Open-source Go projects categorized as TLS

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network.

Top 23 Go TLS Projects

  • Caddy

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    Project mention: New FrankenPHP feature: package your PHP apps as standalone, self-executable binaries | /r/PHP | 2023-12-08

    Fun fact, the website is "dynamically static", it's just markdown files being processed and rendered by Caddy itself using https://caddyserver.com/docs/caddyfile/directives/templates. It's also how the https://caddyserver.com/ is built as well. Also includes syntax highlighting for Caddyfile config, using a library called Chroma; I wrote the Caddyfile lexer myself a while back! I think it's pretty neat that Caddy can syntax highlight its own code 😁

  • mkcert

    A simple zero-config tool to make locally trusted development certificates with any names you'd like.

    Project mention: SSL Certificates for Home Network | /r/homelab | 2023-12-07
  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • Xray-core

    Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.

    Project mention: Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level | news.ycombinator.com | 2023-08-10

    I have been researching VPN protocols that work in China and found that Xray [0] is the most recommended route to escape the GFW. An ideal VPN setup is one where packets appear as normal https traffic. Some VPN setups take it a step further and proxy the traffic through Cloudflare. Setting all this up is nowhere as easy as Wireguard. Coincidentally, I came across this project on Github earlier today which is an obfuscation proxy for Wireguard [1], but I haven't found any information about how well it works.

    [0] https://github.com/XTLS/Xray-core

    [1] https://github.com/database64128/swgp-go

  • goproxy

    🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。

    Project mention: HTTP client using multiple proxies | /r/golang | 2023-02-18

    Are you looking to do proxy chaining? If so, something like https://github.com/snail007/goproxy may help. It's likely overkill for your situation, but it supports chaining.

  • gost

    GO Simple Tunnel - a simple tunnel written in golang

    Project mention: Teach us something Sundays | /r/ExperiencedFounders | 2023-05-21

    With a combination of Gost and cloudflare tunnel you can access literally anything on the local LAN network.

  • brook

    A cross-platform programmable network tool. 一个跨平台可编程网络工具.

    Project mention: How Brook bypass domain regardless of their IP | /r/u_txthinking | 2023-05-26

    Programming is very flexible, more can be found in documentation and other articles of this blog

  • cert-manager

    Automatically provision and manage TLS certificates in Kubernetes

    Project mention: An opinionated template for deploying a single k3s cluster with Ansible backed by Flux, SOPS, GitHub Actions, Renovate, Cilium, Cloudflare and more! | /r/kubernetes | 2023-12-04

    SSL certificates thanks to Cloudflare and cert-manager

  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  • trojan-go

    Go实现的Trojan代理,支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件,多平台,无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/

  • lego

    Let's Encrypt/ACME client and library written in Go

    Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16

    This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego

  • certificates

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16
  • Ponzu

    Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.

  • boulder

    An ACME-based certificate authority, written in Go.

    Project mention: Trying to do something a bit crazy | /r/homelab | 2023-06-04

    There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.

  • certmagic

    Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

    Project mention: Show HN: Clace – Platform for secure internal web applications | news.ycombinator.com | 2023-10-18
  • cli

    🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

    Project mention: Running one’s own root Certificate Authority in 2023 | news.ycombinator.com | 2023-09-16
  • certstrap

    Tools to bootstrap CAs, certificate requests, and signed certificates.

    Project mention: Selfhosted CA tutorial | /r/selfhosted | 2023-05-14
  • acmetool

    :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  • gobetween

    :cloud: Modern & minimalistic load balancer for the Сloud era

    Project mention: Nginx as DNS Load Balancer for Bind9 | /r/nginx | 2023-02-28

    take a look at gobetween for a L4 load balancer, but I don't know if you can have what you are looking for :/

  • ghostunnel

    A simple SSL/TLS proxy with mutual authentication for securing non-TLS services.

  • utls

    Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.

  • grpc-tools

    A suite of gRPC debugging tools. Like Fiddler/Charles but for gRPC.

  • certigo

    A utility to examine and validate certificates in a variety of formats

  • ssl-proxy

    :lock: Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)

  • CycleTLS

    Spoof TLS/JA3 fingerprints in GO and Javascript

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-12-08.

Go TLS related posts


What are some of the best open-source TLS projects in Go? This list will help you:

Project Stars
1 Caddy 50,929
2 mkcert 43,741
3 Xray-core 19,525
4 goproxy 14,645
5 gost 14,354
6 brook 13,992
7 cert-manager 10,937
8 trojan-go 7,068
9 lego 6,570
10 certificates 5,780
11 Ponzu 5,602
12 boulder 4,837
13 certmagic 4,674
14 cli 3,346
15 certstrap 2,139
16 acmetool 2,015
17 gobetween 1,884
18 ghostunnel 1,806
19 utls 1,359
20 grpc-tools 1,162
21 certigo 900
22 ssl-proxy 685
23 CycleTLS 660
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives