Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

TLS 1.3 Implementations

name language role(s) version features/limitations
fizz C++ C/S RFC 8446 Based on libsodium, includes secure design abstractions. Zero-copy for advanced performance.
NSS C C/S RFC 8446 Almost everything, except some crypto primitives
Mint Go C/S -18 PSK resumption, 0-RTT, HRR
nqsb OCaml C/S -11 PSK/DHE-PSK, no EC*, no client auth, no 0RTT -- live server at port 4433, records traces, ping @hannesm, contains a static PSK/DHE_PSK token: id: 0x0000
secret: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
ProtoTLS JavaScript C/S -13 EC/DHE/PSK, no HelloRetryRequest
miTLS F* C/S RFC 8446 EC/DHE/PSK/0-RTT, no RSA-PSS, no post-HS-auth, no ESNI
Tris Go C/S RFC 8446 ECDHE/PSK/0-RTT, no HelloRetryRequest
BoringSSL C C/S -23, -28, RFC 8446 P-256, X25519, HelloRetryRequest, resumption, 0-RTT, KeyUpdate
Wireshark C other -18 to -28, RFC 8446 Full decryption and dissection support for drafts 19-21 since 2.4.0 (keylog format). Supports 18-21 since 2.4.2, -22 since 2.4.3, -23 since 2.4.5, -24 to -28 (+0RTT trial decryption) since 2.6.0. Tracking bug.
picotls C C/S -18,-21,-23,-26 P-256, X25519, HelloRetryRequest, resumption, 0-RTT
rustls Rust C/S -28 (final on branch) P-256/P-384/curve25519, HRR, resumption, 0-RTT client
Haskell tls Haskell C/S -28 ECDHE w/ P* and X*, full, HRR, PSK, 0RTT
Leto C# S -18 DHE, X25519, AES, no PSK no 0RTT. Tested against NSS
OpenSSL C C/S RFC 8446 P-256, P-384, P-521, FFDHE, X25519, X448, Ed25519, Ed448, HelloRetryRequest, resumption, PSK, 0-RTT, CCS, cookies, stateless server, Post-handshake auth, KeyUpdate, RSA-PSS certs
wolfSSL C C/S RFC 8446 -18/-22/-23/-26/-28 P-256, P-384, X25519, Ed25519, HelloRetryRequest, resumption, PSK, 0-RTT, CCS, cookies, stateless server, Post-Handshake Auth, KeyUpdate
GnuTLS C C/S RFC 8446 P-256, P-384, X25519, FFDHE, RSA-PSS (keys and certs), HelloRetryRequest, KeyUpdate, Post-Handshake Auth, PSK
tlslite-ng Python C/S RFC 8446 ECDHE (all), EdDHE (X25519, X448), FFDHE (all), AES-GCM, Chacha20, HelloRetryRequest, RSA, RSA-PSS keys and certificate signatures, cookie extension, CCS, PSK, resumption, in-handshake client auth, no ECDSA certificates, no post-handshake client auth, no 0-RTT, no KeyUpdate
tlsfuzzer Python C (other) RFC 8446 ECDHE (all), EdDHE (x25519, X448), FFDHE (all), AES-GCM, Chacha20, RSA, HelloRetryRequest, CCS, cookie extension, PSK, resumption, in-handshake auth, no KeyUpdate
SwiftTLS Swift C/S -26,-28, RFC 8446 ECDHE, P-256, 0-RTT, HelloRetryRequest
JSSE/JDK Java C/S RFC 8446 JDK 11+: All required extensions and algorithms, ChaCha20/Poly1305 ciphersuites (JDK 12+), all listed named groups (e.g. secp256r1, x25519/x448 (JDK 13+), FFDHE, etc.), RSA-PSS certs/signatures, PSK resumption, HelloRetryRequest, cookie extension, post handshake messages (NewSessionTicket/KeyUpdate), OCSP Stapling, Middlebox compatibility mode. No support for: previous drafts, 0-RTT, CCM, SCT, post_handshake_auth.
CycloneSSL C C/S RFC 8446 P-256, P-384, X25519, X448, FFDHE, AES-GCM, AES-CCM, ChaCha20Poly1305, HelloRetryRequest, PSK, 0-RTT (client only), CCS, cookies, KeyUpdate, RSA-PSS certificates, ECDSA certificates, EdDSA certificates (Ed25519 and Ed448)
tttls1.3 Ruby C/S RFC 8446 P-256/P-384/P-521, AES-GCM/ChaCha20Poly1305, HRR, PSK resumption(NewSessionTicket), 0-RTT(client only)
Rebex TLS 1.3 C# C/S RFC 8446 All required extensions and algorithms, RSA-PSS certificates/signatures, HelloRetryRequest, PSK resumption, in-handshake auth, post-handshake auth (experimental), post handshake messages (NewSessionTicket, KeyUpdate (experimental)), Middlebox compatibility mode, P-256/P-384/P-521, AES-GCM, Chacha20/Poly1305, Cookie extension.


Default support in Firefox, Chrome, and Safari.

Test servers

Implementation URL