Auckland, New Zealand. He has a Ph.D. in computer science from the University of Auckland. His Ph.D. thesis and a book based on the thesis were about a cryptographic security architecture... |
3.4.1 | 07/27/2011 | NZ | http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ | |
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
yaSSL | and commercial license | yassl.com | 1.9.0 | 03/02/2011 | US | http://www.yassl.com | |
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
GnuTLS project GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
Free Software Foundation | 3.0.5 | 10/27/2011 | EU (Greece and Sweden) | http://www.gnutls.org/ | ||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
PeerSec Networks | PeerSec Networks | 3.2.0 | 06/07/2011 | US | http://www.matrixssl.org | ||
| MatrixSSL-open | PeerSec Networks | PeerSec Networks | 3.2.2 | 06/07/2011 | US | http://www.matrixssl.org | ||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
and Mozilla Public License Mozilla Public License The Mozilla Public License is a free and open source software license. Version 1.0 was developed by Mitchell Baker when she worked as a lawyer at Netscape Communications Corporation and version 1.1 at the Mozilla Foundation... |
NSS contributors | 3.12.9 | 1/12/2011 | US | http://www.mozilla.org/projects/security/pki/nss/ | ||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
OpenSSL project OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
Eric Young, Tim Hudson, Sun, OpenSSL project, and others | 0.9.8r / 1.0.0e | 09/06/2011 | Australia/EU | http://openssl.org/ | ||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
Offspark | and commercial license | Brainspark B.V. (brainspark.nl) | 1.0.0 | 09/08/2011 | EU (Netherlands) | http://polarssl.org | |
| SChannel | Microsoft Microsoft Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions... |
Microsoft Inc. | Windows 7 | 10/22/2009 | US | http://microsoft.com | ||
| Security Builder SSL-C | Certicom | Certicom Corp., A Subsidiary of Research In Motion | 5.5.1 | 2/28/2011 | Canada | http://www.certicom.com | ||
| JSSE | Oracle Oracle Corporation Oracle Corporation is an American multinational computer technology corporation that specializes in developing and marketing hardware systems and enterprise software products – particularly database management systems... |
and commercial license | Oracle | JDK 6, JDK 7 in EA stage | 02/03/2011(ea snapshot release) | US | http://openjdk.java.net/ http://www.java.net/ http://www.java.com/ | |
| Implementation | Developed By | Open Source | Software License | Copyright Owner | Latest Stable Version | Release Date | Origin | Website |
Protocol Support
Several versions of the TLS protocol exist. SSL 2.0 is a deprecated protocol, vulnerable to several attacks. SSL 3.0 and TLS 1.0 are its successors without any major known vulnerabilities. TLS 1.1 fixes all the known issues in TLS 1.0, and TLS 1.2 is the latest published version, introducing new features. DTLS 1.0 or Datagram TLS is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated.Note that there are known vulnerabilities in SSL 2.0, SSL 3.0 and TLS 1.0 protocols.
| Implementation | SSL 2.0 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
SSL 3.0 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
TLS 1.0 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
TLS 1.1 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
TLS 1.2 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
DTLS 1.0 Datagram Transport Layer Security In information technology, the Datagram Transport Layer Security protocol provides communications privacy for datagram protocols. DTLS allows datagram-based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery... |
|---|---|---|---|---|---|---|
| axTLS | ||||||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
||||||
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
||||||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
||||||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
||||||
| MatrixSSL-open | ||||||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
||||||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
||||||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
||||||
| SChannel | ||||||
| Security Builder SSL-C | ||||||
| JSSE | ||||||
| Implementation | SSL 2.0 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
SSL 3.0 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
TLS 1.0 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
TLS 1.1 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
TLS 1.2 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... |
DTLS 1.0 Datagram Transport Layer Security In information technology, the Datagram Transport Layer Security protocol provides communications privacy for datagram protocols. DTLS allows datagram-based applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery... |
CipherSuite Profiles
| Implementation | TLS 1.2 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... Suite B |
|---|---|
| axTLS | |
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
|
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
|
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
|
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
|
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
|
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
|
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
|
| SChannel | |
| Security Builder SSL-C | |
| JSSE | |
| Implementation | TLS 1.2 Transport Layer Security Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet... Suite B |
Key Exchange Algorithms (Certificate-only)
| Implementation | RSA | RSA-EXPORT | DHE-RSA | DHE-DSS | ECDH-ECDSA | ECDHE-ECDSA | ECDH-RSA | ECDHE-RSA | VKO GOST R 34.10-2001 |
|---|---|---|---|---|---|---|---|---|---|
| axTLS | |||||||||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
|||||||||
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
|||||||||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
|||||||||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
|||||||||
| MatrixSSL-open | |||||||||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
|||||||||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
|||||||||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
|||||||||
| SChannel | |||||||||
| Security Builder SSL-C | |||||||||
| JSSE | |||||||||
| Implementation | RSA | RSA EXPORT | DHE-RSA | DHE-DSS | ECDH-ECDSA | ECDHE-ECDSA | ECDH-RSA | ECDHE-RSA | VKO GOST R 34.10-2001 |
Key Exchange Algorithms (Alternative key-exchanges)
| Implementation | DH-ANON | SRP | SRP-DSS | SRP-RSA | PSK-RSA | PSK | DHE-PSK | ECDHE-PSK | ECDH-ANON |
|---|---|---|---|---|---|---|---|---|---|
| axTLS | |||||||||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
|||||||||
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
|||||||||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
|||||||||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
|||||||||
| MatrixSSL-open | |||||||||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
|||||||||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
|||||||||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
|||||||||
| SChannel | |||||||||
| Security Builder SSL-C | |||||||||
| JSSE | |||||||||
| Implementation | DH-ANON | SRP | SRP-DSS | SRP-RSA | PSK-RSA | PSK | DHE-PSK | ECDHE-PSK | ECDH-ANON |
Encryption Algorithms
| Implementation | AES-CBC | AES-GCM | 3DES-CBC | DES-CBC | RC4-128 | RC4-40 | CAMELLIA-CBC | GOST28147-89 |
|---|---|---|---|---|---|---|---|---|
| axTLS | ||||||||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
||||||||
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
||||||||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
||||||||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
||||||||
| MatrixSSL-open | ||||||||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
||||||||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
||||||||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
||||||||
| SChannel | ||||||||
| Security Builder SSL-C | ||||||||
| JSSE | ||||||||
| Implementation | AES-CBC | AES-GCM | 3DES-CBC | DES-CBC | RC4-128 | RC4-40 | CAMELLIA-CBC | GOST28147-89 |
CPU-assisted cryptography
This section lists the ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware accelerators.| Implementation | /dev/crypto | PKCS #11 device PKCS11 In cryptography, PKCS #11 is one of the family of standards called Public-Key Cryptography Standards , published by RSA Laboratories, that defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules and smart cards... |
Windows CSP Cryptographic Service Provider In Microsoft Windows, a Cryptographic Service Provider is a software library that implements the Microsoft CryptoAPI . CSPs implement encoding and decoding functions, which computer application programs may use, for example, to implement strong user authentication or for secure email. CSPs are... |
Intel AES-NI AES instruction set Advanced Encryption Standard Instruction Set is an extension to the x86 instruction set architecture for microprocessors from Intel and AMD proposed by Intel in March 2008... |
VIA Padlock |
|---|---|---|---|---|---|
| axTLS | |||||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
|||||
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
|||||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
|||||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
|||||
| MatrixSSL-open | |||||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
|||||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
|||||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
|||||
| SChannel | |||||
| Security Builder SSL-C | |||||
| JSSE | |||||
| Implementation | /dev/crypto | PKCS #11 device | Windows CSP | Intel AES-NI | VIA Padlock |
MACMessage authentication codeIn cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
Functions
| Implementation | AEAD | HMAC-MD5 | HMAC-SHA-1 | HMAC-SHA-256 | GOST28147-89-MAC | GOST 34.11-94 |
|---|---|---|---|---|---|---|
| axTLS | ||||||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
||||||
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
||||||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
||||||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
||||||
| MatrixSSL-open | ||||||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
||||||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
||||||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
||||||
| SChannel | ||||||
| Security Builder SSL-C | ||||||
| JSSE | ||||||
| Implementation | AEAD | HMAC-MD5 | HMAC-SHA-1 | HMAC-SHA-256 | GOST28147-89-MAC | GOST 34.11-94 |
Compression
| Implementation | DEFLATE |
|---|---|
| axTLS | |
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
|
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
|
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
|
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
|
| MatrixSSL-open | |
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
|
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
|
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
|
| SChannel | |
| Security Builder SSL-C | |
| JSSE | |
| Implementation | DEFLATE |
Cryptographic module/token support
| Implementation | Hardware token support | Objects identified via |
|---|---|---|
| axTLS | ||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
User-defined label | |
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
PKCS #11 URLs | |
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
||
| MatrixSSL-open | ||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
Custom method | |
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
||
| SChannel | UUID, User-defined label | |
| Security Builder SSL-C | ||
| JSSE | ||
| Implementation | Hardware token support | Objects identified via |
Extensions
In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.| Implementation | Secure Renegotiation |
Server Name Indication |
Certificate Status Request |
OpenPGP | Supplemental Data |
Session Ticket |
Keying Material Exporter |
Maximum Fragment Length |
Truncated HMAC |
|---|---|---|---|---|---|---|---|---|---|
| axTLS | |||||||||
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
|||||||||
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
|||||||||
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
|||||||||
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
|||||||||
| MatrixSSL-open | |||||||||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
|||||||||
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
? | ? | |||||||
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
|||||||||
| SChannel | |||||||||
| Security Builder SSL-C | |||||||||
| JSSE | |||||||||
| Implementation | Secure Renegotiation |
Server Name Indication |
Certificate Status Request |
OpenPGP | Supplemental Data |
Session Ticket |
Keying Material Exporter |
Maximum Fragment Length |
Truncated HMAC |
Code Size and Dependencies
| Implementation | Code size | Dependencies | Optional dependencies |
|---|---|---|---|
| axTLS | 12kLoc | libc | |
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
27kLoc | libc | zlib (compression) |
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
71 kLoc | libc libnettle (crypto) gmp (bignum) |
zlib (compression) p11-kit (PKCS #11) |
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
22kLoc | libc | |
| MatrixSSL-open | 18kLoc | libc | |
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
libc libnspr4 libsoftokn3 libplc4 libplds4 |
zlib (compression) | |
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
159 kLoc | libc | zlib (compression) |
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
14 kLOC | libc | |
| JSSE | 37 kLOC (Framework and Oracle provider) |
Java | |
| Implementation | Code size | Dependencies | Optional dependencies |
Development Environment
| Implementation | Namespace | Build Tools | API Manual | Crypto Back-end | OpenSSL Compatibility Layer |
|---|---|---|---|---|---|
| axTLS | SSL_CTX, SSL | Makefile, mconf | API Reference (HTML) | Included (monolithic) | (limited) |
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
crypt* | makefile, MSVC project workspaces | Programmers reference manual (PDF), architecture design manual (PDF) | Included (monolithic) | |
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
CyaSSL_* SSL_* |
Autoconf, automake, libtool, MSVC project workspaces, XCode projects | API Reference (HTML) | Included (monolithic) | (about 10% of API) |
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
gnutls_* | Autoconf, automake, libtool | Manual and API reference (HTML, PDF) | External, libnettle | (limited) |
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
matrixSsl_* ps* |
automake, MSVC project workspaces, XCode projects | API Reference (PDF) | Included (monolithic) | |
| MatrixSSL-open | matrixSsl_* ps* |
automake, MSVC project workspaces, XCode projects | API Reference (PDF) | Included (monolithic) | |
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
CERT_* SEC_* SECKEY_* NSS_* PK11_* SSL_* ... |
Makefile | Manual (HTML) | Included, PKCS#11 based | (separate package called nss_compat_ossl) |
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
SSL_* SHA1_* MD5_* EVP_* ... |
Makefile | Man pages | Included (monolithic) | Not Applicable |
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
ssl_* sha1_* md5_* x509parse_* ... |
Makefile, CMake CMake CMake is a cross-platform, open-source system for managing the build process of software using a compiler-independent method. It is designed to support directory hierarchies and applications that depend on multiple libraries, and for use in conjunction with native build environments such as Make,... , MSVC project workspaces |
API Reference + High Level and Module Level Documentation (HTML) | Included (monolithic) | |
| Security Builder SSL-C | ssl_* | makefile | Programmers reference manual (PDF), User Guide (PDF) | Included (monolithic) | |
| JSSE | javax.net.ssl | Makefile | API Reference (HTML) + |
Java Cryptography Architecture Java Cryptography Architecture The Java Cryptography Architecture is a framework for working with cryptography using the Java programming language. It forms part of the Java security API, and was first introduced in JDK 1.1 in the package.... / Java Cryptography Extension Java Cryptography Extension The Java Cryptography Extension is an officially released Standard Extension to the Java Platform. JCE provides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code algorithms... |
|
| Implementation | Namespace | Build Tools | API Manual | Crypto Back-end | OpenSSL Compatibility Layer |
Portability Concerns
| Implementation | Platform Requirements | Network Requirements | Thread Safety | Random Seed | Able to Cross-Compile | Supported Operating Systems |
|---|---|---|---|---|---|---|
| axTLS | C89 | none | POSIX threads (optional) | /dev/urandom or platform dependent. | Generally any POSIX or Windows based platforms. | |
| cryptlib Cryptlib cryptlib is an open source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License... |
C89 | POSIX send and recv. API to supply your own replacement | Thread-safe. | Platform-dependent, including hardware sources | AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, PalmOS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK) | |
| CyaSSL CyaSSL CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including... |
C89 | POSIX send and recv. API to supply your own replacement. | Thread-safe, needs mutex hooks if PThreads or WinThreads not available, can be turned off | Random seed set through TaoCrypt | Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, Tron/itron/microitron, Micrium's µC OS, FreeRTOS | |
| GnuTLS GnuTLS GnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of... |
C89 | POSIX send and recv. API to supply your own replacement. | Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available. | platform dependent | Generally any POSIX platforms or Windows, commonly tested platforms include GNU/Linux, Win32/64, Mac OS X, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD. | |
| MatrixSSL MatrixSSL MatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms.... |
C89 | none | Thread-safe | platform dependent | ||
| MatrixSSL-open | C89 | none | Thread-safe | platform dependent | ||
| NSS Network Security Services In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME... |
C89, NSPR | NSPR PR_Send and PR_Recv. API to supply your own replacement. | Thread-safe | Platform dependent | (but cumbersome) | AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, Mac OS X, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation |
| OpenSSL OpenSSL OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions... |
C89? | ? | Needs mutex callbacks | Set through native API | Unix, DOS (with djgpp), Windows, OpenVMS, MacOS, NetWare | |
| PolarSSL PolarSSL PolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses... |
C89 | POSIX read and write. API to supply your own replacement. | Thread-safe | Random seed set through HAVEGE random engine | Known to work on: Win32/64, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox | |
| Security Builder SSL-C | C89 | Must write your own application callbacks for socket I/O | Thread-safe under certain documented conditions | platform dependent | ||
| JSSE | Java | Java SE network components | Thread-safe | Depends on java.security.SecureRandom | Java based, platform-independent | |
| Implementation | Platform Requirements | Network Requirements | Thread Safety | Random Seed | Able to Cross-Compile | Supported Operating Systems |