Standard Compliance

Where would we be without standards?

Without standards, the Internet would be an even bigger chaos than it already is. For SSL / TLS the cryptographic building blocks, protocols and data formats are (almost) all defined in public standards.

SSL / TLS Client and Server

mbed TLS implements all current versions of the SSL and TLS protocol.

A lot of common features are specified in additional standards. mbed TLS supports the AES GCM and Camellia ciphersuites and implements extensions such as secure renegotiation and the ServerName extension commonly known as Server Name Indication (SNI).

Symmetric ciphers

mbed TLS implements the most used standard symmetric ciphers.

AES

Camellia

Blowfish

Blowfish encryption algorithm

ARCFOUR (RC4)

DES / Triple-DES

XTEA

Wikipedia entry on XTEA

Cipher modes

Hash / Message Digest algorithms

mbed TLS implements the most used standard message digest algorithms.

SHA-2 and SHA1

MD5, MD4 and MD2

Random Generators

RSA and big number implementation

RSA is implemented using its own big number library.

X509 certificates, CRLs, Keys and ASN.1

X509 certificates are at the basis of most PKIs and are used in the SSL protocols to represent identities. X509 certificates are layed out in the ASN.1 standard which used the DER format to describe data.

ASN.1 and DER are described here:

Diffie-Hellman-Merkle

PKCS#5

PKCS#8

RFC5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification Version 1.2

PKCS#12

PKCS#12 v1.1 Personal Information Exchange Syntax