More .NET libraries
-
Rebex Total Pack
All Rebex .NET libraries together
Back to feature list...
Standards and platform support
On this page:
- 100% managed .NET code with no external dependencies
- Protocols and RFC specifications
- TLS 1.3 ciphers
- TLS 1.2 ciphers
- Compatible with third-party implementations
- .NET 8/7/6/5
- .NET Framework on Windows
- .NET Core
- .NET Standard
- Mono on Linux
- Xamarin.iOS
- Xamarin.Android
- Legacy platform support
- .NET Compact Framework
- Cryptographic algorithms
- XCOPY deployment
100% managed .NET code with no external dependencies
- Rebex TLS is written in 100% managed C# code.
- No external dependencies. It only needs .NET.
- No third-party or open source code used.
- Fully CLS-compliant.
- Supports any .NET language (C#, VB.NET, C++/CLI, etc.)
- Platform-independent code. Same assemblies for both 32-bit and 64-bit applications and x86/x64, ARM32/ARM64 architectures.
Protocols and RFC specifications
Rebex TLS implements the TLS protocol as specified by the following series of RFCs:
It also implements many additional ciphers and extensions, such as:
- RFC 5288 (Galois Counter Mode Cipher Suites - AES/GCM)
- RFC 5289 (TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES/GCM)
- RFC 5746 (TLS Renegotiation Indication Extension)
- RFC 6066 (Server Name Indication extensions)
- RFC 7301 (Application-Layer Protocol Negotiation Extension)
- RFC 7902 (ChaCha20-Poly1305 Cipher Suites)
- RFC 8422 (Elliptic Curve Cryptography (ECC) Cipher Suites for TLS 1.2 and Earlier)
TLS 1.3 ciphers
The following TLS 1.3 ciphers are supported:
- TLS_AES_128_GCM_SHA256 (AES/GCM with 128-bit key)
- TLS_AES_256_GCM_SHA384 (AES/GCM with 256-bit key)
- TLS_CHACHA20_POLY1305_SHA256 (ChaCha20-Poly1305 AEAD cipher)
Use Parameters.SetSymmetricCipherSuites(...)
method
(on the client object)
to specify a list of allowed TLS 1.3 symmetric cipher suites, and
Parameters.GetSymmetricCipherSuites()
method to retrieve the current setting.
TLS 1.2 ciphers
The Parameters.AllowedSuites
property
of the TlsSocket
object
makes it possible to specify a combination of following algorithms:
Cipher ID | Certificate Key Algorithm | Key Exchange Algorithm | Encryption Algorithm | MAC Alg. | Security |
---|---|---|---|---|---|
RSA_WITH_AES_128_GCM_SHA256 | RSA | RSA | AES in GCM mode | AEAD | Secure |
RSA_WITH_AES_256_GCM_SHA384 | AES in GCM mode | AEAD | Secure | ||
RSA_WITH_AES_128_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
RSA_WITH_AES_256_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
RSA_EXPORT_WITH_RC4_40_MD5 | RC4 | MD5 | Vulnerable | ||
RSA_WITH_RC4_128_MD5 | RC4 | MD5 | Vulnerable | ||
RSA_WITH_RC4_128_SHA | RC4 | SHA-1 | Vulnerable | ||
RSA_EXPORT_WITH_RC2_CBC_40_MD5 | RC2 in CBC mode | MD5 | Vulnerable | ||
RSA_EXPORT_WITH_DES40_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
RSA_WITH_DES_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
RSA_WITH_3DES_EDE_CBC_SHA | TripleDES in CBC mode | SHA-1 | Weak | ||
RSA_EXPORT1024_WITH_DES_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
RSA_EXPORT1024_WITH_RC4_56_SHA | RC4 | SHA-1 | Vulnerable | ||
RSA_WITH_AES_128_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
RSA_WITH_AES_256_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
ECDHE_RSA_WITH_AES_128_GCM_SHA256 | RSA | Elliptic Curve Diffie-Hellman | AES in GCM mode | AEAD | Secure |
ECDHE_RSA_WITH_AES_256_GCM_SHA384 | AES in GCM mode | AEAD | Secure | ||
ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ChaCha20-Poly1305 | AEAD | Secure | ||
ECDHE_RSA_WITH_AES_128_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
ECDHE_RSA_WITH_AES_256_CBC_SHA384 | AES in CBC mode | SHA-384 | Secure | ||
ECDHE_RSA_WITH_AES_128_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
ECDHE_RSA_WITH_AES_256_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | TripleDES in CBC mode | SHA-1 | Weak | ||
ECDHE_RSA_WITH_RC4_128_SHA | RC4 | SHA-1 | Vulnerable | ||
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | Elliptic Curve DSA | Elliptic Curve Diffie-Hellman | AES in GCM mode | AEAD | Secure |
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | AES in GCM mode | AEAD | Secure | ||
ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ChaCha20-Poly1305 | AEAD | Secure | ||
ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | AES in CBC mode | SHA-384 | Secure | ||
ECDHE_ECDSA_WITH_AES_128_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
ECDHE_ECDSA_WITH_AES_256_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | TripleDES in CBC mode | SHA-1 | Weak | ||
ECDHE_ECDSA_WITH_RC4_128_SHA | RC4 | SHA-1 | Vulnerable | ||
DHE_RSA_WITH_AES_128_GCM_SHA256 | RSA | Diffie-Hellman | AES in GCM mode | AEAD | Secure |
DHE_RSA_WITH_AES_256_GCM_SHA384 | AES in GCM mode | AEAD | Secure | ||
DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ChaCha20-Poly1305 | AEAD | Secure | ||
DHE_RSA_WITH_AES_128_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
DHE_RSA_WITH_AES_256_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
DHE_RSA_WITH_DES_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
DHE_RSA_WITH_3DES_EDE_CBC_SHA | TripleDES in CBC mode | SHA-1 | Weak | ||
DHE_RSA_WITH_AES_128_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
DHE_RSA_WITH_AES_256_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
DHE_DSS_WITH_AES_128_GCM_SHA256 | DSS | Diffie-Hellman | AES in GCM mode | AEAD | Secure |
DHE_DSS_WITH_AES_256_GCM_SHA384 | AES in GCM mode | AEAD | Secure | ||
DHE_DSS_WITH_AES_128_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
DHE_DSS_WITH_AES_256_CBC_SHA256 | AES in CBC mode | SHA-256 | Secure | ||
DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
DHE_DSS_WITH_DES_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
DHE_DSS_WITH_3DES_EDE_CBC_SHA | TripleDES in CBC mode | SHA-1 | Weak | ||
DHE_DSS_WITH_AES_128_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
DHE_DSS_WITH_AES_256_CBC_SHA | AES in CBC mode | SHA-1 | Weak | ||
DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA | DES in CBC mode | SHA-1 | Vulnerable | ||
DHE_DSS_EXPORT1024_WITH_RC4_56_SHA | RC4 | SHA-1 | Vulnerable | ||
DHE_DSS_WITH_RC4_128_SHA | RC4 | SHA-1 | Vulnerable | ||
DH_anon_WITH_AES_256_CBC_SHA256 | no certificate | Diffie-Hellman | AES in CBC mode | SHA-256 | Anonymous |
DH_anon_WITH_AES_128_CBC_SHA256 | AES in CBC mode | SHA-256 | Anonymous | ||
DH_anon_WITH_AES_256_CBC_SHA | AES in CBC mode | SHA-1 | Anonymous | ||
DH_anon_WITH_AES_128_CBC_SHA | AES in CBC mode | SHA-1 | Anonymous | ||
DH_anon_WITH_RC4_128_MD5 | RC4 | MD5 | Anonymous | ||
DH_anon_WITH_3DES_EDE_CBC_SHA | TripleDES in CBC mode | SHA-1 | Anonymous | ||
DH_anon_WITH_DES_CBC_SHA | DES in CBC mode | SHA-1 | Anonymous |
Parameters.AllowVulnerableSuites
to true
.
However, this is strongly discouraged.
TlsCipherSuite.Fast
enum value.
Compatible with third-party implementations
Rebex TLS is compatible with a wide range of third-party of current and legacy TLS implementations.
.NET 8/7/6/5
Rebex TLS supports .NET 8 and .NET 7 on all supported operating systems:
- Windows 11 (x64, ARM64)
- Windows 10 (x64, x86, ARM64)
- Windows Server 2022 (x64)
- Windows Server 2019 (x64)
- Windows Server 2016 (x64)
- Windows Server 2012 (x64, x86)
- Linux (x64, ARM64, ARM32)
- macOS (x64, ARM64)
- Android (x64, ARM64, ARM32)
- iOS/tvOS (x64, ARM64, ARM32)
Rebex TLS also supports .NET 6 and .NET 5 on all supported operating systems:
- Windows 11 (x64, ARM64)
- Windows 10 (x64, x86, ARM64)
- Windows Server 2022 (x64)
- Windows Server 2019 (x64)
- Windows Server 2016 (x64)
- Windows Server 2012 (x64, x86)
- Windows 8.1 (x64, x86)
- Windows 7 SP1 (x64, x86) (end-of-life platform)
- Linux (x64, ARM64, ARM32)
- macOS (x64, ARM64)
- Android (x64, ARM64, ARM32)
- iOS/tvOS (x64, ARM64, ARM32)
.NET Framework on Windows
Rebex TLS supports the following .NET Framework platforms:
- .NET Framework 4.8.x
- .NET Framework 4.7.x
- .NET Framework 4.6.x
- .NET Framework 4.5.x
- .NET Framework 4.0
- .NET Framework 3.5 SP1
- Both 32-bit and 64-bit versions (same DLLs)
Legacy binaries for .NET Framework 2.0/3.0 are available as well.
For details and a trial version download link, see Support for Legacy Platforms.
Supported IDE versions:
- Microsoft Visual Studio 2022
- Microsoft Visual Studio 2019
- Microsoft Visual Studio 2017
- Microsoft Visual Studio 2015
- Microsoft Visual Studio 2013
- Microsoft Visual Studio 2012
Supported Windows versions:
- Windows 11
- Windows 10
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows 8.1
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2 SP1 (end-of-life platform)
- Windows Server 2008 (end-of-life platform)
- Windows 7 SP1 (end-of-life platform)
Rebex TLS is also known to work on Windows 8, Windows Vista SP1, Windows XP SP3, Windows Server 2003 R2, Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. However, these platforms already reached end-of-life (most of them many years ago), which means we cannot guarantee support for Rebex TLS on these operating systems.
.NET Core
Rebex TLS supports .NET Core platform.
Supported versions:
- .NET Core 3.1
- .NET Core 2.1 (end-of-life platform)
Supported operating systems:
- Windows 11
- Windows 10
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows 8.1
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2 SP1 (end-of-life platform)
- Windows Server 2008 (end-of-life platform)
- Windows 7 SP1 (end-of-life platform)
- Linux
- macOS
.NET Standard
Rebex TLS supports .NET Standard 2.1 on .NET 8/7/6/5, .NET Core 3.1, Mono 6.10 (or higher), Xamarin.Android 10.1 (or higher) and Xamarin.iOS 13.10 (or higher). It also supports .NET Standard 2.0 on .NET Core 2.1.
Xamarin.iOS
- Visual Studio with Xamarin.iOS 13.10 or later
- iOS 10.2 or later
To target Xamarin.iOS platform, reference .NET Standard 2.1 binaries.
Xamarin.Android
- Visual Studio with Xamarin.Android 10.1 or later
To target Xamarin.Android platform, reference .NET Standard 2.1 binaries.
Legacy platform support
Legacy edition of Rebex TLS for the following platforms is available as a separate product:
- .NET Compact Framework 3.5/3.9
- .NET Framework 2.0/3.0
Legacy platforms are platforms that are no longer covered by our Standard Support, but have not yet reached End of Life. For details, see the following KB articles:
.NET Compact Framework
Rebex TLS supports .NET Compact Framework on Microsoft's legacy embedded, handheld and mobile platforms based on Windows CE.
Supported frameworks:
- .NET Compact Framework 3.9
- .NET Compact Framework 3.5 (end-of-life)
Supported operating systems:
- Windows Embedded Compact 2013
Known to work on the following end-of-life operating systems:
- Windows Embedded Compact 7
- Windows Embedded Handheld 6.5
- Windows Embedded CE 6.0
- Windows CE 5.0
- Windows Mobile 5.0, 6.0, 6.1, 6.5
Please note .NET Compact Framework is a legacy platform, which means that Rebex TLS for .NET CF is available as a separate product with different lifecycle and pricing.
Due to popular demand, we will continue to provide and maintain binaries for .NET Compact Framework 3.5 until 2023-10-10, as long as your legacy support contract remains active. However, support for these binaries is no longer included in the Rebex Support Contract.
Cryptographic algorithms
- RSA
- Ed25519
- ECDSA
- DSA (legacy)
- Diffie-Hellman key exchange
- Elliptic curve Diffie-Hellman key exchange (ECDH)
- AES
- AES/GCM
- ChaCha20/Poly1305
- Tripple DES
- Twofish
- DES (legacy)
- Blowfish (legacy)
- ArcFour (compatible with RC4, legacy)
- ArcTwo (compatible with RC2, legacy)
- SHA-2 (SHA-256, SHA-384, SHA-512)
- SHA-1
- MD5 (legacy)
- MD4 (legacy)
XCOPY deployment
When distributing an application using Rebex TLS library, simply copy the following DLL files (.NET assemblies) with your application:
Rebex.Common.dll
Rebex.Networking.dll
Rebex.Tls.dll
There is no need to install, configure or distribute anything else to make them work.
Back to feature list...