C TLS

Open-source C projects categorized as TLS

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network.

Top 23 C TLS Projects

  1. OpenSSL

    TLS/SSL and crypto library

    Project mention: Okta Bcrypt incident lessons for designing better APIs | news.ycombinator.com | 2025-02-05

    In Node, you would commonly reach for the builtin core "node:crypto" module to run cryptographic functionality like this. I wondered why that wasn't used here, but bcryptjs was. After digging into it a little, node doesn't ship with core support for bcrypt, because it's not supported by OpenSSL.

    The node crypto module is essentially an API that offloads crypto work to OpenSSL. If we dig into OpenSSL, they won't support bcrypt. Bcrypt won't be supported by OpenSSL because of reasons to do with standardisation. https://github.com/openssl/openssl/issues/5323

    Since bcrypt is not a "standardised" algorithm, it makes me wonder why Okta used it, at all?

    I remember in uni studying cryptography for application development and even then, back in 2013, it was used and recommended, but not standardised. it says a lot that 12 years on it still hasn't been.

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  3. Nginx

    The official NGINX Open Source repository.

    Project mention: Nginx vs Traefik: Which Reverse Proxy is Right for You? | dev.to | 2025-01-17

    Before diving into the specifics of Nginx and Traefik, let’s quickly define what a reverse proxy is. A reverse proxy sits between the client (browser or other services) and your backend services (web servers or applications). It handles incoming requests, routes them to the appropriate backend service, and forwards the response to the client. Reverse proxies are typically used for:

  4. ecapture

    Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

    Project mention: Httptap: View HTTP/HTTPS requests made by any Linux program | news.ycombinator.com | 2025-02-03

    I believe that's how https://github.com/gojue/ecapture works. I don't know the details, but it seems to work!

  5. SoftEther

    Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.

  6. mbedTLS

    An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

  7. GmSSL

    支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱

  8. s2n

    An implementation of the TLS/SSL protocols

    Project mention: OpenSSL bug exposed up to 255 bytes of server heap and existed since 2011 | news.ycombinator.com | 2024-07-30

    I started writing s2n the day after Heartbleed and the first lines of code were for the stuffer interface. A stuffer is a buffer for stuff, and it's like Java buffered I/O for C. You can get a flavor from reading the header: https://github.com/aws/s2n-tls/blob/main/stuffer/s2n_stuffer...

    The implementation is incredibly simple. Treat all blocks of memory as blob with a known size and then read/write into those blobs with a cursor to track progress and bounds checks on every access. Fence all serialization/deserialization through a safe low level interface. Not only do you get memory safety (which we later proved using formal reasoning) ... but when you're parsing message formats it lends itself to a declarative coding style that makes it very clear what the structure is. You can also do lifecycle things, like erasing sensitive memory with zeroes when you're done with it, making sure things don't show up in core dumps, etc. BoringSSL introduced a Crypto_bytes API that also did some of this plus bounds checking, and retrofit it into OpenSSL.

    OpenSSL on the other hand is a horrific mash up of raw pointer arithmetic, ad-hoc parsers interleaved with business logic and control flow. I could never keep it straight, and it always scared me to review.

  9. Nutrient

    Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers. Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.

    Nutrient logo
  10. Kore

    An easy to use, scalable and secure web application framework for writing web APIs in C or Python. || This is a read-only mirror, please see https://kore.io/mail and https://kore.io/source for information on how to contribute via the mailing lists.

  11. wolfssl

    The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!

    Project mention: Embedded TLS Library for Applications, Devices, and the Cloud | news.ycombinator.com | 2024-12-29
  12. sslsplit

    Transparent SSL/TLS interception

  13. LibreSSL

    LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to [email protected] are welcome.

  14. proftpd

    ProFTPD source code

  15. KadNode

    P2P DNS with content key, crypto key and PKI support. DynDNS alternative.

    Project mention: Pkdns: DNS server resolving via mainline DHT | news.ycombinator.com | 2024-11-02
  16. tls-scan

    An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )

  17. netxduo

    Eclipse ThreadX - NetXDuo is an advanced, industrial-grade TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications

    Project mention: LwIP – Lightweight IP Stack | news.ycombinator.com | 2024-09-05

    For those looking for options like LwIP, consider NetXDuo [1] and its counterparts ThreadX, FileX, LevelX, and UsbX (I use TinyUSB instead).

    It has been one of the top commercial RTOS network stacks for, I think, 20 years. It moved hands a couple of times and now is supported by the Eclipse Foundation and is MIT-licensed. I'd use it over LwIP.

    [1] https://github.com/eclipse-threadx/netxduo

  18. ssldump

    ssldump - (de-facto repository gathering patches around the cyberspace)

    Project mention: Ssldump – (de-facto repository gathering patches around the cyberspace) | news.ycombinator.com | 2024-08-21
  19. openssl

    Provides SSL, TLS and general purpose cryptography. (by ruby)

  20. SSLClient

    🔒Add SSL/TLS functionality to any Arduino library

  21. merecat

    Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd

    Project mention: Merecat Httpd – A Tiny (~140 KiB) Web Server with HTTPS and PHP Support | news.ycombinator.com | 2024-10-13
  22. nginx-ssl-fingerprint

    High performance ja3 and http2 fingerprint for nginx.

    Project mention: Show HN: High performance ja3 and http2 fingerprint for Nginx | news.ycombinator.com | 2024-02-23
  23. disco-c

    A tiny C cryptographic library to encrypt sessions, authenticate messages, sign, hash, etc. based only on SHA-3 and Curve25519

  24. snif

    SNIF ~ e2e TLS trust for IoT

  25. tls-curious

    x64 and ARM64 TLS, syscalls, threads, futexes without the standard library

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

C TLS discussion

Log in or Post with

C TLS related posts

  • The QUIC API OpenSSL will not provide

    2 projects | news.ycombinator.com | 21 Jan 2025
  • Embedded TLS Library for Applications, Devices, and the Cloud

    1 project | news.ycombinator.com | 29 Dec 2024
  • Pkdns: DNS server resolving via mainline DHT

    2 projects | news.ycombinator.com | 2 Nov 2024
  • Rustls Outperforms OpenSSL and BoringSSL

    5 projects | news.ycombinator.com | 22 Oct 2024
  • OpenSSL 3.4.0

    1 project | news.ycombinator.com | 22 Oct 2024
  • How to set up TCP/UDP transparent proxy with iptables

    5 projects | dev.to | 2 Oct 2024
  • Improve post-2038 compatibility of time_t usage

    1 project | news.ycombinator.com | 2 Oct 2024
  • A note from our sponsor - Nutrient
    www.nutrient.io | 14 Feb 2025
    Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries. Learn more →

Index

What are some of the best open-source TLS projects in C? This list will help you:

# Project Stars
1 OpenSSL 26,660
2 Nginx 25,992
3 ecapture 13,895
4 SoftEther 11,989
5 mbedTLS 5,695
6 GmSSL 5,373
7 s2n 4,564
8 Kore 3,716
9 wolfssl 2,402
10 sslsplit 1,780
11 LibreSSL 1,380
12 proftpd 544
13 KadNode 427
14 tls-scan 304
15 netxduo 260
16 ssldump 246
17 openssl 241
18 SSLClient 163
19 merecat 158
20 nginx-ssl-fingerprint 159
21 disco-c 66
22 snif 15
23 tls-curious 1

Sponsored
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai

Did you know that C is
the 6th most popular programming language
based on number of references?