Editing Transport Layer Security (section)

===Libraries===
{{Main|Comparison of TLS implementations}}{{Further|topic=protocol version support in libraries|Comparison of TLS implementations#TLS version support}}
Most SSL and TLS programming libraries are [[free and open-source software]].
*[[BoringSSL]], a fork of OpenSSL for Chrome/Chromium and Android as well as other Google applications.
*[[Botan (programming library)|Botan]], a BSD-licensed cryptographic library written in C++.
*[[BSAFE]] Micro Edition Suite: a multi-platform implementation of TLS written in [[C (programming language)|C]] using a FIPS-validated cryptographic module
*[[BSAFE]] SSL-J: a TLS library providing both a proprietary API and [[Java Secure Socket Extension|JSSE]] API, using FIPS-validated cryptographic module
*[[cryptlib]]: a portable open source cryptography library (includes TLS/SSL implementation)
*[[Delphi (programming language)|Delphi]] programmers may use a library called Indy which utilizes [[OpenSSL]] or alternatively ICS which supports TLS 1.3 now.
*[[GnuTLS]]: a free implementation (LGPL licensed)
*[[Java Secure Socket Extension]] (JSSE): the [[Java (programming language)|Java]] API and provider implementation (named SunJSSE)<ref>{{cite web|title=Java Secure Socket Extension (JSSE) Reference Guide|url=https://docs.oracle.com/en/java/javase/17/security/java-secure-socket-extension-jsse-reference-guide.html|access-date=2021-12-24|website=Oracle Help Center|language=en-US|archive-date=2022-01-22|archive-url=https://web.archive.org/web/20220122070356/https://docs.oracle.com/en/java/javase/17/security/java-secure-socket-extension-jsse-reference-guide.html|url-status=live}}</ref>
*[[LibreSSL]]: a fork of OpenSSL by OpenBSD project.
*[[MatrixSSL]]: a dual licensed implementation
*[[Mbed TLS]] (previously PolarSSL): A tiny SSL library implementation for embedded devices that is designed for ease of use
*[[Network Security Services]]: [[FIPS 140]] validated open source library
*[[OpenSSL]]: a free implementation (BSD license with some extensions)
*[[Security Support Provider Interface|Schannel]]: an implementation of SSL and TLS [[Microsoft Windows]] as part of its package.
*[[Secure Transport]]: an implementation of SSL and TLS used in [[OS X]] and [[iOS]] as part of their packages.
*[[wolfSSL]] (previously CyaSSL): Embedded SSL/TLS Library with a strong focus on speed and size.

A paper presented at the 2012 [[Association for Computing Machinery|ACM]] [[computer security conference|conference on computer and communications security]]<ref>{{cite book|last1=Georgiev|first1=Martin|last2=Iyengar|first2=Subodh|last3=Jana|first3=Suman|last4=Anubhai|first4=Rishita|last5=Boneh|first5=Dan|last6=Shmatikov|first6=Vitaly|title=The most dangerous code in the world: validating SSL certificates in non-browser software. Proceedings of the 2012 ACM conference on Computer and communications security|year=2012|isbn=978-1-4503-1651-4|url=http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf|pages=38–49|publisher=Association for Computing Machinery |url-status=live|archive-url=https://web.archive.org/web/20171022194807/http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf|archive-date=2017-10-22}}</ref> showed that many applications used some of these SSL libraries incorrectly, leading to vulnerabilities. According to the authors:
<blockquote>"The root cause of most of these vulnerabilities is the terrible design of the APIs to the underlying SSL libraries. Instead of expressing high-level security properties of network tunnels such as confidentiality and authentication, these APIs expose low-level details of the SSL protocol to application developers. As a consequence, developers often use SSL APIs incorrectly, misinterpreting and misunderstanding their manifold parameters, options, side effects, and return values."</blockquote>