| fizz |
C++ |
C/S |
RFC 8446 |
Based on libsodium, includes secure design abstractions. Zero-copy for advanced performance. |
| NSS |
C |
C/S |
RFC 8446 |
Almost everything, except some crypto primitives |
| Mint |
Go |
C/S |
-18 |
PSK resumption, 0-RTT, HRR |
| nqsb |
OCaml |
C/S |
-11 |
PSK/DHE-PSK, no EC*, no client auth, no 0RTT -- live server at tls13test.nqsb.io port 4433, records traces, ping @hannesm, contains a static PSK/DHE_PSK token: id: 0x0000 secret: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f |
| ProtoTLS |
JavaScript |
C/S |
-13 |
EC/DHE/PSK, no HelloRetryRequest |
| miTLS |
F* |
C/S |
RFC 8446 |
EC/DHE/PSK/0-RTT, no RSA-PSS, no post-HS-auth, no ESNI |
| Tris |
Go |
C/S |
RFC 8446 |
ECDHE/PSK/0-RTT, no HelloRetryRequest |
| BoringSSL |
C |
C/S |
-23, -28, RFC 8446 |
P-256, X25519, HelloRetryRequest, resumption, 0-RTT, KeyUpdate |
| Wireshark |
C |
other |
-18 to -28, RFC 8446 |
Full decryption and dissection support for drafts 19-21 since 2.4.0 (keylog format). Supports 18-21 since 2.4.2, -22 since 2.4.3, -23 since 2.4.5, -24 to -28 (+0RTT trial decryption) since 2.6.0. Tracking bug. |
| picotls |
C |
C/S |
-18,-21,-23,-26 |
P-256, X25519, HelloRetryRequest, resumption, 0-RTT |
| rustls |
Rust |
C/S |
-28 (final on branch) |
P-256/P-384/curve25519, HRR, resumption, 0-RTT client |
| Haskell tls |
Haskell |
C/S |
-28 |
ECDHE w/ P* and X*, full, HRR, PSK, 0RTT |
| Leto |
C# |
S |
-18 |
DHE, X25519, AES, no PSK no 0RTT. Tested against NSS |
| OpenSSL |
C |
C/S |
RFC 8446 |
P-256, P-384, P-521, FFDHE, X25519, X448, Ed25519, Ed448, HelloRetryRequest, resumption, PSK, 0-RTT, CCS, cookies, stateless server, Post-handshake auth, KeyUpdate, RSA-PSS certs |
| wolfSSL |
C |
C/S |
RFC 8446 -18/-22/-23/-26/-28 |
P-256, P-384, X25519, Ed25519, HelloRetryRequest, resumption, PSK, 0-RTT, CCS, cookies, stateless server, Post-Handshake Auth, KeyUpdate |
| GnuTLS |
C |
C/S |
RFC 8446 |
P-256, P-384, X25519, FFDHE, RSA-PSS (keys and certs), HelloRetryRequest, KeyUpdate, Post-Handshake Auth, PSK |
| tlslite-ng |
Python |
C/S |
RFC 8446 |
ECDHE (all), EdDHE (X25519, X448), FFDHE (all), AES-GCM, Chacha20, HelloRetryRequest, RSA, RSA-PSS keys and certificate signatures, cookie extension, CCS, PSK, resumption, in-handshake client auth, no ECDSA certificates, no post-handshake client auth, no 0-RTT, no KeyUpdate |
| tlsfuzzer |
Python |
C (other) |
RFC 8446 |
ECDHE (all), EdDHE (x25519, X448), FFDHE (all), AES-GCM, Chacha20, RSA, HelloRetryRequest, CCS, cookie extension, PSK, resumption, in-handshake auth, no KeyUpdate |
| SwiftTLS |
Swift |
C/S |
-26,-28, RFC 8446 |
ECDHE, P-256, 0-RTT, HelloRetryRequest |
| JSSE/JDK |
Java |
C/S |
RFC 8446 |
JDK 11+: All required extensions and algorithms, ChaCha20/Poly1305 ciphersuites (JDK 12+), all listed named groups (e.g. secp256r1, x25519/x448 (JDK 13+), FFDHE, etc.), RSA-PSS certs/signatures, PSK resumption, HelloRetryRequest, cookie extension, post handshake messages (NewSessionTicket/KeyUpdate), OCSP Stapling, Middlebox compatibility mode. No support for: previous drafts, 0-RTT, CCM, SCT, post_handshake_auth. |
| CycloneSSL |
C |
C/S |
RFC 8446 |
P-256, P-384, X25519, X448, FFDHE, AES-GCM, AES-CCM, ChaCha20Poly1305, HelloRetryRequest, PSK, 0-RTT (client only), CCS, cookies, KeyUpdate, RSA-PSS certificates, ECDSA certificates, EdDSA certificates (Ed25519 and Ed448) |
| tttls1.3 |
Ruby |
C/S |
RFC 8446 |
P-256/P-384/P-521, AES-GCM/ChaCha20Poly1305, HRR, PSK resumption(NewSessionTicket), 0-RTT(client only) |
| Rebex TLS 1.3 |
C# |
C/S |
RFC 8446 |
All required extensions and algorithms, RSA-PSS certificates/signatures, HelloRetryRequest, PSK resumption, in-handshake auth, post-handshake auth (experimental), post handshake messages (NewSessionTicket, KeyUpdate (experimental)), Middlebox compatibility mode, P-256/P-384/P-521, AES-GCM, Chacha20/Poly1305, Cookie extension. |
