Rebex TLS

TLS library for modern and legacy platforms

Download 30-day free trial Buy from $699
More .NET libraries

Back to feature list...

Standards and platform support

100% managed .NET code with no external dependencies 

  • Rebex TLS is written in 100% managed C# code.
  • No external dependencies. It only needs .NET.
  • No third-party or open source code used.
  • Fully CLS-compliant.
  • Supports any .NET language (C#, VB.NET, C++/CLI, etc.)
  • Platform-independent code. Same assemblies for both 32-bit and 64-bit applications and x86/x64, ARM32/ARM64 architectures.

TLS 1.3 ciphers 

The following TLS 1.3 ciphers are supported:

  • TLS_AES_128_GCM_SHA256 (AES/GCM with 128-bit key)
  • TLS_AES_256_GCM_SHA384 (AES/GCM with 256-bit key)
  • TLS_CHACHA20_POLY1305_SHA256 (ChaCha20-Poly1305 AEAD cipher)

Use Parameters.SetSymmetricCipherSuites(...) method (on the client object) to specify a list of allowed TLS 1.3 symmetric cipher suites, and Parameters.GetSymmetricCipherSuites() method to retrieve the current setting.

Note: TLS_CHACHA20_POLY1305_SHA256 cipher is not enabled by default. It uses a managed implementation that is slower than AES/GCM alternatives on mainstream Windows platforms.

TLS 1.2 ciphers 

The Parameters.AllowedSuites property of the TlsSocket object makes it possible to specify a combination of following algorithms:

Cipher ID Certificate Key Algorithm Key Exchange Algorithm Encryption Algorithm MAC Alg. Security
RSA_WITH_AES_128_GCM_SHA256 RSA RSA AES in GCM mode AEAD Secure
RSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
RSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
RSA_WITH_AES_256_CBC_SHA256 AES in CBC mode SHA-256 Secure
RSA_EXPORT_WITH_RC4_40_MD5 RC4 MD5 Vulnerable
RSA_WITH_RC4_128_MD5 RC4 MD5 Vulnerable
RSA_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
RSA_EXPORT_WITH_RC2_CBC_40_MD5 RC2 in CBC mode MD5 Vulnerable
RSA_EXPORT_WITH_DES40_CBC_SHA DES in CBC mode SHA-1 Vulnerable
RSA_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
RSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
RSA_EXPORT1024_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
RSA_EXPORT1024_WITH_RC4_56_SHA RC4 SHA-1 Vulnerable
RSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
RSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_AES_128_GCM_SHA256 RSA Elliptic Curve Diffie-Hellman AES in GCM mode AEAD Secure
ECDHE_RSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ChaCha20-Poly1305 AEAD Secure
ECDHE_RSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
ECDHE_RSA_WITH_AES_256_CBC_SHA384 AES in CBC mode SHA-384 Secure
ECDHE_RSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Elliptic Curve DSA Elliptic Curve Diffie-Hellman AES in GCM mode AEAD Secure
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ChaCha20-Poly1305 AEAD Secure
ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 AES in CBC mode SHA-384 Secure
ECDHE_ECDSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_ECDSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
ECDHE_ECDSA_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
DHE_RSA_WITH_AES_128_GCM_SHA256 RSA Diffie-Hellman AES in GCM mode AEAD Secure
DHE_RSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ChaCha20-Poly1305 AEAD Secure
DHE_RSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_RSA_WITH_AES_256_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_RSA_EXPORT_WITH_DES40_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_RSA_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_RSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
DHE_RSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_RSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_DSS_WITH_AES_128_GCM_SHA256 DSS Diffie-Hellman AES in GCM mode AEAD Secure
DHE_DSS_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
DHE_DSS_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_DSS_WITH_AES_256_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_DSS_EXPORT_WITH_DES40_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_DSS_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_DSS_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
DHE_DSS_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_DSS_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_DSS_EXPORT1024_WITH_RC4_56_SHA RC4 SHA-1 Vulnerable
DHE_DSS_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
DH_anon_WITH_AES_256_CBC_SHA256 no certificate Diffie-Hellman AES in CBC mode SHA-256 Anonymous
DH_anon_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Anonymous
DH_anon_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Anonymous
DH_anon_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Anonymous
DH_anon_WITH_RC4_128_MD5 RC4 MD5 Anonymous
DH_anon_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Anonymous
DH_anon_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Anonymous
Note: On Xamarin, Mono and older Windows platforms, elliptic curve algorithms (ECDH and ECDSA) are only available with an external plugins.
Note: Vulnerable cipher suites are switched off by default. To enable them, set Parameters.AllowVulnerableSuites to true. However, this is strongly discouraged.
Note: CHACHA20_POLY1305 ciphers are not enabled by default. They use a managed implementation that is slower than AES/GCM alternatives on mainstream Windows platforms.
Ciphers based on modular Diffie-Hellman algorithm (those with "DHE_" prefix) are known to be very slow on legacy hardware. To only enable ciphers that are fast and also sufficiently secure, use TlsCipherSuite.Fast enum value.

Compatible with third-party implementations 

Rebex TLS is compatible with a wide range of third-party of current and legacy TLS implementations.

.NET 8/7/6/5 

Rebex TLS supports .NET 8 and .NET 7 on all supported operating systems:

  • Windows 11 (x64, ARM64)
  • Windows 10 (x64, x86, ARM64)
  • Windows Server 2022 (x64)
  • Windows Server 2019 (x64)
  • Windows Server 2016 (x64)
  • Windows Server 2012 (x64, x86)
  • Linux (x64, ARM64, ARM32)
  • macOS (x64, ARM64)
  • Android (x64, ARM64, ARM32)
  • iOS/tvOS (x64, ARM64, ARM32)

Rebex TLS also supports .NET 6 and .NET 5 on all supported operating systems:

  • Windows 11 (x64, ARM64)
  • Windows 10 (x64, x86, ARM64)
  • Windows Server 2022 (x64)
  • Windows Server 2019 (x64)
  • Windows Server 2016 (x64)
  • Windows Server 2012 (x64, x86)
  • Windows 8.1 (x64, x86)
  • Windows 7 SP1 (x64, x86) (end-of-life platform)
  • Linux (x64, ARM64, ARM32)
  • macOS (x64, ARM64)
  • Android (x64, ARM64, ARM32)
  • iOS/tvOS (x64, ARM64, ARM32)

.NET Framework on Windows 

Rebex TLS supports the following .NET Framework platforms:

  • .NET Framework 4.8.x
  • .NET Framework 4.7.x
  • .NET Framework 4.6.x
  • .NET Framework 4.5.x
  • .NET Framework 4.0
  • .NET Framework 3.5 SP1
  • Both 32-bit and 64-bit versions (same DLLs)

Legacy binaries for .NET Framework 2.0/3.0 are available as well.
For details and a trial version download link, see Support for Legacy Platforms.

Supported IDE versions:

  • Microsoft Visual Studio 2022
  • Microsoft Visual Studio 2019
  • Microsoft Visual Studio 2017
  • Microsoft Visual Studio 2015
  • Microsoft Visual Studio 2013
  • Microsoft Visual Studio 2012

Supported Windows versions:

Rebex TLS is also known to work on Windows 8, Windows Vista SP1, Windows XP SP3, Windows Server 2003 R2, Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. However, these platforms already reached end-of-life (most of them many years ago), which means we cannot guarantee support for Rebex TLS on these operating systems.

.NET Core 

Rebex TLS supports .NET Core platform.

Supported versions:

Supported operating systems:

.NET Standard 

Rebex TLS supports .NET Standard 2.1 on .NET 8/7/6/5, .NET Core 3.1, Mono 6.10 (or higher), Xamarin.Android 10.1 (or higher) and Xamarin.iOS 13.10 (or higher). It also supports .NET Standard 2.0 on .NET Core 2.1.

Mono on Linux 

Rebex TLS supports Mono 6.0 (or higher) on Linux and macOS.

Xamarin.iOS 

  • Visual Studio with Xamarin.iOS 13.10 or later
  • iOS 10.2 or later

To target Xamarin.iOS platform, reference .NET Standard 2.1 binaries.

Xamarin.Android 

  • Visual Studio with Xamarin.Android 10.1 or later

To target Xamarin.Android platform, reference .NET Standard 2.1 binaries.

Legacy platform support 

Legacy edition of Rebex TLS for the following platforms is available as a separate product:

  • .NET Compact Framework 3.5/3.9
  • .NET Framework 2.0/3.0

Legacy platforms are platforms that are no longer covered by our Standard Support, but have not yet reached End of Life. For details, see the following KB articles:

.NET Compact Framework 

Rebex TLS supports .NET Compact Framework on Microsoft's legacy embedded, handheld and mobile platforms based on Windows CE.

Supported frameworks:

  • .NET Compact Framework 3.9
  • .NET Compact Framework 3.5 (end-of-life)

Supported operating systems:

  • Windows Embedded Compact 2013

Known to work on the following end-of-life operating systems:

  • Windows Embedded Compact 7
  • Windows Embedded Handheld 6.5
  • Windows Embedded CE 6.0
  • Windows CE 5.0
  • Windows Mobile 5.0, 6.0, 6.1, 6.5

Please note .NET Compact Framework is a legacy platform, which means that Rebex TLS for .NET CF is available as a separate product with different lifecycle and pricing.

Due to popular demand, we will continue to provide and maintain binaries for .NET Compact Framework 3.5 until 2023-10-10, as long as your legacy support contract remains active. However, support for these binaries is no longer included in the Rebex Support Contract.

Cryptographic algorithms 

  • RSA
  • Ed25519
  • ECDSA
  • DSA (legacy)
  • Diffie-Hellman key exchange
  • Elliptic curve Diffie-Hellman key exchange (ECDH)
  • AES
  • AES/GCM
  • ChaCha20/Poly1305
  • Tripple DES
  • Twofish
  • DES (legacy)
  • Blowfish (legacy)
  • ArcFour (compatible with RC4, legacy)
  • ArcTwo (compatible with RC2, legacy)
  • SHA-2 (SHA-256, SHA-384, SHA-512)
  • SHA-1
  • MD5 (legacy)
  • MD4 (legacy)

XCOPY deployment 

When distributing an application using Rebex TLS library, simply copy the following DLL files (.NET assemblies) with your application:

  • Rebex.Common.dll
  • Rebex.Networking.dll
  • Rebex.Tls.dll

There is no need to install, configure or distribute anything else to make them work.

Rebex TLS license is royalty-free - you can distribute your application to unlimited number of users or computers without any additional fees.

Back to feature list...