haproxy vs ssldump

Our great sponsors

WorkOS - The modern identity platform for B2B SaaS

InfluxDB - Power Real-Time Data Analytics at Scale

SaaSHub - Software Alternatives and Reviews

Our great sponsors

haproxy		ssldump
	Project
16	Mentions	2
4,445	Stars	226
2.7%	Growth	-
9.9	Activity	7.5
5 days ago	Latest Commit	2 days ago
C	Language	C
GNU General Public License v3.0 or later	License	GNU General Public License v3.0 or later

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

haproxy

Posts with mentions or reviews of haproxy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-11.

HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
2 projects | news.ycombinator.com | 11 Oct 2023

I wanted to try it out just now but hit a roadblock immediately - it cannot automatically obtain and maintain TLS certificates. You have to use an external client (e.g. acme.sh), set up a cron to check/renew them, and poke HAProxy to reload them if necessary. I'm way past doing this in 2023.
https://www.haproxy.com/blog/haproxy-and-let-s-encrypt
https://github.com/haproxy/haproxy/issues/1864
Why Haproxy is not build with PROMEX by default (Linux / BSD)
1 project | /r/haproxy | 28 May 2023

For context I think this might be useful: https://github.com/haproxy/haproxy/blob/master/addons/promex/README
minexmr2.com updated to p2pool v3.1, monerod v0.18.2.0, and ready for Mar 18 p2pool (not monero) hardfork
6 projects | /r/MoneroMining | 12 Mar 2023

I turn on 1 relatively cheap cloud server to process DNS, https and stratum connections and route them via haproxy to one of N miner servers described above.
HAProxy Security Update (CVE-2023-25725) - HTTP content smuggling attack
1 project | /r/netsec | 16 Feb 2023

Full technical writeup here: https://github.com/haproxy/haproxy/commit/a8598a2eb11b6c989e81f0dbf10be361782e8d32
Request smuggling in HAProxy via empty header name
1 project | /r/websecurityresearch | 16 Feb 2023
Enormous session rate
1 project | /r/haproxy | 2 Feb 2023
Update to haproxy 2.4.18 breaks WebDAV
2 projects | /r/haproxy | 11 Dec 2022
HAProxy 2.7
5 projects | news.ycombinator.com | 2 Dec 2022

With the recent discussions about memory safe languages, HAProxy is still surprisingly written in C [0].
[0]: https://github.com/haproxy/haproxy
35M Hot Dogs: Benchmarking Caddy vs. Nginx
11 projects | news.ycombinator.com | 16 Sep 2022

It does not, because HAProxy does not perform any disk access at runtime and thus would be unable to persist the certificates anywhere. Disks accesses can be unpredictably slow and would block the entire thread which is not something you want when handling hundreds of thousands of requests per second.
See this issue and especially the comment from Lukas Tribus: https://github.com/haproxy/haproxy/issues/1864
Disclosure: Community contributor to HAProxy, I help maintain HAProxy's issue tracker.
Guide to Adapting HAProxy to openGauss
1 project | /r/openGauss | 7 Apr 2022

Code link: https://github.com/haproxy/haproxy

ssldump

Posts with mentions or reviews of ssldump. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-13.

Tracing HTTP Requests with Tcpflow
3 projects | news.ycombinator.com | 13 Nov 2022

I recall seeing a thread somewhere saying tcpflow would not add this capability and they point people to ssldump [1][2] and even that has some limitations.
[1] - https://github.com/adulau/ssldump
[2] - https://linux.die.net/man/1/ssldump
Ssldump v1.3 – Many bugs fixed including memory leaks and a new JSON export
1 project | news.ycombinator.com | 2 Feb 2021

What are some alternatives?

When comparing haproxy and ssldump you can also consider the following projects:

zstd - Zstandard - Fast real-time compression algorithm

ecapture - Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.

ClickHouse - ClickHouse® is a free analytics DBMS for big data

lsquic - LiteSpeed QUIC and HTTP/3 Library

3proxy - 3proxy - tiny free proxy server

wolfssl - The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!

Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

SoftEther - Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.

Jool - SIIT and NAT64 for Linux

Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

brotli - Brotli compression format

tls-scan - An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )

haproxy vs zstd ssldump vs ecapture haproxy vs ClickHouse ssldump vs lsquic haproxy vs 3proxy ssldump vs wolfssl haproxy vs Caddy ssldump vs SoftEther haproxy vs Jool ssldump vs Suricata haproxy vs brotli ssldump vs tls-scan

Compare haproxy vs ssldump and see what are their differences.

haproxy

ssldump

haproxy

ssldump

What are some alternatives?