Top 18 C SSL Projects

SSL

• Add a project

1. OpenSSL

   1 173 27,535 9.9 C

   TLS/SSL and crypto library

   

   Project mention: I no longer have an old-school cert on my HTTPS site | news.ycombinator.com | 2025-05-23

   > I don't really buy this explanation. It's a very large unsigned number. Everyone knows this.

   Everyone knows that an RSA modulus is a very large unsigned number yes. Not everyone knows that every number is unsigned.

   > Is there some arbitrary precision library in use that forces large integers to be signed?

   OpenSSL's own BN (BigNum) library, which tests if the high bit is set in the input (line 482):

   https://github.com/openssl/openssl/blob/a0d1af6574ae6a0e3872...

   > Even if it were signed, or had the MSB set, it wouldn't change any of the bits, so the key would still be the same. So why would we care about the sign?

   Because the encoding doesn't care about the context. RFC 3279 specifies that the modulus and exponent are encoded as INTEGERs:

   https://datatracker.ietf.org/doc/html/rfc3279#section-2.3.1

   ... and INTEGERs are signed:

   https://learn.microsoft.com/en-us/windows/win32/seccertenrol...

       Integer values are encoded into a TLV triplet that begins with a Tag

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. ecapture

   2 14 14,369 8.8 C

   Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

   

   Project mention: Show HN: Using eBPF to see through encryption without a proxy | news.ycombinator.com | 2025-05-08

4. ttyd

   3 26 9,285 6.3 C

   Share your terminal over the web

   

   Project mention: All Data and AI Weekly #182 - 24-March-2025 | dev.to | 2025-03-24

   ⚡️ https://github.com/tsl0922/ttyd

5. mbedTLS

   4 11 5,935 9.9 C

   An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

   

   Project mention: GCC, the GNU Compiler Collection 15.1 released | news.ycombinator.com | 2025-04-25

   > How much code actually uses unions this way?

   I see this change caused Mbed-TLS to start failing its test suite when compiled with GCC 15: https://github.com/Mbed-TLS/mbedtls/issues/9814 (kinda scary since it's a security library). Hopefully other projects with less rigorous test suites aren't using {0} in that way. The Github issue mentions that Clang tried a similar optimization a while ago and backed it out after user complaints, so maybe the same thing will happen with GCC.

6. GmSSL

   5 1 5,569 9.6 C

   支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱

   

7. s2n

   6 10 4,598 9.7 C

   An implementation of the TLS/SSL protocols

   

   Project mention: OpenSSL bug exposed up to 255 bytes of server heap and existed since 2011 | news.ycombinator.com | 2024-07-30

   I started writing s2n the day after Heartbleed and the first lines of code were for the stuffer interface. A stuffer is a buffer for stuff, and it's like Java buffered I/O for C. You can get a flavor from reading the header: https://github.com/aws/s2n-tls/blob/main/stuffer/s2n_stuffer...

   The implementation is incredibly simple. Treat all blocks of memory as blob with a known size and then read/write into those blobs with a cursor to track progress and bounds checks on every access. Fence all serialization/deserialization through a safe low level interface. Not only do you get memory safety (which we later proved using formal reasoning) ... but when you're parsing message formats it lends itself to a declarative coding style that makes it very clear what the structure is. You can also do lifecycle things, like erasing sensitive memory with zeroes when you're done with it, making sure things don't show up in core dumps, etc. BoringSSL introduced a Crypto_bytes API that also did some of this plus bounds checking, and retrofit it into OpenSSL.

   OpenSSL on the other hand is a horrific mash up of raw pointer arithmetic, ad-hoc parsers interleaved with business logic and control flow. I could never keep it straight, and it always scared me to review.

8. wolfssl

   7 14 2,521 10.0 C

   The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!

   

   Project mention: I can't pay rent because devs just don't care | news.ycombinator.com | 2025-04-29

   You may be talking about that, but I'm not. I was talking about the task-specific memory footprint. I didn't say anything at all about the rest of the computer.

   And even that wasn't meant to be taken literally. I kind of thought that was obvious[1].

   But in the end, OK, you're right. You probably could fit the banking app logic in 64K, but you'd have to rely on the OS to provide things like crypto, the network stack, and the I/O. So the machine as a whole would need more than that to get the job done. And the UI would be pretty bad if you stuffed even the app part into 64k.

   No problem fitting it all into megabytes, though. Definitely no need for it to be gigabytes. I challenge you to explain what needs to be there that would make the entire system, OS, app, and all, need even one gigabyte of RAM to run even a very pretty, featureful banking app. Or even a quarter of a gigabyte.

   By the way, you can put TLS itself in less than 64k (see for example https://github.com/wolfSSL/wolfssl). But you have to profile it way down, maybe to the point of leaving out X.509, so you don't really have "full on" TLS. On the other hand, a lot of the footprint is because the TLS protocol itself is bloated and overcomplicated, and no, that bloat doesn't improve the security.

   [1]: ... and I mean, if we're going to get pedantic like that, nobody can write an SSL implementation with modern ciphers for any computer, because modern ciphers weren't introduced into the protocol until after it was renamed TLS. Actual SSL isn't something anybody should be using now. Even TLS 1.1 isn't.

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. sslsplit

    8 3 1,797 4.4 C

    Transparent SSL/TLS interception

    

11. LibreSSL

    9 2 1,408 9.4 C

    LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to [email protected] are welcome.

    

12. uSockets

    10 6 1,361 6.2 C

    Miniscule cross-platform eventing, networking & crypto for async applications

    

    Project mention: USockets: Miniscule C library for cross-platform eventing, networking and crypto | news.ycombinator.com | 2025-06-05

13. tls-scan

    11 2 315 2.8 C

    An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )

    

14. iwnet

    12 5 178 8.2 C

    Pure C Asynchronous HTTP/IO framework with routing, websockets, SSL and reverse proxy.

    

15. nginx-ssl-fingerprint

    13 1 178 5.8 C

    High performance ja3 and http2 fingerprint for nginx.

    

16. merecat

    14 3 167 3.1 C

    Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd

    

    Project mention: Merecat Httpd – A Tiny (~140 KiB) Web Server with HTTPS and PHP Support | news.ycombinator.com | 2024-10-13

17. openssl_examples

    15 1 114 2.6 C

    examples of using OpenSSL

    

18. lua-eco

    16 2 85 8.7 C

    🐛Lua-eco is a Lua interpreter with a built-in event loop for scheduling lightweight coroutines automatically, enabling efficient concurrency in Lua. Build high-performance, scalable applications.

    

19. tls-ca-manage

    17 2 42 0.0 C

    Multi-level Certificate Authority Management tool, front-end tool to OpenSSL, written in bash shell.

    

    Project mention: Lets Encrypt Ending TLS Client Authentication Certificate Support in 2026 | news.ycombinator.com | 2025-05-17

    Yes. But I like my own certificate tool better.

    Problem is OpenSSH 3.1 broke CLI syntax, so that needs fixing.

    Used JetBrain with Bash plugin.

    https://github.com/egberts/tls-ca-manage

20. snif

    18 29 15 2.9 C

    SNIF ~ e2e TLS trust for IoT

    

21. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

C SSL related posts

• USockets: Miniscule C library for cross-platform eventing, networking and crypto

  1 project | news.ycombinator.com | 5 Jun 2025

• I can't pay rent because devs just don't care

  1 project | news.ycombinator.com | 29 Apr 2025

• GCC, the GNU Compiler Collection 15.1 released

  2 projects | news.ycombinator.com | 25 Apr 2025

• OpenSSL 3.5 [LTS] Released

  1 project | news.ycombinator.com | 8 Apr 2025

• The QUIC API OpenSSL will not provide

  2 projects | news.ycombinator.com | 21 Jan 2025

• Embedded TLS Library for Applications, Devices, and the Cloud

  1 project | news.ycombinator.com | 29 Dec 2024

• Rustls Outperforms OpenSSL and BoringSSL

  5 projects | news.ycombinator.com | 22 Oct 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 13 Jun 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending C projects with our weekly report!