Top 23 TLS Open-Source Projects

• Caddy

  402 53,568 9.4 Go

  Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

  

Project mention: Why Does Windows Use Backslash as Path Separator? | news.ycombinator.com | 2024-04-24

No, look at the associated unit test: https://github.com/caddyserver/caddy/blob/c6eb186064091c79f4...

If that test fails we could serve PHP source code instead of having it be evaluated, a major security flaw.

• mkcert

  130 45,716 2.7 Go

  A simple zero-config tool to make locally trusted development certificates with any names you'd like.

Project mention: Mkcert: Simple tool to make locally trusted dev certificates names you'd like | news.ycombinator.com | 2024-03-15

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• mitmproxy

  152 34,347 9.4 Python

  An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

  

Project mention: Ask HN: Fiddler Alternatives | news.ycombinator.com | 2024-03-14

• OpenSSL

  149 24,142 9.9 C

  TLS/SSL and crypto library

  

Project mention: Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding | dev.to | 2024-04-07

Today, April 7th, 2024, marks the 10-year anniversary since CVE-2014-0160 was published. This security vulnerability known as "Heartbleed" was a flaw in the OpenSSL cryptography software, the most popular option to implement Transport Layer Security (TLS). In more layman's terms, if you type https:// in your browser address bar, chances are high that you are interacting with OpenSSL.

• Xray-core

  25 21,809 9.5 Go

  Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.

  

Project mention: WireGuard client that exposes itself as a HTTP/SOCKS5 proxy | news.ycombinator.com | 2024-04-01

- [xray](https://github.com/xtls/xray-core)

• goproxy

  3 15,150 6.6 Go

  🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。

• gost

  2 15,085 4.0 Go

  GO Simple Tunnel - a simple tunnel written in golang

Project mention: Teach us something Sundays | /r/ExperiencedFounders | 2023-05-21

With a combination of Gost and cloudflare tunnel you can access literally anything on the local LAN network.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• brook

  12 14,249 7.6 Go

  A cross-platform programmable network tool

Project mention: How Brook bypass domain regardless of their IP | /r/u_txthinking | 2023-05-26

Programming is very flexible, more can be found in documentation and other articles of this blog

• cert-manager

  101 11,457 9.8 Go

  Automatically provision and manage TLS certificates in Kubernetes

  

Project mention: deploying a minio service to kubernetes | dev.to | 2024-04-08

cert-manager

• SoftEther

  3 11,038 8.0 C

  Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.

  

• fq

  43 9,384 9.4 Go

  jq for binary formats - tool, language and decoders for working with binary and text formats

Project mention: Reverse-engineering an encrypted IoT protocol | news.ycombinator.com | 2024-02-14

Hey! fq author here. I have a bunch of related tools in the readme https://github.com/wader/fq?tab=readme-ov-file#tools two suggestions: gnu poke and wireshark (can decode lots of more things then just network protocol)

• Xray_onekey

  1 9,194 2.7 Shell

  Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本

• ecapture

  9 8,134 9.1 C

  Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.

  

• testssl.sh

  43 7,628 8.8 Shell

  Testing TLS/SSL encryption anywhere on any port

Project mention: Badssl.com | news.ycombinator.com | 2024-03-02

You’re in luck because such a tool exists :) https://testssl.sh/

• trojan-go

  3 7,390 0.0 Go

  Go实现的Trojan代理，支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件，多平台，无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/

• lego

  55 7,269 8.9 Go

  Let's Encrypt/ACME client and library written in Go

  

Project mention: Dehydrated: Letsencrypt/acme client implemented as a shell-script | news.ycombinator.com | 2024-04-19

Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum

• certificates

  40 6,131 9.5 Go

  🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

  

Project mention: You shouldn't run NSA-grade Wi-Fi at home | news.ycombinator.com | 2024-01-04

You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.

Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.

• Ponzu

  4 5,620 0.0 Go

  Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.

  

• rustls

  57 5,437 9.9 Rust

  A modern TLS library in Rust

  

Project mention: Pingora: HTTP Server and Proxy Library, in Rust, by Cloudflare, Released | news.ycombinator.com | 2024-02-28

• Twisted

  5 5,416 9.8 Python

  Event-driven networking engine written in Python.

  

• boulder

  11 4,967 9.5 Go

  An ACME-based certificate authority, written in Go.

  

Project mention: Trying to do something a bit crazy | /r/homelab | 2023-06-04

There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.

• forge

  4 4,945 0.0 JavaScript

  A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps (by digitalbazaar)

  

Project mention: Forge: Native implementation of TLS in JavaScript for web apps | news.ycombinator.com | 2024-03-24

• mbedTLS

  9 4,898 10.0 C

  An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

  

Project mention: OpenWrt 23.05 | news.ycombinator.com | 2023-10-13

It's work in progress: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/ar...

Newer version have okay-ish support, I'd guess the next OpenWRT release will have it again.

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

TLS related posts

• Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
  2 projects | dev.to | 7 Apr 2024
• Ask HN: How does the xz backdoor replace RSA_public_decrypt?
  1 project | news.ycombinator.com | 1 Apr 2024
• Recent 'MFA Bombing' Attacks Targeting Apple Users
  2 projects | news.ycombinator.com | 27 Mar 2024
• Mkcert: Simple tool to make locally trusted dev certificates names you'd like
  1 project | news.ycombinator.com | 15 Mar 2024
• Ask HN: Fiddler Alternatives
  1 project | news.ycombinator.com | 14 Mar 2024
• uTLS – Go TLS fork with low-level access to ClientHello for mimicry purposes
  1 project | news.ycombinator.com | 12 Mar 2024
• See this page fetch itself, byte by byte, over TLS
  1 project | news.ycombinator.com | 9 Mar 2024
• A note from our sponsor - WorkOS
  workos.com | 25 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com