LibreSSL Portable is a free version of the SSL/TLS protocol forked from OpenSSL, and developed by the OpenBSD project. LibreSSL is developed as part of the OpenBSD system, with lots of ancient cruft and security woes already fixed. The portable version for other Unices is developed alongside.
The stunnel program works as SSL encryption wrapper between remote and local network sockets or inetd-started daemons. It adds SSL or TLS functionality to any network service, commonly POP3, IMAP or HTTP servers. Stunnel uses OpenSSL for cryptography. It can itself function as port redirection deamon, or as temporary traffic interceptor, and requires no adaption of the shadowed programs.
libUseful is a general 'C' library providing useful functions related to: resizable strings, lists and maps, unix and tcp sockets, SSL/TLS, cryptographic hashes, parsing of json, yaml and other markup languages, terminal output including ANSI/vt100 escape sequences, OAuth 2.0, etc, etc.
hitch is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines.
danectl - DNSSEC DANE implementation manager. What's DNSSEC? Secure DNS that you can trust. It has become really easy lately. What's DANE? Publishing your TLS keys as secure DNS records (TLSA SSHFP OPENPGPKEY SMIMEA) to prevent impersonation or man-in-the-middle attacks. It could eventually render certificate authorities unnecessary. Currently, it's mostly used for mail servers that want to stop anyone intercepting their incoming email. But the idea also applies to SSH host keys, and OpenPGP a
mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration. It auto installs them for Apache, the system certificate and Firefox store to ease testing on https://localhost setups. Additonally supports MacOS and Windows environments.
ocsp_proxy is a caching ocsp proxy. It accepts ocsp requests from any client, e.g. an ssl-webserver, and forwards the request to the corresponding ocsp responders or returns the ocsp response from cache. Can be used to mitigate unreliable ocsp responders that are, as required by murphy's law, always down when needed.
x509viewer is a simple command line application, written in Perl, that can be used to decode one or multiple X.509 certificates per given file, such as e.g. SSL certificates, CSRs (certificate signing requests), but also private keys.
x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates. All certificates are searched by default in the standard PKI directory, but any other directory can be specified as a parameter. Only Base64 encoded DER and PEM X.509 certificates are supported.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) as well as a full-strength general-purpose cryptography library.
PolarSSL is a light-weight cryptographic and SSL/TLS library written in C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) applications with as little hassle as possible. Loose coupling of the components inside the library means that it is easy to separate the parts that are needed, without needing to include the total library. PolarSSL is written with embedded systems in mind and has been ported on a number of architectures, including
|