bettertls

BetterTLS: A Name Constraints test suite for HTTPS clients. (by Netflix)

Bettertls Alternatives

Similar projects and alternatives to bettertls

  1. caniuse

    427 bettertls VS caniuse

    Raw browser/feature support data from caniuse.com

  2. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  3. acme.sh

    285 bettertls VS acme.sh

    A pure Unix shell script implementing ACME client protocol

  4. mkcert

    A simple zero-config tool to make locally trusted development certificates with any names you'd like.

  5. cert-manager

    Automatically provision and manage TLS certificates in Kubernetes

  6. lego

    Let's Encrypt/ACME client and library written in Go

  7. certificates

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

  8. acme-dns

    Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.

  9. share-file-systems

    Use a Windows/OSX like GUI in the browser to share files cross OS privately. No cloud, no server, no third party.

  10. dehydrated

    letsencrypt/acme client implemented as a shell-script – just add water

  11. luci

    24 bettertls VS luci

    LuCI - OpenWrt Configuration Interface

  12. cfssl

    CFSSL: Cloudflare's PKI and TLS toolkit

  13. lexicon

    17 bettertls VS lexicon

    Manipulate DNS records on various DNS providers in a standardized way.

  14. minica

    minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.

  15. community.hashi_vault

    Ansible collection for managing and working with HashiCorp Vault.

  16. daemon

    a personal web server, one line of config to add a reverse proxy (by fsmv)

  17. cli

    8 bettertls VS cli

    🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

  18. rgca

    6 bettertls VS rgca

    Experiment in SSL CA management.

  19. easy-rsa

    26 bettertls VS easy-rsa

    easy-rsa - Simple shell based CA utility

  20. scep

    Go SCEP server

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better bettertls alternative or higher similarity.

bettertls discussion

Log in or Post with

bettertls reviews and mentions

Posts with mentions or reviews of bettertls. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-10-17.
  • Just want simple TLS for your .internal network?
    8 projects | news.ycombinator.com | 17 Oct 2024
    A word of warning, client side support of name constraints may still be incomplete. I know it works on modern Firefox and Chrome, but there's lots of other software that uses HTTPS.

    This repo links to BetterTLS, which previously audited name constraint support, but BetterTLS only checked name constraint support at the intermediary certificates not at the trust anchors. I reported[1] the oversight a year back, but Netflix hasn't re-engineered the tests.

    Knowing how widely adopted name constraints are on the client side would be really useful, but I haven't seen a caniuse style analysis.

    Personally, I think the public CA route is better and I built a site that explores this[2].

    [1] https://github.com/Netflix/bettertls/issues/19

    [2] https://www.getlocalcert.net/

  • Show HN: Anchor – developer-friendly private CAs for internal TLS
    4 projects | news.ycombinator.com | 1 Nov 2023
    Have you done any research about how well different web clients support name constraints? I know that Chrome only recently started respecting Name Constraint on root CAs [1]. The BetterTLS project tracks a bunch of related concerns, but oddly missed this one [2]. I'm wary of this approach since I don't know if the various software I use will enforce it.

    1. https://alexsci.com/blog/name-non-constraint/

    2. https://github.com/Netflix/bettertls/issues/19

  • Running one’s own root Certificate Authority in 2023
    12 projects | news.ycombinator.com | 16 Sep 2023
    Wouldn't it be nice if LetsEncrypt could issue you a (1) name constrained, (2) 90-day limited intermediate CA with just the (3) DNS-01 challenge? I argue that such an intermediate CA would have no more authority than a wildcard cert which you can get today, so they should be able to issue it. [1] Everything supports name constraints now, which used to be an issue but isn't anymore.

    Then stick it in step-ca and issue all your certificates with internal ACME.

    This would solve a lot of problems, such as leaking private hostnames in the certificate transparency log, or hitting issuance rate limits on LE servers.

    [1]: https://news.ycombinator.com/item?id=29811552

    [2]: https://bettertls.com/

  • Easy HTTPS for your private networks
    13 projects | news.ycombinator.com | 10 Jul 2023
    I've been pretty frustrated with how private CAs are supported. Your private root CA can be maliciously used to MITM every domain on the Internet, even though you intend to use it for only a couple domain names. Most people forget to set Name Constraints when they create these and many helper tools lack support [1][2]. Worse, browser support for Name Constraints has been slow [3] and support isn't well tracked [4]. Public CAs give you certificate transparency and you can subscribe to events to detect mis-issuance. Some hosted private CAs like AWS's offer logs [5], but DIY setups don't.

    Even still, there are a lot of folks happily using private CAs, they aren't the target audience for this initial release.

    [1] https://github.com/FiloSottile/mkcert/issues/302

    [2] https://github.com/cert-manager/cert-manager/issues/3655

    [3] https://alexsci.com/blog/name-non-constraint/

    [4] https://github.com/Netflix/bettertls/issues/19

    [5] https://docs.aws.amazon.com/privateca/latest/userguide/secur...

  • A note from our sponsor - SaaSHub
    www.saashub.com | 17 Jan 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic bettertls repo stats
4
166
3.1
about 1 month ago

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com

Did you know that Go is
the 4th most popular programming language
based on number of references?