Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 TLS Open-Source Projects
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
Xray-core
Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
-
goproxy
🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
SoftEther
Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
-
ecapture
Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.
-
trojan-go
Go实现的Trojan代理,支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件,多平台,无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
-
Ponzu
Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.
-
forge
A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps (by digitalbazaar)
-
mbedTLS
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
These projects use Caddy as my local development server, Dart Sass for converting my Sass files to CSS, elm, elm-format, elm-optimize-level-2, elm-review, elm-test (only in Calculator), ShellCheck to find bugs in my shell scripts, and Terser to mangle and compress JavaScript code.
The experimental HTTPS flag relies on mkcert, designed for a single development system. If you run a Docker container, the flag won’t configure your local browser to trust its certificate.
Project mention: RVM Ruby 2.6.0 — built with custom openssl version on Ubuntu 22.04 | dev.to | 2024-04-26ENV OPENSSL_PREFIX=/opt/openssl ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt WORKDIR /tmp RUN git clone --branch OpenSSL_1_0_2n https://github.com/openssl/openssl.git RUN cd openssl RUN ./config shared --prefix=$OPENSSL_PREFIX --openssldir=$OPENSSL_PREFIX/ssl RUN make RUN make install RUN rvm install 2.6.0 -C --with-openssl-dir=$OPENSSL_PREFIX ENV PATH /usr/local/rvm/bin:$PATH RUN rvm --default use ruby-2.6.0 ENV PATH /usr/local/rvm/bin:/usr/local/rvm/rubies/ruby-2.6.0/bin:$PATH ENV GEM_HOME /usr/local/rvm/rubies/ruby-2.6.0/lib/ruby/gems/2.6.0
Project mention: WireGuard client that exposes itself as a HTTP/SOCKS5 proxy | news.ycombinator.com | 2024-04-01- [xray](https://github.com/xtls/xray-core)
With a combination of Gost and cloudflare tunnel you can access literally anything on the local LAN network.
Programming is very flexible, more can be found in documentation and other articles of this blog
cert-manager
I see, thanks for replying and no worries! yeap some of the "self-describing" formats like msgpack, cbor etc will because of how fq works have to be decoded into something more of a meta-msgpack etc.
About blobs, if you want to change how (possibly large) binaries are represented as JSON you can use the bits_format options, see https://github.com/wader/fq/blob/master/doc/usage.md#options, so fq -o bits_format=md5 torepr ...
I can highly recommend to learn jq, it's what makes fq really useful, and as a bonus you will learn jq in general! :)
You’re in luck because such a tool exists :) https://testssl.sh/
Project mention: Take a look at traefik, even if you don't use containers | news.ycombinator.com | 2024-05-05This is one area where I've found nixos to be really helpful. I can set this up with just adding some lines to the configuration.nix (which uses [lego](https://github.com/go-acme/lego) and letsencrypt in the backend):
```nix
You can roll your own with https://github.com/smallstep/certificates. We maintain major open source projects and contribute a lot to other projects. I don’t think that means everything we do has to be open source. Sorry this one wasn’t. Doing this in pure open source would be a book, not a blog post.
Love Let’s Encrypt — we’re sponsors — but using them for WiFi is a terrible idea. You need internal PKI for WiFi.
Project mention: Pingora: HTTP Server and Proxy Library, in Rust, by Cloudflare, Released | news.ycombinator.com | 2024-02-28
There's no reason you couldn't run your own ACME server (the Let's Encrypt folk publish an open source one, boulder, but there's plenty of others). Then you can just use certbot in your VMs to manage certificates, configured to point to your CA server instead of the Let's Encrypt one.
Project mention: Forge: Native implementation of TLS in JavaScript for web apps | news.ycombinator.com | 2024-03-24
It's work in progress: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/ar...
Newer version have okay-ish support, I'd guess the next OpenWRT release will have it again.
TLS related posts
-
A minimal TLS 1.2 client implementation in a pure Bash script
-
HTTPS on Localhost with Next.js
-
Mkcert: Simple zero-config tool to make locally trusted development certificates
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
-
Ask HN: How does the xz backdoor replace RSA_public_decrypt?
-
Recent 'MFA Bombing' Attacks Targeting Apple Users
-
Mkcert: Simple tool to make locally trusted dev certificates names you'd like
-
A note from our sponsor - InfluxDB
www.influxdata.com | 10 May 2024
Index
What are some of the best open-source TLS projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Caddy | 54,077 |
2 | mkcert | 45,913 |
3 | mitmproxy | 34,485 |
4 | OpenSSL | 24,254 |
5 | Xray-core | 22,002 |
6 | goproxy | 15,195 |
7 | gost | 15,154 |
8 | brook | 14,271 |
9 | cert-manager | 11,516 |
10 | SoftEther | 11,098 |
11 | fq | 9,417 |
12 | Xray_onekey | 9,201 |
13 | ecapture | 8,204 |
14 | testssl.sh | 7,655 |
15 | trojan-go | 7,414 |
16 | lego | 7,310 |
17 | certificates | 6,195 |
18 | Ponzu | 5,640 |
19 | rustls | 5,468 |
20 | Twisted | 5,433 |
21 | boulder | 4,983 |
22 | forge | 4,963 |
23 | mbedTLS | 4,945 |
Sponsored