The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 TLS Open-Source Projects
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
Xray-core
Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
-
goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
SoftEther
Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
-
ecapture
Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.
-
trojan-go
Go实现的Trojan代理,支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件,多平台,无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
-
Ponzu
Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.
-
forge
A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps (by digitalbazaar)
-
mbedTLS
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Why Does Windows Use Backslash as Path Separator? | news.ycombinator.com | 2024-04-24No, look at the associated unit test: https://github.com/caddyserver/caddy/blob/c6eb186064091c79f4...
If that test fails we could serve PHP source code instead of having it be evaluated, a major security flaw.
Project mention: Mkcert: Simple tool to make locally trusted dev certificates names you'd like | news.ycombinator.com | 2024-03-15
Project mention: Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding | dev.to | 2024-04-07Today, April 7th, 2024, marks the 10-year anniversary since CVE-2014-0160 was published. This security vulnerability known as "Heartbleed" was a flaw in the OpenSSL cryptography software, the most popular option to implement Transport Layer Security (TLS). In more layman's terms, if you type https:// in your browser address bar, chances are high that you are interacting with OpenSSL.
Project mention: WireGuard client that exposes itself as a HTTP/SOCKS5 proxy | news.ycombinator.com | 2024-04-01- [xray](https://github.com/xtls/xray-core)
With a combination of Gost and cloudflare tunnel you can access literally anything on the local LAN network.
Programming is very flexible, more can be found in documentation and other articles of this blog
cert-manager
Hey! fq author here. I have a bunch of related tools in the readme https://github.com/wader/fq?tab=readme-ov-file#tools two suggestions: gnu poke and wireshark (can decode lots of more things then just network protocol)
You’re in luck because such a tool exists :) https://testssl.sh/
Project mention: Dehydrated: Letsencrypt/acme client implemented as a shell-script | news.ycombinator.com | 2024-04-19Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum
You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.
Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.
Project mention: Pingora: HTTP Server and Proxy Library, in Rust, by Cloudflare, Released | news.ycombinator.com | 2024-02-28
There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.
Project mention: Forge: Native implementation of TLS in JavaScript for web apps | news.ycombinator.com | 2024-03-24
It's work in progress: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/ar...
Newer version have okay-ish support, I'd guess the next OpenWRT release will have it again.
TLS related posts
- Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
- Ask HN: How does the xz backdoor replace RSA_public_decrypt?
- Recent 'MFA Bombing' Attacks Targeting Apple Users
- Mkcert: Simple tool to make locally trusted dev certificates names you'd like
- Ask HN: Fiddler Alternatives
- uTLS – Go TLS fork with low-level access to ClientHello for mimicry purposes
- See this page fetch itself, byte by byte, over TLS
-
A note from our sponsor - WorkOS
workos.com | 25 Apr 2024
Index
What are some of the best open-source TLS projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Caddy | 53,568 |
2 | mkcert | 45,716 |
3 | mitmproxy | 34,347 |
4 | OpenSSL | 24,142 |
5 | Xray-core | 21,809 |
6 | goproxy | 15,150 |
7 | gost | 15,085 |
8 | brook | 14,249 |
9 | cert-manager | 11,457 |
10 | SoftEther | 11,038 |
11 | fq | 9,384 |
12 | Xray_onekey | 9,194 |
13 | ecapture | 8,134 |
14 | testssl.sh | 7,628 |
15 | trojan-go | 7,390 |
16 | lego | 7,269 |
17 | certificates | 6,131 |
18 | Ponzu | 5,620 |
19 | rustls | 5,437 |
20 | Twisted | 5,416 |
21 | boulder | 4,967 |
22 | forge | 4,945 |
23 | mbedTLS | 4,898 |
Sponsored