Analysis of cryptographic providers usage in the TLS Protocol
DOI:
https://doi.org/10.30837/rt.2025.2.221.09Keywords:
TLS protocol, cryptographic provider, OpenSSL, BoringSSL, Crypto APIAbstract
The relevance of this work lies in the need to identify optimal implementations of cryptographic protocols depending on the conditions under which the TLS protocol is used. It is known that the TLS is utilized in various software products, across different platforms and operating systems. Therefore, it is not always feasible to rely on a single cryptographic provider or library to perform cryptographic operations and manage keys.
The goal of this study is to analyze the efficiency of cryptographic providers in the TLS protocol and to identify the features that influence their selection and usage based on specific implementation environments and protocol operation aspects.
As part of the research, a comparative analysis was conducted on cryptographic provider implementations, including OpenSSL, BoringSSL, and various versions of CryptoAPI. Based on the results of the analysis, recommendations were formulated on the feasibility of using certain cryptographic providers in TLS implementations.
References
Dierks T., and Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.2 (RFC 5246) // Internet Engineering Task Force (IETF). 2008 https://doi.org/10.17487/RFC5246
Lee Jae-Ho. Analysis of SSL Communication Process in CNG Crypto Library // The Journal of Korean Institute of Communications and Information Sciences. 2017. Vol. 42, no. 5. Р. 1027–1037. https://doi.org/10.7840/kics.2017.42.5.1027
Lee Jaeho, and Wallach Dan S. Removing Secrets from Android’s TLS // Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (AsiaCCS '19), ACM, 2019. https://doi.org/10.1145/3321705.3329810
Naser Abu, et al. Performance Evaluation and Modeling of Cryptographic Libraries for MPI Communications // Proceedings of the 2022 IEEE International Parallel and Distributed Processing Symposium (IPDPS). 2022. Р. 1192–1201. https://doi.org/10.1109/IPDPS53621.2022.00104
Howard Bryan. Applying Cryptography Using the CNG API in Windows Vista // MSDN Magazine, July 2007. https://learn.microsoft.com/en-us/archive/msdn-magazine/2007/july/applying-cryptography-using-the-cng-api-in-windows-vista
Bernstein, Daniel J., et al. OpenSSLNTRU: Faster post-quantum TLS key exchange // 31st USENIX Security Symposium (USENIX Security 22). 2022. Р. 359–376. https://www.usenix.org/conference/usenixsecurity22/presentation/bernstein
Schneier, B. Applied Cryptography: Protocols, Algorithms, and Source Code in C (20th Anniversary ed.). Wiley, 2015
Rescorla, E. The Transport Layer Security (TLS) Protocol Version 1.3 (RFC 8446) // Internet Engineering Task Force (IETF). 2018. https://doi.org/10.17487/RFC8446
Rizzo J., and Duong T. BEAST: Surprising crypto attack against HTTPS // Presented at Ekoparty Security Conference. 2011. https://hal.science/hal-01154820/document
Moeller B. This POODLE Bites: Exploiting The SSL 3.0 Fallback // Google Security Blog. 2014. https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
Durumeric Z., Kasten J., Adrian D., Halderman J. A., Bailey M., Li F., ... and Ensafi R. The Matter of Heartbleed // Proceedings of the 2014 Conference on Internet Measurement Conference. 2014. Р. 475–488. https://doi.org/10.1145/2663716.2663755
AlFardan N. J., and Paterson K. G. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols // 2013 IEEE Symposium on Security and Privacy. 2013. Р. 526–540. https://doi.org/10.1109/SP.2013.13
Bleichenbacher D. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard // Advances in Cryptology – CRYPTO '98. 1998. Р. 1–12. Springer. https://doi.org/10.1007/BFb0055716
Calomel.org. AES-NI SSL Performance Benchmarks, 2022 https://calomel.org/aesni_ssl_performance.html
OpenSSL Software Foundation. OpenSSL: Cryptography and SSL/TLS Toolkit. https://www.openssl.org
GitHub. Performance degradation in the FIPS-BoringSSL version being used by Envoy, 2021. https://github.com/envoyproxy/envoy/issues/19037
OpenSSL Cookbook 3rd Edition - 1.4 Performance. Feisty Duck | SSL/TLS and PKI training and books, 2020. https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/performance.html
BoringSSL Gerrit. Use packed representation for large Curve25519 table, 2023. https://boringssl-review.googlesource.com/c/boringssl/+/60107
Microsoft Docs. ECC Curve Support in CNG. Microsoft, 2023. https://learn.microsoft.com/en-us/windows/win32/seccng/cng-named-elliptic-curves
Security and So Many Things. Hashing Methods Benchmark, 2021. https://asecuritysite.com/openssl/openssl_full2b
GitHub. BenchmarkDotNet Crypto Hash Test, 2023. https://github.com/dotnet/BenchmarkDotNet
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
