Although not included in our experiments, we recommend using BoringSSL or LibreSSL for new projects. Both are forks of OpenSSL that feature fundamental refactoring of the original code, removal of rarely used features and more stringent requirements for code quality. LibreSSL was created by OpenBSD developers as a response to the Heartbleed bug and the poor code quality of OpenSSL and is currently the used in OpenBSD as well as various other BSD and Linux implementations. BoringSSL is a later fork maintained by Google for similar reasons. Both projects aim to share code amongst each other.
If an older implementation with a greater number of existing users is desirable, we recommend either NSS (developed by Mozilla and used in the Firefox browser) or GnuTLS. Beginning with version 3.32.1, NSS also includes components developed as part of the formally verified HACL* cryptographic library, which ensures that these specific building blocks behave in accordance with the TLS specification. Other users of HACL* include miTLS, a verified reference implementation of TLS that will be used as a baseline for further research on TLS sessions.
To view details about a specific protocol, choose it from the drop-down: