Top 23 TLS Open-Source Projects

• Caddy

  403 54,077 9.5 Go

  Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

  

Project mention: How I use Devbox in my Elm projects | dev.to | 2024-05-02

These projects use Caddy as my local development server, Dart Sass for converting my Sass files to CSS, elm, elm-format, elm-optimize-level-2, elm-review, elm-test (only in Calculator), ShellCheck to find bugs in my shell scripts, and Terser to mangle and compress JavaScript code.

• mkcert

  132 45,913 2.7 Go

  A simple zero-config tool to make locally trusted development certificates with any names you'd like.

Project mention: HTTPS on Localhost with Next.js | dev.to | 2024-04-29

The experimental HTTPS flag relies on mkcert, designed for a single development system. If you run a Docker container, the flag won’t configure your local browser to trust its certificate.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• mitmproxy

  152 34,485 9.4 Python

  An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

  

Project mention: Ask HN: Fiddler Alternatives | news.ycombinator.com | 2024-03-14

• OpenSSL

  150 24,254 9.9 C

  TLS/SSL and crypto library

  

Project mention: RVM Ruby 2.6.0 — built with custom openssl version on Ubuntu 22.04 | dev.to | 2024-04-26

ENV OPENSSL_PREFIX=/opt/openssl ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt WORKDIR /tmp RUN git clone --branch OpenSSL_1_0_2n https://github.com/openssl/openssl.git RUN cd openssl RUN ./config shared --prefix=$OPENSSL_PREFIX --openssldir=$OPENSSL_PREFIX/ssl RUN make RUN make install RUN rvm install 2.6.0 -C --with-openssl-dir=$OPENSSL_PREFIX ENV PATH /usr/local/rvm/bin:$PATH RUN rvm --default use ruby-2.6.0 ENV PATH /usr/local/rvm/bin:/usr/local/rvm/rubies/ruby-2.6.0/bin:$PATH ENV GEM_HOME /usr/local/rvm/rubies/ruby-2.6.0/lib/ruby/gems/2.6.0

• Xray-core

  25 22,002 9.5 Go

  Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.

  

Project mention: WireGuard client that exposes itself as a HTTP/SOCKS5 proxy | news.ycombinator.com | 2024-04-01

- [xray](https://github.com/xtls/xray-core)

• goproxy

  3 15,195 7.0 Go

  🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。

• gost

  2 15,154 3.7 Go

  GO Simple Tunnel - a simple tunnel written in golang

Project mention: Teach us something Sundays | /r/ExperiencedFounders | 2023-05-21

With a combination of Gost and cloudflare tunnel you can access literally anything on the local LAN network.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• brook

  12 14,271 7.6 Go

  A cross-platform programmable network tool

Project mention: How Brook bypass domain regardless of their IP | /r/u_txthinking | 2023-05-26

Programming is very flexible, more can be found in documentation and other articles of this blog

• cert-manager

  101 11,516 9.8 Go

  Automatically provision and manage TLS certificates in Kubernetes

  

Project mention: deploying a minio service to kubernetes | dev.to | 2024-04-08

cert-manager

• SoftEther

  3 11,098 8.3 C

  Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.

  

• fq

  45 9,417 9.4 Go

  jq for binary formats - tool, language and decoders for working with binary and text formats

Project mention: How to Use JSON Path | news.ycombinator.com | 2024-05-03

I see, thanks for replying and no worries! yeap some of the "self-describing" formats like msgpack, cbor etc will because of how fq works have to be decoded into something more of a meta-msgpack etc.

About blobs, if you want to change how (possibly large) binaries are represented as JSON you can use the bits_format options, see https://github.com/wader/fq/blob/master/doc/usage.md#options, so fq -o bits_format=md5 torepr ...

I can highly recommend to learn jq, it's what makes fq really useful, and as a bonus you will learn jq in general! :)

• Xray_onekey

  1 9,201 2.7 Shell

  Xray 基于 Nginx 的 VLESS + XTLS 一键安装脚本

• ecapture

  9 8,204 9.2 C

  Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.

  

• testssl.sh

  43 7,655 8.7 Shell

  Testing TLS/SSL encryption anywhere on any port

Project mention: Badssl.com | news.ycombinator.com | 2024-03-02

You’re in luck because such a tool exists :) https://testssl.sh/

• trojan-go

  3 7,414 0.0 Go

  Go实现的Trojan代理，支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件，多平台，无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/

• lego

  56 7,310 8.9 Go

  Let's Encrypt/ACME client and library written in Go

  

Project mention: Take a look at traefik, even if you don't use containers | news.ycombinator.com | 2024-05-05

This is one area where I've found nixos to be really helpful. I can set this up with just adding some lines to the configuration.nix (which uses [lego](https://github.com/go-acme/lego) and letsencrypt in the backend):

```nix

• certificates

  40 6,195 9.5 Go

  🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

  

Project mention: You shouldn't run NSA-grade Wi-Fi at home | news.ycombinator.com | 2024-01-04

You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.

Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.

• Ponzu

  4 5,640 0.0 Go

  Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.

  

• rustls

  57 5,468 9.9 Rust

  A modern TLS library in Rust

  

Project mention: Pingora: HTTP Server and Proxy Library, in Rust, by Cloudflare, Released | news.ycombinator.com | 2024-02-28

• Twisted

  5 5,433 9.8 Python

  Event-driven networking engine written in Python.

  

• boulder

  11 4,983 9.6 Go

  An ACME-based certificate authority, written in Go.

  

Project mention: Trying to do something a bit crazy | /r/homelab | 2023-06-04

There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.

• forge

  4 4,963 0.0 JavaScript

  A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps (by digitalbazaar)

  

Project mention: Forge: Native implementation of TLS in JavaScript for web apps | news.ycombinator.com | 2024-03-24

• mbedTLS

  9 4,945 10.0 C

  An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

  

Project mention: OpenWrt 23.05 | news.ycombinator.com | 2023-10-13

It's work in progress: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/ar...

Newer version have okay-ish support, I'd guess the next OpenWRT release will have it again.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

TLS related posts

• A minimal TLS 1.2 client implementation in a pure Bash script

  1 project | news.ycombinator.com | 9 May 2024

• HTTPS on Localhost with Next.js

  3 projects | dev.to | 29 Apr 2024

• Mkcert: Simple zero-config tool to make locally trusted development certificates

  1 project | news.ycombinator.com | 26 Apr 2024

• Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding

  2 projects | dev.to | 7 Apr 2024

• Ask HN: How does the xz backdoor replace RSA_public_decrypt?

  1 project | news.ycombinator.com | 1 Apr 2024

• Recent 'MFA Bombing' Attacks Targeting Apple Users

  2 projects | news.ycombinator.com | 27 Mar 2024

• Mkcert: Simple tool to make locally trusted dev certificates names you'd like

  1 project | news.ycombinator.com | 15 Mar 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 10 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com