Rebex TLS

TLS library for modern and legacy platforms

Download 30-day free trial Buy from $699

Standards and platform support

100% managed .NET code with no external dependencies 

  • Rebex TLS is written in 100% managed C# code.
  • No external dependencies. It only needs .NET.
  • No third-party or open source code used.
  • Fully CLS-compliant.
  • Supports any .NET language (C#, VB.NET, C++/CLI, etc.)
  • Platform-independent code. Same assemblies for both 32-bit and 64-bit applications.

TLS 1.3 ciphers 

The following TLS 1.3 ciphers are supported:

  • TLS_AES_128_GCM_SHA256 (AES/GCM with 128-bit key)
  • TLS_AES_256_GCM_SHA384 (AES/GCM with 256-bit key)
  • TLS_CHACHA20_POLY1305_SHA256 (ChaCha20-Poly1305 AEAD cipher)

Use Parameters.SetSymmetricCipherSuites(...) method (on the client object) to specify a list of allowed TLS 1.3 symmetric cipher suites, and Parameters.GetSymmetricCipherSuites() method to retrieve the current setting.

Note: TLS_CHACHA20_POLY1305_SHA256 cipher is not enabled by default. It uses a managed implementation that is slower than AES/GCM alternatives on mainstream Windows platforms.

TLS 1.2 ciphers 

The Parameters.AllowedSuites property of the TlsSocket object makes it possible to specify a combination of following algorithms:

Cipher ID Certificate Key Algorithm Key Exchange Algorithm Encryption Algorithm MAC Alg. Security
RSA_WITH_AES_128_GCM_SHA256 RSA RSA AES in GCM mode AEAD Secure
RSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
RSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
RSA_WITH_AES_256_CBC_SHA256 AES in CBC mode SHA-256 Secure
RSA_EXPORT_WITH_RC4_40_MD5 RC4 MD5 Vulnerable
RSA_WITH_RC4_128_MD5 RC4 MD5 Vulnerable
RSA_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
RSA_EXPORT_WITH_RC2_CBC_40_MD5 RC2 in CBC mode MD5 Vulnerable
RSA_EXPORT_WITH_DES40_CBC_SHA DES in CBC mode SHA-1 Vulnerable
RSA_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
RSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
RSA_EXPORT1024_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
RSA_EXPORT1024_WITH_RC4_56_SHA RC4 SHA-1 Vulnerable
RSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
RSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_AES_128_GCM_SHA256 RSA Elliptic Curve Diffie-Hellman AES in GCM mode AEAD Secure
ECDHE_RSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Chacha20-Poly1305 AEAD Secure
ECDHE_RSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
ECDHE_RSA_WITH_AES_256_CBC_SHA384 AES in CBC mode SHA-384 Secure
ECDHE_RSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
ECDHE_RSA_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Elliptic Curve DSA Elliptic Curve Diffie-Hellman AES in GCM mode AEAD Secure
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Chacha20-Poly1305 AEAD Secure
ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 AES in CBC mode SHA-384 Secure
ECDHE_ECDSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_ECDSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
ECDHE_ECDSA_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
DHE_RSA_WITH_AES_128_GCM_SHA256 RSA Diffie-Hellman AES in GCM mode AEAD Secure
DHE_RSA_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Chacha20-Poly1305 AEAD Secure
DHE_RSA_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_RSA_WITH_AES_256_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_RSA_EXPORT_WITH_DES40_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_RSA_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_RSA_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
DHE_RSA_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_RSA_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_DSS_WITH_AES_128_GCM_SHA256 DSS Diffie-Hellman AES in GCM mode AEAD Secure
DHE_DSS_WITH_AES_256_GCM_SHA384 AES in GCM mode AEAD Secure
DHE_DSS_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_DSS_WITH_AES_256_CBC_SHA256 AES in CBC mode SHA-256 Secure
DHE_DSS_EXPORT_WITH_DES40_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_DSS_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_DSS_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Weak
DHE_DSS_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_DSS_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Weak
DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Vulnerable
DHE_DSS_EXPORT1024_WITH_RC4_56_SHA RC4 SHA-1 Vulnerable
DHE_DSS_WITH_RC4_128_SHA RC4 SHA-1 Vulnerable
DH_anon_WITH_AES_256_CBC_SHA256 no certificate Diffie-Hellman AES in CBC mode SHA-256 Anonymous
DH_anon_WITH_AES_128_CBC_SHA256 AES in CBC mode SHA-256 Anonymous
DH_anon_WITH_AES_256_CBC_SHA AES in CBC mode SHA-1 Anonymous
DH_anon_WITH_AES_128_CBC_SHA AES in CBC mode SHA-1 Anonymous
DH_anon_WITH_RC4_128_MD5 RC4 MD5 Anonymous
DH_anon_WITH_3DES_EDE_CBC_SHA TripleDES in CBC mode SHA-1 Anonymous
DH_anon_WITH_DES_CBC_SHA DES in CBC mode SHA-1 Anonymous
Note: On Xamarin, Mono and older Windows platforms, elliptic curve algorithms (ECDH and ECDSA) are only available with an external plugins.
Note: Vulnerable cipher suites are switched off by default. To enable them, set Parameters.AllowVulnerableSuites to true. However, this is strongly discouraged.
Note: CHACHA20_POLY1305 ciphers are not enabled by default. They use a managed implementation that is slower than AES/GCM alternatives on mainstream Windows platforms.
Ciphers based on modular Diffie-Hellman algorithm (those with "DHE_" prefix) are known to be very slow on legacy hardware. To only enable ciphers that are fast and also sufficiently secure, use TlsCipherSuite.Fast enum value.

Compatible with third-party implementations 

Rebex TLS is compatible with a wide range of third-party of current and legacy TLS implementations.

.NET Framework on Windows 

Rebex TLS supports the following .NET Framework platforms:

  • .NET Framework 4.8
  • .NET Framework 4.7.x
  • .NET Framework 4.6.x
  • .NET Framework 4.5.x
  • .NET Framework 4.0
  • .NET Framework 3.5 SP1
  • Both 32-bit and 64-bit versions (same DLLs)

Legacy binaries for .NET Framework 2.0/3.0 are available as well.
For details and a trial version download link, see Support for Legacy Platforms.

Supported IDE versions:

  • Microsoft Visual Studio 2019
  • Microsoft Visual Studio 2017
  • Microsoft Visual Studio 2015
  • Microsoft Visual Studio 2013
  • Microsoft Visual Studio 2012

Supported Windows versions:

Rebex TLS is also known to work on Windows 8, Windows Vista, Windows XP SP3, Windows Server 2003 R2, Windows Embedded Standard 2009 and Windows Embedded POSReady 2009. However, these platforms already reached end-of-life (most of them many years ago), which means we cannot guarantee support for Rebex TLS on these operating systems.

.NET Core 

Rebex TLS supports .NET Core platform.

Supported frameworks:

Supported operating systems:

  • Windows 10
  • Windows 10 IoT (.NET Core 3.1 and 3.0)
  • Windows 8.1
  • Windows 7 SP1 (end-of-life platform)
  • Windows Server 2008 R2 SP1 (end-of-life platform)
  • Linux
  • macOS
  • Same DLLs for all platforms (32-bit x86, 64-bit x64, ARM)

.NET Standard 

Rebex TLS supports .NET Standard 2.0 on .NET Core, Mono (5.14 or higher), Xamarin.Android (9.1 or higher) and Xamarin.iOS (12.3 or higher). Support for .NET Standard 2.0 on Universal Windows Platform (build 16299 or higher) and Xamarin.Mac (version 3.8 or higher) is experimental.

Mono on Linux 

Rebex TLS supports Mono 4.x/5.x/6.x on Linux and macOS.

Xamarin.iOS 

  • Visual Studio with Xamarin.iOS 12.3 or later
  • iOS 10.2 or later

To target Xamarin.iOS platform, reference .NET Standard 2.0 binaries.

Xamarin.Android 

  • Visual Studio with Xamarin.Android 9.1 or later

To target Xamarin.Android platform, reference .NET Standard 2.0 binaries.

Xamarin.Mac 

Rebex TLS features experimental support for Xamarin.Mac 3.8 or later via .NET Standard 2.0.

Universal Windows Platform 

Rebex TLS features experimental support for Universal Windows Platform (UWP/UAP) applications on Windows 10 via .NET Standard 2.0.

Supported platforms:

  • Windows 10 (version 1709 or higher)
  • Windows 10 IoT (version 1709 or higher)

In order to use Rebex TLS on these platforms, make sure to specify at least Windows 10 Fall Creators Update (10.0; Build 16299) in your Universal Windows project.

Legacy platform support 

Legacy edition of Rebex TLS for the following platforms is available as a separate product:

  • .NET Compact Framework 3.5/3.9
  • .NET Framework 2.0/3.0

Legacy platforms are platforms that are no longer covered by our Standard Support, but have not yet reached End of Life. For details, see the following KB articles:

.NET Compact Framework 

Rebex TLS supports .NET Compact Framework on Microsoft's legacy embedded, handheld and mobile platforms based on Windows CE.

Supported frameworks:

  • .NET Compact Framework 3.9
  • .NET Compact Framework 3.5

Supported operating systems:

  • Windows Embedded Compact 2013
  • Windows Embedded Compact 7
  • Windows Embedded Handheld 6.5 (end-of-life platform)
  • Windows Embedded CE 6.0 (end-of-life platform)
  • Windows CE 5.0 (end-of-life platform)
  • Windows Mobile 5.0, 6.0, 6.1, 6.5 (end-of-life platforms)

Supported IDE versions:

  • Microsoft Visual Studio 2013
  • Microsoft Visual Studio 2012
  • Microsoft Visual Studio 2008 (end-of-life environment)

Please note .NET Compact Framework is a legacy platform, which means that Rebex TLS for .NET CF is available as a separate product with different lifecycle and pricing.

XCOPY deployment 

When distributing an application using Rebex TLS library, simply copy the following DLL files (.NET assemblies) with your application:

  • Rebex.Common.dll
  • Rebex.Networking.dll
  • Rebex.Tls.dll

There is no need to install, configure or distribute anything else to make them work.

Rebex TLS license is royalty-free - you can distribute your application to unlimited number of users or computers without any additional fees.