Back to feature list...
TLS/SSL core
On this page:
TLS/SSL is a cryptographic communication protocol providing a way of securing protocols such as FTP, HTTP, SMTP, IMAP, POP3, Telnet or Syslog.
TLS and SSL are different versions of the same protocol. TLS 1.0 is a name for what was supposed to be SSL 3.1. When we use the terms "SSL" or "TLS", we generally mean "TLS or SSL".
Tip: Read more about the differences between implicit and explicit modes.
TLS/SSL protocol versions
Use Parameters.Version property
(on client object) to enable or disable specific versions of the TLS/SSL protocol.
Supported versions:
- TLS 1.3
- TLS 1.2
- TLS 1.1 (deprecated)
- TLS 1.0 (deprecated)
- SSL 3.0 (deprecated)
TLS 1.3 cipher suites
The following TLS 1.3 ciphers are supported:
TLS_AES_128_GCM_SHA256(AES/GCM with 128-bit key)TLS_AES_256_GCM_SHA384(AES/GCM with 256-bit key)TLS_CHACHA20_POLY1305_SHA256(ChaCha20-Poly1305 AEAD cipher)
Use
Parameters.SetSymmetricCipherSuites(...)
method (on the client object) to specify a list of allowed TLS 1.3 symmetric cipher suites, and
Parameters.GetSymmetricCipherSuites()
method to retrieve the current setting.
Note:
TLS_CHACHA20_POLY1305_SHA256 cipher is not enabled by default. It uses a managed implementation
that is slower than AES/GCM alternatives on mainstream Windows platforms.
TLS 1.3 key exchange algorithms
The following TLS 1.3 key exchange algorithms are supported:
secp256r1(ECDH with NIST P-256 curve)secp384r1(ECDH with NIST P-384 curve)secp521r1(ECDH with NIST P-521 curve)brainpoolP256r1tls13(ECDH with Brainpool P256r1 curve)brainpoolP384r1tls13(ECDH with Brainpool P384r1 curve)brainpoolP512r1tls13(ECDH with Brainpool P512r1 curve)x25519(ECDH with X25519 curve)ffdhe2048(Diffie-Hellman with 2048-bit modulus)ffdhe3072(Diffie-Hellman with 3072-bit modulus)ffdhe4096(Diffie-Hellman with 4096-bit modulus)ffdhe6144(Diffie-Hellman with 6144-bit modulus)ffdhe8192(Diffie-Hellman with 8192-bit modulus)X25519MLKEM768(Post-quantum hybrid ECDH and ML-KEM key agreement)SecP256r1MLKEM768(Post-quantum hybrid ECDH and ML-KEM key agreement)SecP384r1MLKEM1024(Post-quantum hybrid ECDH and ML-KEM key agreement)
Note: On Xamarin, Mono and older Windows platforms, ECDSA elliptic curve algorithms are only
available with an external plugins.
ML-KEM requires a plugin unless running on Windows 11 25H2.
TLS 1.3 signature algorithms
The following TLS 1.3 signature algorithms are supported:
rsa_pss_rsae_sha256(RSA with RSASSA-PSS scheme and SHA-256)rsa_pss_rsae_sha384(RSA with RSASSA-PSS scheme and SHA-384)rsa_pss_rsae_sha512(RSA with RSASSA-PSS scheme and SHA-512)ecdsa_secp256r1_sha256(ECDSA with NIST P-256 curve and SHA-256)ecdsa_secp384r1_sha384(ECDSA with NIST P-384 curve and SHA-384)ecdsa_secp521r1_sha512(ECDSA with NIST P-521 curve and SHA-512)ecdsa_brainpoolP256r1tls13_sha256(ECDSA with Brainpool P256r1 and SHA-256)ecdsa_brainpoolP384r1tls13_sha384(ECDSA with Brainpool P384r1 and SHA-384)ecdsa_brainpoolP512r1tls13_sha512(ECDSA with Brainpool P512r1 and SHA-512)ed25519(EdDSA with edwards25519 curve and SHA-512)mldsa44(ML-DSA-44, Level 1)mldsa65(ML-DSA-65, Level 3)mldsa87(ML-DSA-87, Level 5)
In TLS 1.3, certificates signed by the following signature algorithms are supported:
- ECDSA with SHA-256, SHA-384 or SHA-512 (corresponds to TLS 1.3
ecdsa_*algorithms) - ECDSA with SHA-1 (legacy certificates; corresponds to TLS 1.3
ecdsa_sha1algorithm) - RSASSA-PSS with SHA-256, SHA-384 or SHA-512 (corresponds to TLS 1.3
rsa_pss_rsae_*algorithms) - RSASSA-PKCS1-v1_5 with SHA-256, SHA-384 or SHA-512 (corresponds to TLS 1.3
rsa_pkcs1_*algorithms) - RSASSA-PKCS1-v1_5 with SHA-1 (legacy certificates; corresponds to TLS 1.3
rsa_pkcs1_sha1algorithm) - ML-DSA 44/65/87 (experimental, ready for real world testing)
- EdDSA with edwards25519 curve and SHA-512 (corresponds to TLS 1.3
ed25519; needs a custom certificate verifier)
Note: On Xamarin, Mono and older Windows platforms, ECDSA elliptic curve algorithms are only
available with an external plugins.
ML-DSA requires a plugin unless running on Windows 11 25H2 or up-to-date Linux with .NET 10 or later.
TLS 1.2/1.1/1.0 cipher suites
The
Parameters.AllowedSuites
property
of the TlsSocket object
makes it possible to specify a combination of following algorithms:
| Cipher ID | Certificate Key Algorithm | Key Exchange Algorithm | Encryption Algorithm | MAC Alg. |
|---|---|---|---|---|
| RSA_WITH_AES_128_GCM_SHA256 | RSA | RSA | AES/GCM | AEAD |
| RSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD | ||
| RSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 | ||
| RSA_WITH_AES_256_CBC_SHA256 | AES/CBC | SHA-256 | ||
| RSA_EXPORT_WITH_RC4_40_MD5 | RC4 | MD5 | ||
| RSA_WITH_RC4_128_MD5 | RC4 | MD5 | ||
| RSA_WITH_RC4_128_SHA | RC4 | SHA-1 | ||
| RSA_EXPORT_WITH_RC2_CBC_40_MD5 | RC2/CBC | MD5 | ||
| RSA_EXPORT_WITH_DES40_CBC_SHA | DES/CBC | SHA-1 | ||
| RSA_WITH_DES_CBC_SHA | DES/CBC | SHA-1 | ||
| RSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 | ||
| RSA_EXPORT1024_WITH_DES_CBC_SHA | DES/CBC | SHA-1 | ||
| RSA_EXPORT1024_WITH_RC4_56_SHA | RC4 | SHA-1 | ||
| RSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 | ||
| RSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 | ||
| ECDHE_RSA_WITH_AES_128_GCM_SHA256 | RSA | Elliptic Curve Diffie-Hellman | AES/GCM | AEAD |
| ECDHE_RSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD | ||
| ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ChaCha20-Poly1305 | AEAD | ||
| ECDHE_RSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 | ||
| ECDHE_RSA_WITH_AES_256_CBC_SHA384 | AES/CBC | SHA-384 | ||
| ECDHE_RSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 | ||
| ECDHE_RSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 | ||
| ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 | ||
| ECDHE_RSA_WITH_RC4_128_SHA | RC4 | SHA-1 | ||
| ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | Elliptic Curve DSA | Elliptic Curve Diffie-Hellman | AES/GCM | AEAD |
| ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD | ||
| ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ChaCha20-Poly1305 | AEAD | ||
| ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 | ||
| ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | AES/CBC | SHA-384 | ||
| ECDHE_ECDSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 | ||
| ECDHE_ECDSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 | ||
| ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 | ||
| ECDHE_ECDSA_WITH_RC4_128_SHA | RC4 | SHA-1 | ||
| DHE_RSA_WITH_AES_128_GCM_SHA256 | RSA | Diffie-Hellman | AES/GCM | AEAD |
| DHE_RSA_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD | ||
| DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ChaCha20-Poly1305 | AEAD | ||
| DHE_RSA_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 | ||
| DHE_RSA_WITH_AES_256_CBC_SHA256 | AES/CBC | SHA-256 | ||
| DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | DES/CBC | SHA-1 | ||
| DHE_RSA_WITH_DES_CBC_SHA | DES/CBC | SHA-1 | ||
| DHE_RSA_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 | ||
| DHE_RSA_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 | ||
| DHE_RSA_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 | ||
| DHE_DSS_WITH_AES_128_GCM_SHA256 | DSS | Diffie-Hellman | AES/GCM | AEAD |
| DHE_DSS_WITH_AES_256_GCM_SHA384 | AES/GCM | AEAD | ||
| DHE_DSS_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 | ||
| DHE_DSS_WITH_AES_256_CBC_SHA256 | AES/CBC | SHA-256 | ||
| DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | DES/CBC | SHA-1 | ||
| DHE_DSS_WITH_DES_CBC_SHA | DES/CBC | SHA-1 | ||
| DHE_DSS_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 | ||
| DHE_DSS_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 | ||
| DHE_DSS_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 | ||
| DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA | DES/CBC | SHA-1 | ||
| DHE_DSS_EXPORT1024_WITH_RC4_56_SHA | RC4 | SHA-1 | ||
| DHE_DSS_WITH_RC4_128_SHA | RC4 | SHA-1 | ||
| DH_anon_WITH_AES_256_CBC_SHA256 | no certificate | Diffie-Hellman | AES/CBC | SHA-256 |
| DH_anon_WITH_AES_128_CBC_SHA256 | AES/CBC | SHA-256 | ||
| DH_anon_WITH_AES_256_CBC_SHA | AES/CBC | SHA-1 | ||
| DH_anon_WITH_AES_128_CBC_SHA | AES/CBC | SHA-1 | ||
| DH_anon_WITH_RC4_128_MD5 | RC4 | MD5 | ||
| DH_anon_WITH_3DES_EDE_CBC_SHA | 3DES/CBC | SHA-1 | ||
| DH_anon_WITH_DES_CBC_SHA | DES/CBC | SHA-1 |
Note: On Xamarin, Mono and older Windows platforms, elliptic curve algorithms (ECDH and ECDSA) are only available with an
external plugins.
Note: Vulnerable cipher suites are switched off by default.
To enable them, set
Parameters.AllowVulnerableSuites
to true.
However, this is strongly discouraged.
Note: CHACHA20_POLY1305 ciphers are not enabled by default. They use a managed implementation
that is slower than AES/GCM alternatives on mainstream Windows platforms.
Ciphers based on modular Diffie-Hellman algorithm (those with "DHE_" prefix) are known to be very slow on legacy hardware.
To only enable ciphers that are fast and also sufficiently secure, use
TlsCipherSuite.Fast enum value.
TLS/SSL extensions
Rebex TLS supports the following extensions:
- Server Name Identification (SNI)
- Renegotiation Indication
- OCSP stapling
TLS/SSL elliptic curves
The Parameters.AllowedCurves property
(on client object) makes it possible to specify a set of enabled elliptic curves
used by ECDHE ciphers above. Supported elliptic curves:
| Curve ID | Curve Name |
|---|---|
| NistP256* | NIST P-256 curve |
| NistP384* | NIST P-384 curve |
| NistP521* | NIST P-521 curve |
| BrainpoolP256R1** | Brainpool P-256 R1 curve |
| BrainpoolP384R1** | Brainpool P-384 R1 curve |
| BrainpoolP512R1** | Brainpool P-512 R1 curve |
| Curve25519*** | X25519 curve |
* These curves require a plugin on Xamarin, Mono, and legacy Windows platforms.
** These curves require a plugin on Xamarin, Mono, and Windows earlier than Windows 10 / Windows Server 2016.
*** These curves require a plugin on non-Windows platforms and on Windows earlier than Windows 10 / Windows Server 2016.
Back to feature list...