Comparison of BSAFE TLS libraries: Micro Edition Suite vs SSL-J

Summary: Comparison between BSAFE Micro Edition Suite and BSAFE SSL-J

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Comparison of BSAFE TLS libraries capabilities

This page documents the differences between the two different TLS library implementations of BSAFE Micro Edition Suite, for C developers, and BSAFE SSL-J, for Java developers.
 

Federal Information Processing Certifications  

FIPS 140 Certifications
For more info, see FIPS 140 status of BSAFE cryptographic modules
  MES SSL-J
FIPS 140-2 Yesa Yesb
FIPS 140-3 No In progressc
a via BSAFE Crypto-C Micro Edition Suite FIPS Module
b via BSAFE Crypto-J JSAFE and JCE FIPS JCM
c via BSAFE Crypto Module for Java 7.0
 

Protocol Support

Protocol Support
  MES SSL-J
TLS 1.3 Yes - Since v5.0 Yes - Since v7.0
TLS 1.2 Yes Yes
TLS 1.1 Disabled by default since v4.5, in 4.x.
No in 5.x		 Disabled by default since v6.5, in 6.x releases.
No in 7.x.
TLS 1.0 Disabled by default since v4.5, in 4.x.
No in 5.x		 Disabled by default since v6.5, in 6.x releases.
No in 7.x.
SSL 3.0 (insecure) Disabled by default in 4.x.
No since 5.0		 Disabled by default in 6.x.
No since 7.0
SSL 2.0 (insecure) No No
DTLS (any version) No No
 

Supported TLS Extensions

TLS Extensions
  MES SSL-J
Secure Renegotiation Yes Yes
SNI - Server Name Indication Yes Yes
ALPN - Application Layer Protocol Negotiation Yes - Since v5.0 No
Certificate Status Request Ignored Yes
OpenPGP No No
Supplemental Data No No
Session Ticket Yes No
Keying Material Exporter Yes No
Maximum Fragment Length Yes Yes
Truncated HMAC Yes No
Encrypt-then-MAC Yes No
TLS Fallback SCSV No No
Extended Master Secret Yes Yes
ClientHello Padding No No
Raw Public Keys No No
 

Key Agreement and Key Exchange Algorithms

Key Agreement and Key Exchange Algorithms
  MES SSL-J
RSA Yes Yes
RSA-EXPORT No No
DHE-RSA Yes Yes
DHE-DSS Yes Yes
ECDH-ECDSA Yes Yes
ECDHE-ECDSA Yes Yes
ECDH-RSA Yes Yes
ECDHE-RSA Yes Yes
GOST R 34.10-94, 34.10-2001 No No
SRP No No
SRP-DSS No No
SRP-RSA No No
PSK-RSA No Yes - Since v6.2.6
PSK Yes - Since v5.0 Yes - Since v6.2.6
DHE-PSK Yes No
ECDHE-PSK Yes No
KRB5 No No
DH-ANON No Yes - Disabled by default
ECDH-ANON No Yes - Disabled by default
 

Encryption Algorithms

Encryption algorithms
Block cipher with mode of operation
  MES SSL-J
AES GCM Yes Yes
AES CCM Yes Yes
AES CBC Yes Yes
Camellia GCM No No
Camellia CBC Yes No
ARIA GCM No No
ARIA CBC Yes - with legacy R_SSL API No
SEED CBC Yes No
3DES EDE CBC Yes - Lowest priority Disabled by default
IDEA CBC No No
DES CBC No Disabled by default
DES-40 CBC No Disabled by default
RC2-40 CBC No Disabled by default
GOST 28147-89 CNT No No
Stream cipher
ChaCha20-Poly1305 No No
RC4-128 Disabled by default in v4.6.x
No in v5.0		 Yes - Disabled by default
RC4-40 Disabled by default in v4.6.x
No in v5.0		 Yes - Disabled by default
 

Supported Data Integrity and Message Authentication Code Algorithms

Data Integrity and MAC
  MES SSL-J
HMAC-MD5 Yes Yes
HMAC-SHA1 Yes Yes
HMAC-SHA256 Yes Yes
HMAC-SHA384 Yes Yes
AEAD Yes Yes
GOST 28147-89 IMIT No No
GOST R 34.11-94 No No
 

Supported Elliptic Curves

Supported elliptic curve
Approved in TLSa
  MES SSL-J
sect163k1 NIST K-163 Yes Yes
sect163r1 No No
sect163r2 NIST B-163 Yes Yes
sect193r1 No No
sect193r2 No No
sect233k1 NIST K-233 Yes Yes
sect233r1 NIST B-233 Yes Yes
sect239k1 No No
sect283k1 NIST K-283 Yes Yes
sect283r1 NIST B-283 Yes Yes
sect409k1 NIST K-409 Yes Yes
sect409r1 NIST B-409 Yes Yes
sect571k1 NIST K-571 Yes Yes
sect571r1 NIST B-571 Yes Yes
secp160k1 No No
secp160r1 No No
secp160r2 No No
secp192k1 No No
secp192r1 prime192v1 NIST P-192 Yes Yes
secp224k1 No No
secp224r1 NIST P-224 Yes Yes
secp256k1 No no
secp256r1 prime256v1 NIST P-256 Yes Yes
secp384r1 NIST P-384 Yes Yes
secp521r1 NIST P-521 Yes Yes
Arbitrary Prime Curves No No
arbitrary char2 curves No No
brainpoolP256r1 No No
brainpoolP384r1 No No
brainpoolP512r1 No No
X25519 No No
Curve448 Ed448-Goldilocks No No
Proposed curves
M221 Curve2213 No No
E222 No No
Curve1174 No No
E382 No No
M383 No No
Curve383187 No No
Curve41417 / Curve3617 No No
M511 Curve511187 No No
E521 No No
a Curves defined in RFC 8446 (TLS 1.3) and RFC 8422, 7027 (TLS 1.2 and earlier)
 

US National Security Agency Profiles  

US National Security Agency Profiles
  MES SSL-J
Suite B Yes Yes
CNSA v1.0 Yes -
CNSA v2.0 Yes -
 

Certificate Verification Methods

Certificate Verification Methods
  MES SSL-J
Application-defined Yes Yes
PKIX path validation Yes Yes
CRL Yes Yes
OCSP Yes Yes
DANE (DNSSEC) No No
Trust on First Use (TOFU) No No
 

Compression Methods

Compression
  MES SSL-J
Deflate No No
 

Assisted Cryptography and Processor Algorithm Acceleration support

Assisted Cryptography
  MES SSL-J
PKCS #11 device Yes -
AES CPU instruction set Yes -
VIA PadLock No -
ARMv8-A No -
Intel SGX No -
Intel QAT No -
SHA CPU instruction set Yes -
NXP CAAM No -
 

TPM and Hardware Token Support

Cryptographic module/token support
  MES SSL-J
TPM Support No -
Hardware token support Via PKCS #11 -

Products

BSAFE Micro Edition Suite, BSAFE SSL-J
Article Properties
Article Number: 000204717
Article Type: How To
Last Modified: 29 Oct 2022
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.