Connect to remote or build your own SSL/TLS-secured servers

  • Supported Platforms

  • .NET.NET

    Pure managed and integrated components, carefully optimized to achieve maximum performance comparable to native processor code. The .NET edition can be used on .NET and Mono server and desktop platforms, in ASP.NET applications, and on mobile devices.

  • .NETJava

    Highly integrated Java security library including numerous classes to enable support for a wide range of application-level protocols, security algorithms, and standards. You can use Java security libraries to develop software for desktop and server platforms, mobile devices, and Web applications.

  • .NETC++

    A shared library (.dll on Windows and .so on Linux / macOS) and set of C++ classes. Used in C++ applications for Windows, Linux, macOS, and iOS platforms. Supported compilers include Visual C++, MinGW, gcc, and Xcode.


    Highly integrated and blazingly fast native Delphi (Pascal) components for building native Windows, Linux, and macOS applications. All components are native Delphi, have no third-party binaries or references, and no reliance on Windows CryptoAPI. Also includes Delphi components for building Android and iOS apps.


    Integrated components for PHP scripts running on Linux and Windows servers.


Use SSLBlackbox to connect to remote SSL/TLS-secured servers or build your own servers and secure them with SSL/TLS.

Support for All Versions of TLS

Included SSL/TLS components support all versions of TLS (up to 1.2) with strong encryption using keys up to 16384 bits.

Client-side and Server-side DTLS Support

One of the recent additions to SSL/TLS family of protocols is Datagram TLS ( DTLS ), which is very similar to TLS. DTLS is used to protect UDP-based or other message-based network communications such as stream audio and video delivery. SSLBlackbox is one of the few solutions to provide client-side and server-side DTLS support.

Client-side Components for Application-level Protocols

SSL/TLS is often used to secure application-level protocols, such as HTTP and FTP. SSLBlackbox includes components for client-side access to the remote servers using these protocols. In particular, SSLBlackbox includes a client-side component to upload and download files using FTP / FTPS protocol. Other operations defined by FTP protocol specifications are supported as well.

SSL/TLS and PKI Provides Strong Security

Unlike symmetric encryption, securing communications with SSL/TLS doesn't require that the sides know the shared secret (password/encryption key). Also, Public Key Security (PKI) lets each side examine authenticity of the other side and prevent man-in-the-middle attacks.

Easy to Implement and Maintain Security

The PKI infrastructure is a widely-used technology, so implementation and maintenance of SSL/TLS-based solutions with FTPBlackbox are quite simple tasks.

No External Dependencies

SSLBlackbox includes its own implementation of SSL/TLS/DTLS protocol family and doesn't include any external code like OpenSSL, OpenSSH etc.

Full Feature List

SSL/TLS Protocol

  • Widest possible compatibility via support for modern TLS 1.2, TLS 1.1, TLS 1.0, SSL 3, and SSL 2
  • DTLS (Datagram TLS) protocol support lets you secure your UDP-based communications
  • Flexible client- and server-side SSL/TLS authentication support during handshake allows deploying the classes to custom PKI infrastructure
  • User-controlled validation of certificates lets you build custom PKI infrastructure or better control authentication in SSL/TLS
  • Built-in compression increases transfer speed and reduces network load
  • Optional resuming of TLS sessions in both client and server components. Both SSL sessions and TLS Stateless resumption are supported
  • Use of Cryptocards and USB Crypto Tokens for further protection of secret information (private and secret keys)
  • Authentication using OpenPGP keys and pre-shared keys (PSK) provides an alternative to PKI for in-house solutions
  • SRP (Secure Remote Password) cipher suites is another alternative to PKI for authentication
  • Standard and custom TLS extensions let you harness the power of TLS specification and include additional information to the handshake, if necessary
  • With raw asymmetric keys for authentication (instead of X.509 certificates) you can avoid the necessity to deploy PKI infrastructure where it is not needed (in closed environments) and decrease handshake time
  • Possibility to secure any data channels (and not just TCP or UDP sockets) lets you secure any communication channel with TLS or DTLS
  • OCSP stapling support lets you reduce load on certificate authorities' OCSP servers during certificate validation
  • Certificates with key length from 512 to 16384 bits give you enough security for today and tomorrow solutions
  • Support for RSA, DSA and DH public key algorithms and optional ECC-based cipher suites
  • Data encryption with Camellia, AES (128 to 256 bit), Triple DES (3DES), DES, ARCFOUR, RC2, and algorithms
  • Asynchronous operation mode lets you easily build synchronous and asynchronous applications


  • Connect to existing FTP/FTPS servers using client-side classes for FTP and FTP-over-SSL (FTPS) protocols
  • Support for explicit and implicit TLS for increased connectivity and compatibility with various servers
  • Compression (MODE Z) support to save bandwidth and speed-up transfer
  • MLSD command support for easy parsing of directory listings
  • Support for files over 4 Gb lets you easily transfer huge files
  • Custom commands can be sent for better control of server behavior
  • Full scope of file and directory commands defined by the protocol specification (create and delete directories, rename files etc.)
  • Batch operations - methods for uploading, downloading and deleting one or several files and directories with one method call
  • Upload and download of any information represented as Streams - disk files, in-memory streams, database records or any other custom streams
  • Overwrite, resume, append and skip modes of file upload and download
  • Transfer resumption and partial transfers
  • Keep-alive during data transfer lets you save the command channel from being closed by NATs and firewalls during transfer of large files over data channel
  • Support for Unicode file names via UTF8
  • Virtual file system support - provide access to existing file system or access your virtual file hierarchies
  • Support for FTP proxies and SOCKS and HTTP CONNECT (web tunneling) proxies with various authentication mechanisms
  • Active and passive mode with optional adjustment of the server address in passive mode provide maximum connectivity when the client or the server (or both) are located behind the firewall
  • Flexible support for client- and server-side SSL/TLS authentication during data exchange allows deploying the classes to custom PKI infrastructure
  • Bandwidth control to avoid overloading of slow networks
  • IPv6 and International Domain Names (IDN) support for maximum network connectivity
  • Support for custom DNS servers and DNSSEC for even more security and network stability
  • Port knocking support for advanced security