Comparison of TLS implementations

The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

All comparison categories use the stable version of each implementation listed in the overview section. The comparison is limited to features that directly relate to the TLS protocol.

Overview

Implementation	Developed by	Open source	Software license	Copyright owner	Written in	Latest stable version, release date	Origin
Botan	Jack Lloyd	Yes	Simplified BSD License	Jack Lloyd	C++	1.11.29 (March 20, 2016; 8 years ago (2016-03-20)[1]) [±] 1.10.12 (February 3, 2016; 8 years ago (2016-02-03)[2]) [±]	US (Vermont)
Bouncy Castle	The Legion of the Bouncy Castle Inc.	Yes	MIT License	Legion of the Bouncy Castle Inc.	Java, C#	1.54 (Java) (December 30, 2015; 8 years ago (2015-12-30) [3]) [±] 1.8.1 (C#) (December 28, 2015; 8 years ago (2015-12-28) [4]) [±]	Australia
cryptlib	Peter Gutmann	Yes	Sleepycat License and commercial license	Peter Gutmann	C	3.4.3 (March 25, 2016; 8 years ago (2016-03-25) [5]) [±]	NZ
GnuTLS	GnuTLS project	Yes	GNU LGPLv2.1+	Free Software Foundation	C	3.4.8 (January 8, 2016; 8 years ago (2016-01-08) [6]) [±] 3.3.20 (January 8, 2016; 8 years ago (2016-01-08) [6]) [±]	EU (Greece and Sweden)
Java Secure Socket Extension (JSSE)	Oracle	Yes	GNU GPLv2 and commercial license	Oracle	Java	JDK 8, 2014-03-18	US
LibreSSL	OpenBSD Project	Yes	Apache License 1.0, 4-clause BSD License, ISC License, and some are public domain	Eric Young, Tim Hudson, Sun, OpenSSL project, OpenBSD Project, and others	C, assembly	2.3.4 (May 3, 2016; 7 years ago (2016-05-03)[7]) [±] 2.2.7 (May 3, 2016; 7 years ago (2016-05-03)[7]) [±]	Canada
MatrixSSL[8]	PeerSec Networks	Yes	GNU GPLv2+ and commercial license	PeerSec Networks	C	3.7.2b (July 13, 2015; 8 years ago (2015-07-13) [9]) [±]	US
mbed TLS (previously PolarSSL)	ARM	Yes	Apache License 2.0, GNU GPLv2+ and commercial license	ARM Holdings	C	2.2.1 (January 4, 2016; 8 years ago (2016-01-04) [10]) [±] 2.1.4 (January 4, 2016; 8 years ago (2016-01-04) [10]) [±] 1.3.16 (January 4, 2016; 8 years ago (2016-01-04) [10]) [±] 1.2.19 (January 4, 2016; 8 years ago (2016-01-04) [10]) [±]	EU (Netherlands)
Network Security Services (NSS)	Mozilla, AOL, Red Hat, Sun, Oracle, Google and others	Yes	MPL 2.0	NSS contributors	C, assembly	3.24 (May 23, 2016; 7 years ago (2016-05-23)[11]) [±] 3.22.3 (March 14, 2016; 8 years ago (2016-03-14)[12]) [±] 3.21.1 (March 8, 2016; 8 years ago (2016-03-08)[13]) [±] 3.19.2.4 (March 21, 2016; 8 years ago (2016-03-21)[14]) [±]	US
OpenSSL	OpenSSL project	Yes	OpenSSL-SSLeay dual-license	Eric Young, Tim Hudson, Sun, OpenSSL project, and others	C, assembly	1.0.2h (May 3, 2016; 7 years ago (2016-05-03)[15]) [±] 1.0.1t (May 3, 2016; 7 years ago (2016-05-03)[15]) [±]	Australia/EU
RSA BSAFE	RSA Security	No[16]	Proprietary	RSA, The Security Division of EMC		MES: 4.0[17] SSL-J: 6.1.4[17]	Australia
SChannel	Microsoft	No	Proprietary	Microsoft Inc.		Windows 10, 2015-07-29	US
Secure Transport	Apple Inc.	Yes	APSL 2.0	Apple Inc.		57337.20.44 (OS X 10.11.2), 2015-12-08	US
SharkSSL	Realtimelogic LLC[18]	No	Proprietary	Realtimelogic LLC	C, assembly	3839 March 2016	US
TLSe	Eduard Suica	Yes	Public domain	Eduard Suica	C	0.9, 2016-04-02	EU (Romania)
wolfSSL (previously CyaSSL)	wolfSSL[19]	Yes	GNU GPLv2+ and commercial license	wolfSSL Inc.[20]	C	3.9.0 (March 18, 2016; 8 years ago (2016-03-18)[21]) [±]	US
Implementation	Developed by	Open source	Software license	Copyright owner	Written in	Latest stable version, release date	Origin

Protocol support

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated^[22] protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.^[23] TLS 1.1 (2006) fixed only one of the problems, by switching to random IVs for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC7366.^[24] A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011,^[25] so from a security perspective, all existing version of TLS 1.0, 1.1 and 1.2 provide equivalent strength in the base protocol and are suitable for 128-bit security according to NIST SP800-57 up to at least 2030. In 2014, the POODLE vulnerability of SSL 3.0 was discovered, which takes advantage the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.^[26]

TLS 1.2 (2008) is the latest published version of the base protocol, introducing a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).^[27]

Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012^[28]

Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. With the exception of the predictable IVs (for which an easy workaround exists) all currently known vulnerabilities affect all version of TLS 1.0/1.1/1.2 alike.^[29]

Implementation	SSL 2.0 (insecure)[30]	SSL 3.0 (insecure)[31]	TLS 1.0[32]	TLS 1.1[33]	TLS 1.2[34]	TLS 1.3 (Draft)[35][36]	DTLS 1.0[37]	DTLS 1.2[28]
Botan	No	No[38]	Yes	Yes	Yes		Yes	Yes
cryptlib	No	Disabled by default at compile time	Yes	Yes	Yes		No	No
GnuTLS	No[a]	Disabled by default[39]	Yes	Yes	Yes		Yes	Yes
JSSE	No[a]	Disabled by default[b]	Yes	Yes	Yes		No	No
LibreSSL	No[40]	No[41]	Yes	Yes	Yes		Yes	No
MatrixSSL	No[a]	Disabled by default at compile time[42]	Yes	Yes	Yes		Yes	Yes
mbed TLS	No	Disabled by default[43]	Yes	Yes	Yes		Yes[43]	Yes[43]
NSS	Disabled by default[a]	Disabled by default[44]	Yes	Yes[45]	Yes[46]		Yes[45]	Yes[47]
OpenSSL	Disabled by default[48]	Enabled by default	Yes	Yes[49]	Yes[49]		Yes	Yes[50]
RSA BSAFE[51]	No	Yes	Yes	Yes	Yes		No	No
SChannel XP, 2003[52]	Disabled by default in MSIE 7	Enabled by default	Enabled by default in MSIE 7	No	No		No	No
SChannel Vista, 2008[53]	Disabled by default	Enabled by default	Yes	No	No		No	No
SChannel 7, 2008R2[54]	Disabled by default	Disabled by default in MSIE 11	Yes	Enabled by default in MSIE 11	Enabled by default in MSIE 11		Yes[55]	No[55]
SChannel 8, 2012[54]	Disabled by default	Enabled by default	Yes	Disabled by default	Disabled by default		Yes	No
SChannel 8.1, 2012R2, 10[54]	Disabled by default	Disabled by default in MSIE 11	Yes	Yes	Yes		Yes	No
Secure Transport OS X 10.2-10.8, iOS 1-4	Yes	Yes	Yes	No	No		No	No
Secure Transport OS X 10.9-10.10, iOS 5-8	No[c]	Yes	Yes	Yes[c]	Yes[c]		Yes[c]	No
Secure Transport OS X 10.11, iOS 9	No[c]	No[c]	Yes	Yes[c]	Yes[c]		Yes[c]	Unknown
SharkSSL	No	Disabled by default	Yes	Yes	Yes		No	No
TLSe	No	No	Yes	Yes	Yes		No	No
wolfSSL	No	Disabled by default[56]	Yes	Yes	Yes		Yes	Yes
Implementation	SSL 2.0 (insecure)	SSL 3.0 (insecure)	TLS 1.0	TLS 1.1	TLS 1.2	TLS 1.3 (Draft)	DTLS 1.0	DTLS 1.2

NSA Suite B Cryptography

Required components for NSA Suite B Cryptography (RFC 6460) are:

• Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. For traffic flow, AES should be used with either the Counter Mode (CTR) for low bandwidth traffic or the Galois/Counter Mode (GCM) mode of operation for high bandwidth traffic (see Block cipher modes of operation) — symmetric encryption
• Elliptic Curve Digital Signature Algorithm (ECDSA) — digital signatures
• Elliptic Curve Diffie–Hellman (ECDH) — key agreement
• Secure Hash Algorithm 2 (SHA-256 and SHA-384) — message digest

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

Implementation	TLS 1.2 Suite B
Botan	Yes
cryptlib	Yes
GnuTLS	Yes
JSSE	Yes[60]
LibreSSL	Yes
MatrixSSL	Yes
mbed TLS	Yes
NSS	No[61]
OpenSSL	Yes[50]
RSA BSAFE	Yes[51]
SChannel	Yes[62]
Secure Transport	No
SharkSSL	Yes
TLSe	Yes
wolfSSL	Yes
Implementation	TLS 1.2 Suite B

Certifications

Note that certain certifications have received serious negative criticism from people who are actually involved in them.^[63]

Implementation	FIPS 140-1, FIPS 140-2[64]		Common Criteria
	Level 1	Level 2[disputed – discuss]
Botan[65]
cryptlib[66]
GnuTLS[67]	no support
JSSE
LibreSSL[40]	no support
MatrixSSL[68]	SafeZone FIPS Cryptographic Module: 1.1 (#2389)
mbed TLS[69]
NSS[70]	Network Security Services: 3.2.2 (#247) Network Security Services Cryptographic Module: 3.11.4 (#815), 3.12.4 (#1278), 3.12.9.1 (#1837)	Netscape Security Module: 1 (#7[notes 1]), 1.01 (#47[notes 2]) Network Security Services: 3.2.2 (#248[notes 3]) Network Security Services Cryptographic Module: 3.11.4 (#814[notes 4]), 3.12.4 (#1279, #1280[notes 5])
OpenSSL[71]	OpenSSL FIPS Object Module: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051) 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)
RSA BSAFE[72]	Crypto-C ME 3.0.0.1, 4.0.1, 4.1 (#2294, #2300) Crypto-J 6.1 (#2057, #2058)
SChannel[73]	Cryptographic modules in Windows NT 4.0, 95, 95, 2000, XP, Server 2003, CE 5, CE 6, Mobile 6.x, Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, RT, Surface, Phone 8 See details on Microsoft FIPS 140 Validated Cryptographic Modules
Secure Transport	Apple FIPS Cryptographic Module: 1.0 (OS X 10.6, #1514), 1.1 (OS X 10.7, #1701) Apple OS X CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (OS X 10.8, #1964, #1956), 4.0 (OS X 10.9, #2015, #2016) Apple iOS CoreCrypto Module; CoreCrypto Kernel Module: 3.0 (iOS 6, #1963, #1944), 4.0 (iOS 7 , #2020, #2021)
SharkSSL
TLSe
wolfSSL[74]	wolfCrypt FIPS Module: 3.6.0 (#2425)
Implementation	Level 1	Level 2	Common Criteria
	FIPS 140-1, FIPS 140-2

Key exchange algorithms (certificate-only)

This section lists the certificate verification functionality available in the various implementations.

Implementation	RSA[34]	RSA-EXPORT (insecure)[34]	DHE-RSA (forward secrecy)[34]	DHE-DSS (forward secrecy)[34]	ECDH-ECDSA[75]	ECDHE-ECDSA (forward secrecy)[75]	ECDH-RSA[75]	ECDHE-RSA (forward secrecy)[75]	GOST R 34.10-94, 34.10-2001[76]
Botan	Yes	No	Yes	Yes	No	Yes	No	Yes	Yes[77]
cryptlib	Yes	No	Yes	Yes	No	Yes	No	No	No
GnuTLS	Yes	No	Yes	Disabled by default[39]	No	Yes	No	Yes	No
JSSE	Yes	Disabled by default	Max 2048 bit	Max 2048 bit	Yes	Yes	Yes	Yes	No[78]
LibreSSL	Yes	No[40]	Yes	Yes	Yes	Yes	Yes	Yes	Yes[79]
MatrixSSL	Yes	No	Yes	No	Yes	Yes	Yes	Yes	No
mbed TLS	Yes	No	Yes	No	Yes	Yes	Yes	Yes	No
NSS	Yes	Disabled by default	Yes[80]	Yes	Yes	Yes	Yes	Yes	No[81][82]
OpenSSL	Yes	Disabled by default[83]	Yes	Yes	Yes	Yes	Yes	Yes	Yes[84]
RSA BSAFE[51]	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	No
SChannel XP/2003	Yes	Yes	No	XP: Max 1024 bits 2003: 1024 bits only	No	No	No	No	No[85]
SChannel Vista/2008, 2008R2, 2012	Yes	Disabled by default	No	1024 bits only	No	Yes	No	except AES_GCM	No[85]
SChannel 7, 8, 8.1/2012R2	Yes	Disabled by default	AES_GCM only Client: 1024-4096bits(or more?) Server: 1024bits only[86][87][88]	1024 bits only	No	Yes	No	except AES_GCM	No[85]
SChannel 10	Yes	Disabled by default	AES_GCM only Client: 1024-4096bits(or more?) Server: 2048bits only	1024 bits only	No	Yes	No	Yes	No[85]
Secure Transport OS X 10.6	Yes	Yes	except AES_GCM	Yes	Yes	except AES_GCM	Yes	except AES_GCM	No
Secure Transport OS X 10.8-10.10	Yes	No	except AES_GCM	No	Yes	except AES_GCM	Yes	except AES_GCM	No
Secure Transport OS X 10.11	Yes	No	Yes	No	No	Yes	No	Yes	No
SharkSSL	Yes	No	Yes	No	Yes	Yes	Yes	Yes	No
TLSe	Yes	No	Yes	No	No	Yes	No	Yes	No
wolfSSL	Yes	No	Yes	No	Yes	Yes	Yes	Yes	No
Implementation	RSA	RSA EXPORT (insecure)	DHE-RSA (forward secrecy)	DHE-DSS (forward secrecy)	ECDH-ECDSA	ECDHE-ECDSA (forward secrecy)	ECDH-RSA	ECDHE-RSA (forward secrecy)	GOST R 34.10-94, 34.10-2001

Key exchange algorithms (alternative key-exchanges)

Implementation	SRP[89]	SRP-DSS[89]	SRP-RSA[89]	PSK-RSA[90]	PSK[90]	DHE-PSK (forward secrecy)[90]	ECDHE-PSK (forward secrecy)[91]	KRB5[92]	DH-ANON[34] (insecure)	ECDH-ANON[75] (insecure)
Botan	Yes	Yes	Yes	No	Yes	Yes	Yes	No	Yes	Yes
cryptlib	No	No	No	No	Yes	Yes	No	Unknown	No	No
GnuTLS	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Disabled by default	Disabled by default
JSSE	No	No	No	No	No	No	No	Unknown	Disabled by default in Java 8	Disabled by default in Java 8
LibreSSL	No[93]	No[93]	No[93]	No	No	No	No	No	Yes	Yes
MatrixSSL	No	No	No	Yes	Yes	Yes	No	No	Disabled by default	No
mbed TLS	No	No	No	Yes	Yes	Yes	Yes	No	No	No
NSS	No[94]	No[94]	No[94]	No[95]	No[95]	No[95]	No[95]	No	Client side only, disabled by default[96]	Disabled by default[97]
OpenSSL	Yes	Yes	Yes	No	Yes	No	No	Yes[98]	Disabled by default[48]	Disabled by default[48]
RSA BSAFE[51]	No	No	No	No	No	No	No	Unknown	Yes	Yes
SChannel	No	No	No	No	No	No	No	Yes	No	No
Secure Transport	No	No	No	No	No	No	No	Unknown	Yes	Yes
SharkSSL	No	No	No	No	Yes	No	No	Unknown	No	No
TLSe	No	No	No	No	No	No	No	No	No	No
wolfSSL	No	No	No	No	Yes	No	Yes[99]	No	No	No
Implementation	SRP	SRP-DSS	SRP-RSA	PSK-RSA	PSK	DHE-PSK (forward secrecy)	ECDHE-PSK (forward secrecy)	KRB5	DH-ANON (insecure)	ECDH-ANON (insecure)

Certificate verification methods

Implementation	Application-defined	PKIX path validation[100]	CRL[101]	OCSP[102]	DANE (DNSSEC)[103]	Trust on First Use (TOFU)
Botan	Yes	Yes	Yes	Yes	No	No
cryptlib	Yes	Yes	Unknown	Unknown	No	No
GnuTLS	Yes	Yes	Yes	Yes	Yes	Yes
JSSE	Yes	Yes	Yes	Yes	No	No
LibreSSL	Yes	Yes	Yes	Yes	No	No
MatrixSSL	Yes	Yes	Yes	No	No	No
mbed TLS	Yes	Yes	Yes	Unknown	No	No
NSS	Yes	Yes	Yes	Yes	No[104]	No
OpenSSL	Yes	Yes	Yes	Yes	No	No
RSA BSAFE[51]	Yes	Yes	Yes	Yes	No	No
SChannel	Unknown	Yes	Yes[105]	Yes[105]	No	No
Secure Transport	Yes	Yes	Yes	Yes	No	No
SharkSSL	Yes	Yes	No	No	No	No
TLSe	Yes	Yes	No	No	No	No
wolfSSL	Yes	Yes	Yes	Yes	No	No
Implementation	Application-defined	PKIX	CRL	OCSP	DANE	TOFU

Encryption algorithms

Implementation	Block cipher with mode of operation										Stream cipher	None
	AES GCM [106]	AES CCM [107]	AES CBC	Camellia GCM [108]	Camellia CBC [109]	ARIA GCM [110]	ARIA CBC [110]	SEED CBC [111]	3DES EDE CBC	GOST 28147-89 CNT (proposed) [76][n 1]	ChaCha20-Poly1305 (proposed) [112][n 1]	Null (insecure) [n 2]
Botan	Yes	Yes	Yes	Yes	Yes	No	No	Yes	Yes	Yes[113]	Yes[114]	Disabled by default
cryptlib	Yes	No	Yes	No	No	No	No	No	Yes	No	No	Disabled by default
GnuTLS	Yes	Yes[39]	Yes	Yes	Yes	No	No	No	Yes	No	Yes[115]	Disabled by default
JSSE	Yes	No	Yes	No	No	No	No	No	Yes	No[78]	No	Disabled by default
LibreSSL	Yes[40]	No	Yes	No	Yes[79]	No	No	No[40]	Yes	Yes[79]	Yes[40]	Disabled by default
MatrixSSL	Yes	No	Yes	No	No	No	No	Yes	Disabled by default	No	No	Disabled by default
mbed TLS	Yes	Yes [116]	Yes	Yes	Yes	No	No	No	Yes	No	No	Disabled by default at compile time
NSS	128 bit only[117][118]	No	Yes	No[119][n 3]	Yes[120]	No	No	Yes[121]	Yes	No[81][82]	Yes[122]	Disabled by default
OpenSSL	Yes[123]	No	Yes	No	Yes	No	No	Yes	Yes	Yes[84]	Beta[125]	Disabled by default
RSA BSAFE MES[51]	Yes	Yes	Yes	No	No	No	No	No	Yes	No	No	Disabled by default
RSA BSAFE SSL-J[51]	Yes	No	Yes	No	No	No	No	No	Yes	No	No	Disabled by default
SChannel XP/2003	No	No	2003 only[126]	No	No	No	No	No	Yes	No[85]	No	Disabled by default
SChannel Vista/2008, 2008R2, 2012	No	No	Yes	No	No	No	No	No	Yes	No[85]	No	Disabled by default
SChannel 7, 8, 8.1/2012R2	Yes except ECDHE_RSA [86][87]	No	Yes	No	No	No	No	No	Yes	No[85]	No	Disabled by default
Schannel 10[127]	Yes	No	Yes	No	No	No	No	No	Yes	No[85]	No	Disabled by default
Secure Transport OS X 10.6 - 10.10	No	No	Yes	No	No	No	No	No	Yes	No	No	Disabled by default
Secure Transport OS X 10.11	Yes	No	Yes	No	No	No	No	No	Yes	No	No	Disabled by default
SharkSSL	Yes	Yes	Yes	No	No	No	No	No	Yes	No	Yes	Disabled by default
TLSe	Yes	No	Yes	No	No	No	No	No	No	No	No	No
wolfSSL	Yes	Yes	Yes	No	Yes	No	No	No	Yes	No	Yes	Disabled by default
Implementation	AES GCM	AES CCM	AES CBC	Camellia GCM	Camellia CBC	ARIA GCM	ARIA CBC	SEED CBC	3DES EDE CBC	GOST 28147-89 CNT (proposed)	ChaCha20-Poly1305 (proposed)	Null (insecure)
	Block cipher with mode of operation										Stream cipher	None

Notes

Obsolete algorithms

Implementation	Block cipher with mode of operation				Stream cipher
	IDEA CBC [n 1]	DES CBC (insecure) [n 1]	DES-40 CBC (EXPORT, insecure) [n 2]	RC2-40 CBC (EXPORT, insecure) [n 2]	RC4-128 (insecure) [n 3]	RC4-40 (EXPORT, insecure) [n 4][n 2]
Botan	No	No	No	Disabled by default	No[129]	No
cryptlib	No	Disabled by default at compile time	No	No	Disabled by default at compile time	No
GnuTLS	No	No	No	No	Disabled by default[39]	No
JSSE	No	Disabled by default	Disabled by default	No	Yes	Disabled by default [130]
LibreSSL	Yes	Yes	No[40]	No[40]	Yes	No[40]
MatrixSSL	Yes	No	No	No	Disabled by default	No
mbed TLS	No	Disabled by default at compile time	No	No	Disabled by default at complile time[43]	No
NSS	Yes	Disabled by default	Disabled by default	Disabled by default	Lowest priority[131][132]	Disabled by default
OpenSSL	Yes	Yes	Disabled by default[83]	Disabled by default[83]	Yes	Disabled by default[83]
RSA BSAFE MES[51]	No	No	No	No	Yes	No
RSA BSAFE SSL-J[51]	No	Yes	Yes	No	Yes	Yes
SChannel XP/2003	No	Yes	Yes	Yes	Yes	Yes
SChannel Vista/2008	No	Disabled by default	Disabled by default	Disabled by default	Yes	Disabled by default
SChannel 7/2008R2, 8/2012	No	Disabled by default	Disabled by default	Disabled by default	Lowest priority[87][n 5]	Disabled by default
SChannel 8.1/2012R2	No	Disabled by default	Disabled by default	Disabled by default	Only as fallback[n 6][134][135]	Disabled by default
Schannel 10[127]	No	Disabled by default	Disabled by default	Disabled by default	Only as fallback[n 6]	Disabled by default
Secure Transport OS X 10.6	Yes	Yes	Yes	Yes	Yes	Yes
Secure Transport OS X 10.7	Yes	Unknown	Unknown	Unknown	Yes	Unknown
Secure Transport OS X 10.8-10.9	Yes	Disabled by default	Disabled by default	Disabled by default	Yes	Disabled by default
Secure Transport OS X 10.10-10.11	Yes	Disabled by default	Disabled by default	Disabled by default	Lowest priority	Disabled by default
SharkSSL	No	Disabled by default	No	No	Disabled by default	No
TLSe	No	No	No	No	No	No
wolfSSL	Yes[136]	No	No	No	Disabled by default	No
Implementation	IDEA CBC	DES CBC (insecure)	DES-40 CBC (EXPORT, insecure)	RC2-40 CBC (EXPORT, insecure)	RC4-128 (insecure)	RC4-40 (EXPORT, insecure)
	Block cipher with mode of operation				Stream cipher

Notes

Supported elliptic curves

This section lists the supported elliptic curves by each implementation.

Implementation	sect163k1 NIST K-163 (1)[75]	sect163r1 (2)[75]	sect163r2 NIST B-163 (3)[75]	sect193r1 (4)[75]	sect193r2 (5)[75]	sect233k1 NIST K-233 (6)[75]	sect233r1 NIST B-233 (7)[75]	sect239k1 (8)[75]	sect283k1 NIST K-283 (9)[75]	sect283r1 NIST B-283 (10)[75]	sect409k1 NIST K-409 (11)[75]	sect409r1 NIST B-409 (12)[75]	sect571k1 NIST K-571 (13)[75]	sect571r1 NIST B-571 (14)[75]
Botan	No	No	No	No	No	No	No	No	No	No	No	No	No	No
GnuTLS	No	No	No	No	No	No	No	No	No	No	No	No	No	No
JSSE	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
LibreSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
MatrixSSL	No	No	No	No	No	No	No	No	No	No	No	No	No	No
mbed TLS	No	No	No	No	No	No	No	No	No	No	No	No	No	No
NSS	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
RSA BSAFE[51]	Yes	No	Yes	No	No	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes
SChannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10	No	No	No	No	No	No	No	No	No	No	No	No	No	No
Secure Transport	No	No	No	No	No	No	No	No	No	No	No	No	No	No
SharkSSL	No	No	No	No	No	No	No	No	No	No	No	No	No	No
TLSe	No	No	No	No	No	No	No	No	No	No	No	No	No	No
wolfSSL	No	No	No	No	No	No	No	No	No	No	No	No	No	No
Implementation	sect163k1 NIST K-163 (1)	sect163r1 (2)	sect163r2 NIST B-163 (3)	sect193r1 (4)	sect193r2 (5)	sect233k1 NIST K-233 (6)	sect233r1 NIST B-233 (7)	sect239k1 (8)	sect283k1 NIST K-283 (9)	sect283r1 NIST B-283 (10)	sect409k1 NIST K-409 (11)	sect409r1 NIST B-409 (12)	sect571k1 NIST K-571 (13)	sect571r1 NIST B-571 (14)

Implementation	secp160k1 (15)[75]	secp160r1 (16)[75]	secp160r2 (17)[75]	secp192k1 (18)[75]	secp192r1 prime192v1 NIST P-192 (19)[75]	secp224k1 (20)[75]	secp224r1 NIST P-244 (21)[75]	secp256k1 (22)[75]	secp256r1 prime256v1 NIST P-256 (23)[75]	secp384r1 NIST P-384 (24)[75]	secp521r1 NIST P-521 (25)[75]	arbitrary prime curves (0xFF01)[75][137]	arbitrary char2 curves (0xFF02)[75][137]
Botan	No	No	No	No	No	No	No	No	Yes	Yes	Yes	No	No
GnuTLS	No	No	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No
JSSE	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No
LibreSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No
MatrixSSL	No	No	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No
mbed TLS	No	No	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No
NSS	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No
OpenSSL	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No
RSA BSAFE[51]	No	No	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No
SChannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10	No	No	No	No	No	No	No	No	Yes	Yes	Yes	No	No
Secure Transport	No	No	No	No	Yes	No	No	No	Yes	No	Yes	No	No
SharkSSL	No	No	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No
TLSe	No	No	No	No	No	No	Yes	No	Yes	Yes	Disabled	No	No
wolfSSL	No	Yes	No	No	Yes	No	Yes	No	Yes	Yes	Yes	No	No
Implementation	secp160k1 (15)	secp160r1 (16)	secp160r2 (17)	secp192k1 (18)	secp192r1 prime192v1 NIST P-192 (19)	secp224k1 (20)	secp224r1 NIST P-224 (21)	secp256k1 (22)	secp256r1 prime256v1 NIST P-256 (23)	secp384r1 NIST P-384 (24)	secp521r1 NIST P-521 (25)	arbitrary prime curves (0xFF01)	arbitrary char2 curves (0xFF02)

Implementation	brainpoolP256r1 (26)[138]	brainpoolP384r1 (27)[138]	brainpoolP512r1 (28)[138]	Curve25519 [139]	Curve448 Ed448-Goldilocks [139]	M221 Curve2213 [140]	E222 [140]	Curve1174 [140]	E382 [140]	M383 [140]	Curve383187 [140]	Curve41417 Curve3617 [140]	M511 Curve511187 [140]	E521 [140]
Botan	Yes[141]	Yes[141]	Yes[141]	Yes[114]	No	No	No	No	No	No	No	No	No	No
GnuTLS	No	No	No	No	No	No	No	No	No	No	No	No	No	No
JSSE	No	No	No	No	No	No	No	No	No	No	No	No	No	No
LibreSSL	Yes[40]	Yes[40]	Yes[40]	No	No	No	No	No	No	No	No	No	No	No
MatrixSSL	Yes	Yes	Yes	No	No	No	No	No	No	No	No	No	No	No
mbed TLS	Yes[142]	Yes[142]	Yes[142]	Yes[143]	No	No	No	No	No	No	No	No	No	No
NSS	No[144]	No[144]	No[144]	No[145]	No	No	No	No	No	No	No	No	No	No
OpenSSL	Yes[50]	Yes[50]	Yes[50]	No	No	No	No	No	No	No	No	No	No	No
RSA BSAFE[51]	No	No	No	No	No	No	No	No	No	No	No	No	No	No
SChannel Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10	No	No	No	No	No	No	No	No	No	No	No	No	No	No
Secure Transport	No	No	No	No	No	No	No	No	No	No	No	No	No	No
SharkSSL	No	No	No	No	No	No	No	No	No	No	No	No	No	No
TLSe	No	No	No	No	No	No	No	No	No	No	No	No	No	No
wolfSSL	No	No	No	Yes[146]	No	No	No	No	No	No	No	No	No	No
Implementation	brainpoolP256r1 (26)	brainpoolP384r1 (27)	brainpoolP512r1 (28)	Curve25519	Curve448 Ed448-Goldilocks	M221 Curve2213	E222	Curve1174	E382	M383	Curve383187	Curve41417 Curve3617	M511 Curve511187	E521

Data integrity

Implementation	HMAC-MD5	HMAC-SHA1	HMAC-SHA256/384	AEAD	GOST 28147-89 IMIT[76]	GOST R 34.11-94[76]
Botan	Yes	Yes	Yes	Yes	Yes[113]	Yes[147]
cryptlib	Yes	Yes	Yes	Yes	No	No
GnuTLS	Yes	Yes	Yes	Yes	No	No
JSSE	Yes	Yes	Yes	Yes	No[78]	No[78]
LibreSSL	Yes	Yes	Yes	Yes	Yes[79]	Yes[79]
MatrixSSL	Yes	Yes	Yes	Yes	No	No
mbed TLS	Yes	Yes	Yes	Yes	No	No
NSS	Yes	Yes	Yes	Yes	No[81][82]	No[81][82]
OpenSSL	Yes	Yes	Yes	Yes	Yes[84]	Yes[84]
RSA BSAFE[51]	Yes	Yes	Yes	Yes	No	No
SChannel XP/2003, Vista/2008	Yes	Yes	XP SP3, 2003 SP2 via hotfix[148]	No	No[85]	No[85]
SChannel 7/2008R2, 8/2012, 8.1/2012R2	Yes	Yes	Yes	except ECDHE_RSA[86][87][88]	No[85]	No[85]
SChannel 10	Yes	Yes	Yes	Yes[127]	No[85]	No[85]
Secure Transport	Yes	Yes	Yes	No	No	No
SharkSSL	Yes	Yes	Yes	Yes	No	No
TLSe	Yes	Yes	Yes	Yes	No	No
wolfSSL	Yes	Yes	Yes	Yes	No	No
Implementation	HMAC-MD5	HMAC-SHA1	HMAC-SHA256/384	AEAD	GOST 28147-89 IMIT	GOST R 34.11-94

Compression

Note the CRIME security exploit takes advantage of TLS compression, so conservative implementations do not enable compression at the TLS level. HTTP compression is unrelated and unaffected by this exploit, but is exploited by the related BREACH attack.

Implementation	DEFLATE[149] (insecure)
Botan	No
cryptlib	No
GnuTLS	Disabled by default
JSSE	No
LibreSSL	No[40]
MatrixSSL	Disabled by default
mbed TLS	Disabled by default
NSS	Disabled by default
OpenSSL	Disabled by default
RSA BSAFE[51]	No
SChannel	No
Secure Transport	No
SharkSSL	No
TLSe	No
wolfSSL	Disabled by default
Implementation	DEFLATE

Extensions

In this section the extensions each implementation supports are listed. Note that the Secure Renegotiation extension is critical for HTTPS client security^{[citation needed]}. TLS clients not implementing it are vulnerable to attacks, irrespective of whether the client implements TLS renegotiation.

Implementation	Secure Renegotiation [150]	Server Name Indication [151]	ALPN [152]	Certificate Status Request [151]	OpenPGP [153]	Supplemental Data [154]	Session Ticket [155]	Keying Material Exporter [156]	Maximum Fragment Length [151]	Truncated HMAC [151]	Encrypt-then-MAC [157]	TLS Fallback SCSV [158]	Extended Master Secret [159]	TLS Padding [160]
Botan	Yes	Yes	No	No	No	No	Yes	Yes	Yes	No	No	Yes[161]	Yes[162]	No
cryptlib	Yes	Yes	No	No	No	Yes	No	No	No[163]	No	Yes	Yes	Yes	No
GnuTLS	Yes	Yes	Yes[164]	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes[39]	Yes[165]	Yes[39]	No
JSSE	Yes	Yes[60]	Unknown	No	No	No	No	No	No	No	No	No	No	No
LibreSSL	Yes	Yes	Yes[166]	Yes	No	No?	Yes	Yes?	No	No	No	Server side only[167]	No	Yes
MatrixSSL	Yes	Yes	Yes[168]	No	No	No	Yes	No	Yes	Yes	No	No	No	No
mbed TLS	Yes	Yes	Yes[169]	No	No	No	Yes	No	Yes	Disabled by default[43]	Yes[170]	Yes[170]	Yes[170]	No
NSS	Yes	Yes	Yes[171]	Yes	No[172]	No	Yes	Yes	No	No	No[173]	Yes[174]	Yes[175]	Yes[171]
OpenSSL	Yes	Yes	Yes[50]	Yes	No	No?	Yes	Yes?	No	No	No	Yes[176]	No	Yes[177]
RSA BSAFE MES[51]	Yes	Yes	No	Yes	No	No	Yes	No	Yes	Yes	No	No	No	No
RSA BSAFE SSL-J[51]	Yes	Yes	No	No	No	No	No	No	Yes	Yes	No	No	No	No
SChannel XP/2003	No	No	No	No	No	Yes	No	No	No	No	No	No	No	No
SChannel Vista/2008	Yes	Yes	No	No	No	Yes	No	No	No	No	No	No	No	No
SChannel 7/2008R2	Yes	Yes	No	Yes	No	Yes	No	No	No	No	No	No	No	No
SChannel 8/2012	Yes	Yes	No	Yes	No	Yes	Client side only[178]	No	No	No	No	No	No	No
SChannel 8.1/2012R2, 10	Yes	Yes	Yes	Yes	No	Yes	Yes[178]	No	No	No	No	No	No	No
Secure Transport	Yes	Yes	Unknown	No	No	Yes	No	No	No	No	No	No	No	No
SharkSSL	Yes	No	No	No	No	No	No	No	No	No	No	No	No	No
TLSe	Yes	Yes	No	No	No	No	No	No	No	No	No	Yes	No	No
wolfSSL	Yes	Yes	Yes[136]	No	No	No	Yes	No	Yes	Yes	No	No	No	No
Implementation	Secure Renegotiation	Server Name Indication	ALPN	Certificate Status Request	OpenPGP	Supplemental Data	Session Ticket	Keying Material Exporter	Maximum Fragment Length	Truncated HMAC	Encrypt-then-MAC	TLS Fallback SCSV	Extended Master Secret	TLS Padding

Assisted cryptography

This section lists the known ability of an implementation to take advantage of CPU instruction sets that optimize encryption, or utilize system specific devices that allow access to underlying cryptographic hardware for acceleration or for data separation.

Implementation	PKCS #11 device	Intel AES-NI	VIA PadLock	STM32F2	Cavium NITROX	Cavium OCTEON	Freescale CAU/mmCAU	ARMv8-A	Microchip PIC32MZ	Intel IPP	TI TM4C12x
Botan	No	Yes	No	No	No	No	No	No	No	No	No
cryptlib	Yes	Yes	Yes	No	No	No	No	No	No	No	No
GnuTLS	Yes	Yes	Yes	No	No	No	No	No	No	No	No
JSSE	Yes	Yes[179]	No	No	No	No	No	No	No	No	No
LibreSSL	No	Yes	Yes	No	Yes	No	No	No	No	No	No
MatrixSSL	Yes	Yes	No	No	No	No	No	Yes	No	No	No
mbed TLS	Yes	Yes[180]	Yes	No	No	No	No	No	No	No	No
NSS	Yes[181]	Yes[182]	No[183]	No	No	No	No	No	No	No	No
OpenSSL	No	Yes	Yes	No	Yes	No	No	Yes[184]	No	No	No
RSA BSAFE[51]	Yes	Yes	No	No	No	No	No	No	No	No	No
SChannel	No	Yes	No	No	No	No	No	No	No	No	No
Secure Transport	No	Yes[185][186]	No	No	No	No	No	Yes	No	No	No
SharkSSL	No	No	No	Yes	No	No	Yes	No	No	No	No
TLSe	No	No	No	No	No	No	No	No	No	No	No
wolfSSL	No	Yes	No	Yes	Yes	Yes[187]	Yes	No	Yes	Yes	Yes
Implementation	PKCS #11 device	Intel AES-NI	VIA PadLock	STM32F2	Cavium NITROX	Cavium OCTEON	Freescale CAU/mmCAU	ARMv8-A	Microchip PIC32MZ	Intel IPP	TI TM4C12x

System-specific backends

This section lists the ability of an implementation to take advantage of the available operating system specific backends, or even the backends provided by another implementation.

Implementation	/dev/crypto	Windows CSP	CommonCrypto	OpenSSL engine
Botan	No	No	No	No
cryptlib	No	No	No	No
GnuTLS	Yes	No	No	No
JSSE	No	Yes	No	No
LibreSSL	Yes	No	No	No[188]
MatrixSSL	No	No	Yes	Yes
mbed TLS	No	No	No	No
NSS	No	No	No	No
OpenSSL	Yes	No	No	Yes
RSA BSAFE[51]	No	No	No	No
SChannel	No	Yes	No	No
Secure Transport	No	No	Yes	No
SharkSSL	No	No	No	No
TLSe	No	No	No	No
wolfSSL	No	Partial	No	No
Implementation	/dev/crypto	Windows CSP	CommonCrypto	OpenSSL engine

Cryptographic module/token support

Implementation	TPM support	Hardware token support	Objects identified via
Botan	No	No
cryptlib	No	PKCS11	User-defined label
GnuTLS	Yes	PKCS11	RFC7512 PKCS #11 URLs[189]
JSSE	No	PKCS11 Java Cryptography Architecture, Java Cryptography Extension
LibreSSL	Yes	PKCS11 (via 3rd party module)	Custom method
MatrixSSL	No	PKCS11
mbed TLS	No	PKCS11 (via libpkcs11-helper) or standard hooks	Custom method
NSS	No	PKCS11
OpenSSL	Yes	PKCS11 (via 3rd party module)	Custom method
RSA BSAFE MES[51]	No	PKCS11 (via 3rd party module)	User-defined label
RSA BSAFE SSL-J[51]	No	No
SChannel	No	Microsoft CryptoAPI	UUID, User-defined label
Secure Transport
SharkSSL	No	No
TLSe	No	No
wolfSSL	No	No
Implementation	TPM support	Hardware token support	Objects identified via

Code dependencies

Implementation	Dependencies	Optional dependencies
Botan	C++11	sqlite, zlib (compression), bzip2 (compression), liblzma (compression)
GnuTLS	libc nettle gmp	zlib (compression) p11-kit (PKCS #11) trousers (TPM)
JSSE	Java
MatrixSSL	none	zlib (compression)
MatrixSSL-open	libc or newlib
mbed TLS	libc	libpkcs11-helper (PKCS #11) zlib (compression)
NSS	libc libnspr4 libsoftokn3 libplc4 libplds4	zlib (compression)
OpenSSL	libc	zlib (compression)
SharkSSL	None
TLSe	none	tomcrypt
wolfSSL	None	libc, zlib (compression)
Implementation	Dependencies	Optional dependencies

Development environment

Implementation	Namespace	Build tools	API manual	Crypto back-end	OpenSSL compatibility Layer[clarify]
Botan	Botan::TLS	Makefile	Sphinx	Included (monolithic)	No
cryptlib	crypt*	makefile, MSVC project workspaces	Programmers reference manual (PDF), architecture design manual (PDF)	Included (monolithic)	No
GnuTLS	gnutls_*	Autoconf, automake, libtool	Manual and API reference (HTML, PDF)	External, libnettle	Yes (limited)
JSSE	javax.net.ssl	Makefile	API Reference (HTML) + Java SE 8	Java Cryptography Architecture, Java Cryptography Extension	No
MatrixSSL	matrixSsl_* ps*	Makefile, MSVC project workspaces, Xcode projects for OS X and iOS	API Reference (PDF), Integration Guide	Included (pluggable)	Yes (Subset: SSL_read, SSL_write, etc.)
mbed TLS	ssl_* sha1_* md5_* x509parse_* ...	Makefile, CMake, MSVC project workspaces	API Reference + High Level and Module Level Documentation (HTML)	Included (monolithic)	No
NSS	CERT_* SEC_* SECKEY_* NSS_* PK11_* SSL_* ...	Makefile	Manual (HTML)	Included, PKCS#11 based[190]	Yes (separate package called nss_compat_ossl[191])
OpenSSL	SSL_* SHA1_* MD5_* EVP_* ...	Makefile	Man pages	Included (monolithic)	N/A
SharkSSL	SharkSsl*	Makefile	(online) HTML Manual and API Reference	Included (monolithic)	No
TLSe	tls_* SSL_*	Single C file	Work in progress	Included or tomcrypt	Yes (Subset: SSL_read, SSL_write, etc.)
wolfSSL	CyaSSL_* SSL_*	Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC	Manual and API Reference (HTML, PDF)	Included (monolithic)	Yes (about 10% of API)
Implementation	Namespace	Build tools	API manual	Crypto back-end	OpenSSL compatibility layer

Portability concerns

Implementation	Platform requirements	Network requirements	Thread safety	Random seed	Able to cross-compile	No OS (bare metal)	Supported operating systems
Botan	C++11	None	Thread-safe	Platform-dependent	Yes		Most Windows and POSIX systems
cryptlib	C89	POSIX send() and recv(). API to supply your own replacement	Thread-safe	Platform-dependent, including hardware sources	Yes	Yes	AMX, BeOS, ChorusOS, DOS, eCos, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HPUX, Linux, OS X, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK
GnuTLS	C89	POSIX send() and recv(). API to supply your own replacement.	Thread-safe, needs custom mutex hooks if neither POSIX nor Windows threads are available.	Platform dependent	Yes	No	Generally any POSIX platforms or Windows, commonly tested platforms include GNU/Linux, Win32/64, OS X, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
JSSE	Java	Java SE network components	Thread-safe	Depends on java.security.SecureRandom	Yes		Java based, platform-independent
MatrixSSL	C89	None	Thread-safe	Platform dependent	Yes	Yes	All
mbed TLS	C89	POSIX read() and write(). API to supply your own replacement.	Threading layer available (POSIX or own hooks)	Random seed set through entropy pool	Yes	Yes	Known to work on: Win32/64, Linux, OS X, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, SeggerOS
NSS	C89, NSPR[192]	NSPR[192] PR_Send() and PR_Recv(). API to supply your own replacement.	Thread-safe	Platform dependent[193]	Yes (but cumbersome)	No	AIX, Android, FreeBSD, NetBSD, OpenBSD, BeOS, HP-UX, IRIX, Linux, OS X, OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony PlayStation
OpenSSL	C89?	?	Needs mutex callbacks	Set through native API	Yes	No	Unix, DOS (with djgpp), Windows, OpenVMS, MacOS, NetWare, eCos
SharkSSL	C89	None: Transport agnostic API	Thread-safe: multiple ports	Random seed set through entropy pool and/or HW	Yes	Yes	INTEGRITY, MQX, SMX, ThreadX, VxWorks, SeggerOS, OSE, Android, Win 32/64, Linux 32/64, uCLinux, OS X, OpenBSD, DD-WRT, OpenWrt
TLSe	C89	None	Thread-safe	Platform-independent	Yes		Linux, BSD, Windows, OS X
wolfSSL	C89	POSIX send() and recv(). API to supply your own replacement.	Thread-safe, needs mutex hooks if PThreads or WinThreads not available, can be turned off	Random seed set through wolfCrypt	Yes	Yes	Win32/64, Linux, OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, Keil RTX, TI-RTOS
Implementation	Platform requirements	Network requirements	Thread safety	Random seed	Able to cross-compile	No OS (bare metal)	Supported operating systems

See also

• SCTP — with DTLS support
• DCCP — with DTLS support
• SRTP — with DTLS support (DTLS-SRTP) and Secure Real-Time Transport Control Protocol (SRTCP)

References