📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - in Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account. Otherwise, see the FAQ.

TLS应用对比

From EverybodyWiki Bios & Wiki



安全传输层协议 (TLS) 保障网络间的通信安全。 本文比较几种最常用的TLS应用 软件库。市面上存在许多种 免费 and 开源 TLS应用软件。

所有类目的比较均使用下列概述部分中列出软件的稳定版本。该比较仅限于与TLS协议直接相关的功能。

概述[edit]

应用软件 开发商 开源 软件证书 版权拥有 编辑语言 最新版本,日期 源于
GnuTLS GnuTLS项目 GNU LGPLv2.1+ 自由软件基金会 C(编程语言)
stable3.5.19 / July 16, 2018; 5 years ago (2018-07-16)[1]
stable-next3.6.3 / July 16, 2018; 5 years ago (2018-07-16)[1]
 欧洲 (希腊和瑞典)
OpenSSL OpenSSL 项目 OpenSSL-SSLeay dual-license Eric Young, Tim Hudson, Sun, OpenSSL 项目, 及其他 C, 汇编语言 1.1.1b (February 26, 2019; 5 years ago (2019-02-26)[2]) [±]

1.1.0j (November 20, 2018; 5 years ago (2018-11-20)[2]) [±]
1.0.2r (February 26, 2019; 5 years ago (2019-02-26)[2]) [±]

澳大利亚/欧洲
wolfSSL (曾名为 CyaSSL) wolfSSL[3] GNU GPLv2+ and commercial license wolfSSL 公司.[4] C 4.0.0 (November 7, 2018; 5 years ago (2018-11-07)[5]) [±] 美国

协议支持[edit]

存在几种版本的TLS协议。 SSL 2.0是一个不赞成使用的协议版本,具有明显的缺陷。 SSL 3.0(1996)和TLS 1.0(1999)是与CBC-填充两个弱点即在2001年由塞尔日·沃德纳解释接班人。 TLS 1.1(2006)仅固定的问题之一,通过切换到随机初始化矢量(IV),用于CBC块密码,而更成问题使用的MAC-垫加密该安全的垫-MAC-加密,而不是与RFC7366是写给。一种用于SSL 3.0和TLS 1.0的解决方法,大致相当于从TLS 1.1的随机的IV,进行了广泛的许多实施方式中在2011年底通过,所以从安全角度来看,TLS 1.0,所有现有版本1.1和1.2在基底提供相等的强度协议并根据NIST SP800-57高达至少2030。在2014年,SSL 3.0的贵宾犬漏洞被发现,其利用在CBC已知漏洞,以及不安全的回退协商适用于128位的安全使用的浏览器中。

Several versions of the TLS protocol exist. SSL 2.0 is a deprecated[6] protocol version with significant weaknesses. SSL 3.0 (1996) and TLS 1.0 (1999) are successors with two weaknesses in CBC-padding that were explained in 2001 by Serge Vaudenay.[7] TLS 1.1 (2006) fixed only one of the problems, by switching to random initialization vectors (IV) for CBC block ciphers, whereas the more problematic use of mac-pad-encrypt instead of the secure pad-mac-encrypt was addressed with RFC7366.[8] A workaround for SSL 3.0 and TLS 1.0, roughly equivalent to random IVs from TLS 1.1, was widely adopted by many implementations in late 2011,[9] so from a security perspective, all existing version of TLS 1.0, 1.1 and 1.2 provide equivalent strength in the base protocol and are suitable for 128-bit security according to NIST SP800-57 up to at least 2030. In 2014, the POODLE vulnerability of SSL 3.0 was discovered, which takes advantage the known vulnerabilities in CBC, and an insecure fallback negotiation used in browsers.[10]

TLS 1.2(2008)是最新发布的基本协议版本,引入了识别用于数字签名的散​​列的方法。虽然在SSL 3.0保守选择(rsa,sha1 + md5)上允许将来使用更强大的散列函数进行数字签名(rsa,sha256 / sha384 / sha512),但TLS 1.2协议不经意间变化并大大削弱了默认数字签名并提供(rsa,sha1)甚至(rsa,md5)。

数据报传输层安全性(DTLS或数据报TLS)1.0是针对面向数据包的传输层的TLS 1.1修改,其中必须容忍数据包丢失和数据包重新排序。基于TLS 1.2的修订版DTLS 1.2于2012年1月发布

请注意,SSL 2.0和SSL 3.0中存在已知的漏洞。除了可预测的IV(存在简单的解决方法)之外,所有当前已知的漏洞都会影响所有版本的TLS 1.0 / 1.1 / 1.2。

TLS 1.2 (2008) is the latest published version of the base protocol, introducing a means to identify the hash used for digital signatures. While permitting the use of stronger hash functions for digital signatures in the future (rsa,sha256/sha384/sha512) over the SSL 3.0 conservative choice (rsa,sha1+md5), the TLS 1.2 protocol change inadvertently and substantially weakened the default digital signatures and provides (rsa,sha1) and even (rsa,md5).[11]

Datagram Transport Layer Security (DTLS or Datagram TLS) 1.0 is a modification of TLS 1.1 for a packet-oriented transport layer, where packet loss and packet reordering have to be tolerated. The revision DTLS 1.2 based on TLS 1.2 was published in January 2012[12]

Note that there are known vulnerabilities in SSL 2.0 and SSL 3.0. With the exception of the predictable IVs (for which an easy workaround exists) all currently known vulnerabilities affect all version of TLS 1.0/1.1/1.2 alike.[13]

应用软件 SSL 2.0 (不安全)[14] SSL 3.0 (不安全)[15] TLS 1.0[16] TLS 1.1[17] TLS 1.2[18] TLS 1.3
(Draft)[19][20] 		DTLS 1.0[21] DTLS 1.2[12]
GnuTLS [a] 默认禁止[22]
OpenSSL [23] 默认允许
wolfSSL 默认禁止[24]
  1. ^ 即使SSL 2.0不支持或由于向后兼容性而被禁用,客户端问候也会被支持。
  2. ^ SSL / TLS协议的服务器端实现仍支持处理收到的v2兼容客户端问候消息。[25]
  3. ^ 安全传输:在OS X 10.8中停用了SSL 2.0。在OS X 10.11和iOS 9中停用了SSL 3.0。TLS 1.1,1.2和DTLS在iOS 5.0和更高版本以及OS X 10.9和更高版本中均可用 。[26]
    4. [27]

NSA Suite B 密码学[edit]

NSA Suite B 密码学 (RFC 6460) 的必须部分:

对于业务流量,AES应与低带宽流量的计数器模式(CTR)或高带宽流量的伽罗瓦/计数器模式(GCM)操作模式一起使用(请参阅分块密码模式操作) - 对称加密

椭圆曲线数字签名算法(ECDSA) - 数字签名 椭圆曲线Diffie-Hellman(ECDH) - 密钥协议 安全散列算法2(SHA-256和SHA-384) - 消息摘要 根据CNSSP-15,256位椭圆曲线(FIPS 186-2中指定),SHA-256和AES 128位密钥足以保护机密信息达到Secret级别,而384位椭圆曲线(在FIPS 186-2中指定),SHA-384和带有256位密钥的AES是保护最高机密信息所必需的。

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

Implementation TLS 1.2 Suite B
GnuTLS
OpenSSL [28]
wolfSSL

证书[edit]

请注意,某些认证已受到实际参与研发人的严重负面批评。[29]

应用软件 FIPS 140-1, FIPS 140-2[30] 通用标准 Embedded FIPS Solution
第一层面 Level 2[disputed discuss]
GnuTLS[31] 红帽企业Linux GnuTLS加密模块(#2780)
OpenSSL[32] OpenSSL FIPS 对象模块: 1.0 (#624), 1.1.1 (#733), 1.1.2 (#918), 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4 (#1051)
2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8 (#1747)
wolfSSL[33] wolfCrypt FIPS 模块: 3.6.0 (#2425)
已验证的操作环境详见于NIST 证书 for validated Operating Environments

密钥交换算法(仅限于证书)[edit]

本节列出了在不同应用软件中中可用的证书验证功能。

应用软件 RSA[18] RSA-EXPORT (不安全)[18] DHE-RSA (forward secrecy)[18] DHE-DSS (forward secrecy)[18] ECDH-ECDSA[34] ECDHE-ECDSA (forward secrecy)[34] ECDH-RSA[34] ECDHE-RSA (forward secrecy)[34] GOST R 34.10-94, 34.10-2001[35]
GnuTLS 默认禁止[22]
OpenSSL [23] 默认禁止[23]
wolfSSL

密钥交换算法(备选密钥交换)[edit]

应用软件 SRP[36] SRP-DSS[36] SRP-RSA[36] PSK-RSA[37] PSK[37] DHE-PSK (前向保密)[37] ECDHE-PSK (前向保密)[38] KRB5[39] DH-ANON[18] (不安全) ECDH-ANON[34] (不安全)
GnuTLS 默认禁止 默认禁止
OpenSSL [40] 默认禁止[41] 默认禁止[41]
wolfSSL [42]

证书验证算法[edit]

应用软件 应用程序定义 PKIX path validation[43] CRL[44] OCSP[45] DANE (DNSSEC)[46] 首用信任 (TOFU)
GnuTLS
OpenSSL
wolfSSL

加密算法[edit]

应用软件 分组密码操作模式 流密码 None
AES GCM
[47] 		AES CCM
[48] 		AES CBC Camellia GCM
[49] 		Camellia CBC
[50] 		ARIA GCM
[51] 		ARIA CBC
[51] 		SEED CBC
[52] 		3DES EDE CBC
(不安全)[53] 		GOST 28147-89 CNT
(提出)
[35][n 1] 		ChaCha20-Poly1305
[54] 		Null
(insecure)
[n 2]
GnuTLS Yes[22] 默认禁止[55] [56] 默认禁止
OpenSSL [57] 默认禁止[23] 默认禁止[23] 默认禁止[23] 默认禁止[23] [58] [23] 默认禁止
wolfSSL Yes 默认禁止

废弃算法[edit]

应用软件 分组密码操作模式 流密码
IDEA CBC
[n 3](不安全)[60] 		DES CBC
(不安全)
[n 3] 		DES-40 CBC
(EXPORT, 不安全)
[n 4] 		RC2-40 CBC
(EXPORT, 不安全)
[n 4] 		RC4-128
(不安全)
[n 5] 		RC4-40
(EXPORT, 不安全)
[n 6][n 4]
GnuTLS 默认禁止[22]
OpenSSL 默认禁止[23] 默认禁止 [23] [23] 默认禁止 [23]
wolfSSL 默认禁止[61] 默认禁止

支持的椭圆曲线[edit]

应用 sect163k1
NIST K-163
(1)[34] 		sect163r1
(2)[34] 		sect163r2
NIST B-163
(3)[34] 		sect193r1
(4)[34] 		sect193r2
(5)[34] 		sect233k1
NIST K-233
(6)[34] 		sect233r1
NIST B-233
(7)[34] 		sect239k1
(8)[34] 		sect283k1
NIST K-283
(9)[34] 		sect283r1
NIST B-283
(10)[34] 		sect409k1
NIST K-409
(11)[34] 		sect409r1
NIST B-409
(12)[34] 		sect571k1
NIST K-571
(13)[34] 		sect571r1
NIST B-571
(14)[34]
GnuTLS
OpenSSL
wolfSSL
Implementation secp160k1
(15)[34] 		secp160r1
(16)[34] 		secp160r2
(17)[34] 		secp192k1
(18)[34] 		secp192r1
prime192v1
NIST P-192
(19)[34] 		secp224k1
(20)[34] 		secp224r1
NIST P-244
(21)[34] 		secp256k1
(22)[34] 		secp256r1
prime256v1
NIST P-256
(23)[34] 		secp384r1
NIST P-384
(24)[34] 		secp521r1
NIST P-521
(25)[34] 		arbitrary prime curves
(0xFF01)[34][62] 		arbitrary char2 curves
(0xFF02)[34][62]
GnuTLS
OpenSSL
wolfSSL
应用 brainpoolP256r1
(26)[63] 		brainpoolP384r1
(27)[63] 		brainpoolP512r1
(28)[63] 		X25519
[64] 		Curve448
Ed448-Goldilocks
[65] 		M221
Curve2213
[66] 		E222
[66] 		Curve1174
[66] 		E382
[66] 		M383
[66] 		Curve383187
[66] 		Curve41417
Curve3617
[66] 		M511
Curve511187
[66] 		E521
[66]
GnuTLS [67]
OpenSSL [28] [28] [28] [68][69] [70][71]
wolfSSL [72]

数据完整性[edit]

应用软件 HMAC-MD5 HMAC-SHA1 HMAC-SHA256/384 AEAD GOST 28147-89 IMIT[35] GOST R 34.11-94[35]
GnuTLS
OpenSSL [58] [58]
wolfSSL

压缩[edit]

请注意,CRIME 安全漏洞 利用了TLS压缩的优势,因此传统应用不会在TLS层启用压缩。 HTTP 压缩是不相关的且不受此漏洞攻击的影响,但会被BREACH相关的攻击利用。

应用软件 DEFLATE[73]
(不安全)
GnuTLS 默认禁用
OpenSSL 默认禁用
wolfSSL 默认禁用

扩展[edit]

在本节中列出了每个应用支持的扩展。请注意,安全重新协商扩展对于HTTPS客户端安全至关重要。不执行TLS协议的客户端很容易受到攻击,无论客户端是否实施TLS重新协商。

Implementation Secure Renegotiation
[74] 		Server Name Indication
[75] 		ALPN
[76] 		Certificate Status Request
[75] 		OpenPGP
[77] 		Supplemental Data
[78] 		Session Ticket
[79] 		Keying Material Exporter
[80] 		Maximum Fragment Length
[75] 		Truncated HMAC
[75] 		Encrypt-then-MAC
[81] 		TLS Fallback SCSV
[82] 		Extended Master Secret
[83] 		ClientHello Padding
[84] 		Raw Public Keys
[85]
GnuTLS [86] 弃用[87] [22] [88] [22] [89]
OpenSSL [28] 否? 是? [90] [91] [92] 未知
wolfSSL [61] 未知

辅助加密[edit]

本节列出了已知的利用CPU指令集优化加密,或利用系统特定允许访问底层加密硬件加速或分离数据的设备。

应用软件 PKCS #11 device Intel AES-NI VIA PadLock ARMv8-A Intel SGX Intel QAT
GnuTLS [93]
OpenSSL [94] [95]
wolfSSL [96]

系统特定的后端[edit]

本节列出了已知利用可用操作系统特定后端或另一个提供的后端的应用。

应用软件 /dev/crypto Windows CSP 一般加密CommonCrypto OpenSSL
GnuTLS
OpenSSL
wolfSSL 部分

加密模块/令牌支持[edit]

Implementation TPM support Hardware token support Objects identified via
GnuTLS PKCS11 RFC7512 PKCS #11 URLs[97]
OpenSSL PKCS11 (通过第三方模块)[98] RFC7512 PKCS #11 URLs[97]
wolfSSL

代码属性[edit]

应用软件 属性 可选属性
GnuTLS libc
nettle
gmp 		zlib (compression)
p11-kit (PKCS #11)
trousers (TPM)
OpenSSL libc zlib (压缩)
wolfSSL None libc, zlib (压缩)

发展环境[edit]

应用软件 Namespace 建设工具 API 手册 加密后端 OpenSSL 兼容层
GnuTLS gnutls_* Autoconf, automake, libtool Manual and API reference (HTML, PDF) External, libnettle Yes (部分)
OpenSSL SSL_*

SHA1_*
MD5_*
EVP_*
...

Makefile Man pages Included (monolithic) N/A
wolfSSL CyaSSL_*

SSL_*

Autoconf, automake, libtool, MSVC project workspaces, XCode projects, CodeWarrior projects, MPLAB X projects, Keil, IAR, Clang, GCC Manual and API Reference (HTML, PDF) Included (monolithic) Yes (大约 10% of API)

移植问题[edit]

应用软件 平台要求奥球 网络要求 线程安全 随机速度 能够交叉编译 No OS (bare metal) 可支持的操作系统
GnuTLS C89 POSIX send() and recv(). API 支持所找的替代品. 线程安全,如果POSIX和Windows线程都不可用,则需要自定义互斥锁钩 取决于平台 基本任何 POSIX 平台 or Windows, 一般已测试的平台包含 GNU/Linux, Win32/64, OS X, Solaris, OpenWRT, FreeBSD, NetBSD, OpenBSD.
OpenSSL C89? ? 需要互斥量回调 通过原始API设置 Unix, DOS (with djgpp), Windows, OpenVMS, MacOS, NetWare, eCos
wolfSSL C89 POSIX send() and recv(). API 支持所找的替代品. 线程安全,如果POSIX和Windows线程都不可用,则需要自定义互斥锁钩 通过 wolfCrypt设置随机速度 Win32/64, Linux, OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, Keil RTX, TI-RTOS

其他[edit]

  • SCTP — 含DTLS 支持
  • DCCP — 含 DTLS 支持
  • SRTP — 含 DTLS 支持 (DTLS-SRTP) 安全实时传输控制协议 (SRTCP)

Notes[edit]

  1. This algorithm is not defined yet as TLS cipher suites in RFCs, is proposed in drafts.
  2. authentication only, no encryption
  3. 3.0 3.1 IDEA and DES have been removed from TLS 1.2.[59]
  4. 4.0 4.1 4.2 40 bits strength of cipher suites were designed to operate at reduced key lengths in order to comply with US regulations about the export of cryptographic software containing certain strong encryption algorithms (see Export of cryptography from the United States). These weak suites are forbidden in TLS 1.1 and later.
  5. The RC4 attacks weaken or break RC4 used in SSL/TLS. Use of RC4 is prohibited by RFC 7465.
  6. The RC4 attacks weaken or break RC4 used in SSL/TLS.

参考文献[edit]

  1. 1.0 1.1 "GnuTLS". Retrieved 17 July 2018.
  2. 2.0 2.1 2.2 "OpenSSL: Newslog". Retrieved 2019-02-27.
  3. "wolfSSL product description". Retrieved 2016-05-03.
  4. "wolfSSL Embedded SSL/TLS". Retrieved 2016-05-03.
  5. "wolfSSL ChangeLog". 2018-11-07. Retrieved 2019-03-21.
  6. RFC6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0
  7. ""CBC-Padding: Security Flaws in SSL, IPsec, WTLS,...", Serge Vaudenay, 2001" (PDF).
  8. RFC7366: Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security
  9. "Rizzo/Duong BEAST Countermeasures".
  10. Möller, Bodo; Duong, Thai; Kotowicz, Krzysztof (September 2014). "This POODLE Bites: Exploiting The SSL 3.0 Fallback" (PDF). Retrieved 15 October 2014.
  11. TLSv1.2's Major Differences from TLSv1.1
  12. 12.0 12.1 RFC 6347
  13. "Bard attack". CiteSeerX 10.1.1.61.5887. Missing or empty |url= (help)
  14. "draft-hickman-netscape-ssl-00". tools.ietf.org.
  15. RFC 6101
  16. RFC 2246
  17. RFC 4346
  18. 18.0 18.1 18.2 18.3 18.4 18.5 RFC 5246
  19. draft-ietf-tls-tls13-11 - The Transport Layer Security (TLS) Protocol Version 1.3
  20. "tlswg/tls13-spec branches". tlswg.github.io.
  21. RFC 4347
  22. 22.0 22.1 22.2 22.3 22.4 22.5 "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16.
  23. 23.00 23.01 23.02 23.03 23.04 23.05 23.06 23.07 23.08 23.09 23.10 23.11 Inc., OpenSSL Foundation,. "/news/openssl-1.1.0-notes.html". www.openssl.org.
  24. "[wolfssl] wolfSSL 3.6.6 Released". 2015-08-20. Retrieved 2015-08-24.
  25. "NSS 3.24 release notes". Mozilla Developer Network. Mozilla. Retrieved 2016-06-19.
  26. "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
  27. "Qualys SSL Labs - Projects / User Agent Capabilities". dev.ssllabs.com.
  28. 28.0 28.1 28.2 28.3 28.4 Cite error: Invalid <ref> tag; no text was provided for refs named openssl-1.0.2-note
  29. "Secure or Compliant, Pick One" Steve Marquess blog Archived December 27, 2013, at the Wayback Machine
  30. "Search - Cryptographic Module Validation Program - CSRC". csrc.nist.gov.
  31. "While, as a free software project, we are not actively pursuing this kind of certification, GnuTLS has been FIPS-140-2 certified in several systems by third parties." GnuTLS 3.5.6 B.5 Certification
  32. "OpenSSL and FIPS 140-2".
  33. "wolfCrypt FIPS 140-2 Information - wolfSSL Embedded SSL/TLS Library".
  34. 34.00 34.01 34.02 34.03 34.04 34.05 34.06 34.07 34.08 34.09 34.10 34.11 34.12 34.13 34.14 34.15 34.16 34.17 34.18 34.19 34.20 34.21 34.22 34.23 34.24 34.25 34.26 34.27 34.28 34.29 34.30 34.31 RFC 4492
  35. 36.0 36.1 36.2 RFC 5054
  36. 37.0 37.1 37.2 RFC 4279
  37. RFC 5489
  38. RFC 2712
  39. "Changes between 0.9.6h and 0.9.7 [31 Dec 2002]". Retrieved 2016-01-29.
  40. 41.0 41.1 "Changes between 0.9.8n and 1.0.0 [29 Mar 2010]". Retrieved 2016-01-29.
  41. "wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016)". 2016-03-18. Retrieved 2016-04-05.
  42. RFC 5280
  43. RFC 3280
  44. RFC 2560
  45. RFC 6698, RFC 7218
  46. RFC 5288, RFC 5289
  47. RFC 6655, RFC 7251
  48. RFC 6367
  49. RFC 5932, RFC 6367
  50. 51.0 51.1 RFC 6209
  51. RFC 4162
  52. "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". sweet32.info.
  53. RFC 7905
  54. "gnutls 3.6.0". 2017-09-21. Retrieved 2018-01-07.
  55. "gnutls 3.4.12". 2016-05-20. Retrieved 2016-05-29.
  56. "openssl/CHANGES at OpenSSL_1_0_1-stable · openssl/openssl". Retrieved 2015-01-20.
  57. 58.0 58.1 58.2 Cite error: Invalid <ref> tag; no text was provided for refs named OpenSSL-GOST
  58. RFC 5469
  59. https://sweet32.info
  60. 61.0 61.1 "wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015)". 2015-10-26. Retrieved 2015-11-19.
  61. 62.0 62.1 Negotiation of arbitrary curves has been shown to be insecure for certain curve sizes Mavrogiannopoulos, Nikos and Vercautern, Frederik and Velichkov, Vesselin and Preneel, Bart (2012). A cross-protocol attack on the TLS protocol. Proceedings of the 2012 ACM conference on Computer and communications security (PDF). pp. 62–72. ISBN 978-1-4503-1651-4.CS1 maint: Multiple names: authors list (link) Search this book on
  62. 63.0 63.1 63.2 RFC 7027
  63. Simon, Josefsson,; Yoav, Nir,; Manuel, Pégourié-Gonnard,. "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier". tools.ietf.org.
  64. Simon, Josefsson,; Manuel, Pégourié-Gonnard,. "Curve25519 and Curve448 for Transport Layer Security (TLS)". tools.ietf.org.
  65. 66.0 66.1 66.2 66.3 66.4 66.5 66.6 66.7 66.8 Simon, Josefsson,; Manuel, Pégourié-Gonnard,. "Additional Elliptic Curves for Transport Layer Security (TLS) Key Agreement". tools.ietf.org.
  66. ""An overview of the new features in GnuTLS 3.5.0"". 2016-05-02. Retrieved 2016-12-09.
  67. "OpenSSL 1.1.0x Release Notes". 25 August 2016. Retrieved 18 May 2018.
  68. "OpenSSL  GitHub Issue #487 Tracker". 2 December 2015. Retrieved 18 May 2018.
  69. "OpenSSL 1.1.1x Release Notes". 1 May 2018. Retrieved 18 May 2018.
  70. "OpenSSL  GitHub Issue #5049 Tracker". 9 January 2018. Retrieved 18 May 2018.
  71. "wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)". 2015-03-30. Retrieved 2015-11-19.
  72. RFC 3749
  73. RFC 5746
  74. 75.0 75.1 75.2 75.3 RFC 6066
  75. RFC 7301
  76. RFC 6091
  77. RFC 4680
  78. RFC 5077
  79. RFC 5705
  80. RFC 7366
  81. RFC 7507
  82. RFC 7627
  83. RFC 7685
  84. RFC 7250
  85. "gnutls 3.2.0". Retrieved 2015-01-26.
  86. https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008309.html
  87. "gnutls 3.4.4". Retrieved 2015-08-25.
  88. "%DUMBFW priority keyword". Retrieved 2017-04-30.
  89. http://www.openssl.org/news/secadv_20141015.txt
  90. "OpenSSL 1.1.0 Release Notesl".
  91. "Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]". 2014-04-07. Archived from the original on 2015-01-20. Retrieved 2015-02-10.
  92. https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.html
  93. https://habrahabr.ru/post/134725/, http://forum.rutoken.ru/topic/1639/, https://dev.rutoken.ru/pages/viewpage.action?pageId=18055184 (in Russian)
  94. "git.openssl.org Git - openssl.git/commitdiff". git.openssl.org.
  95. "wolfSSL Asynchronous Intel QuickAssist Support - wolfSSL". 18 January 2017.
  96. 97.0 97.1 RFC 7512
  97. "libp11: PKCS#11 wrapper library". 19 January 2018 – via GitHub.


This article "TLS应用对比" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:TLS应用对比. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


Retrieved from "https://en.everybodywiki.com/index.php?title=TLS应用对比&oldid=966540"
License CC BY-SA 3.0
Powered by MediaWiki
Powered by Semantic MediaWiki