The stunnel program works as SSL encryption wrapper between remote and local network sockets or inetd-started daemons. It adds SSL or TLS functionality to any network service, commonly POP3, IMAP or HTTP servers. Stunnel uses OpenSSL for cryptography. It can itself function as port redirection deamon, or as temporary traffic interceptor, and requires no adaption of the shadowed programs.
ocsp_proxy is a caching ocsp proxy. It accepts ocsp requests from any client, e.g. an ssl-webserver, and forwards the request to the corresponding ocsp responders or returns the ocsp response from cache. Can be used to mitigate unreliable ocsp responders that are, as required by murphy's law, always down when needed.
mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration. It auto installs them for Apache, the system certificate and Firefox store to ease testing on https://localhost setups. Additonally supports MacOS and Windows environments.
hitch is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines.
LibreSSL Portable is a free version of the SSL/TLS protocol forked from OpenSSL, and developed by the OpenBSD project. LibreSSL is developed as part of the OpenBSD system, with lots of ancient cruft and security woes already fixed. The portable version for other Unices is developed alongside.
libUseful is a general 'C' library providing useful functions related to: resizable strings, lists and maps, unix and tcp sockets, SSL/TLS, cryptographic hashes, parsing of json, yaml and other markup languages, terminal output including ANSI/vt100 escape sequences, OAuth 2.0, etc, etc.
x509viewer is a simple command line application, written in Perl, that can be used to decode one or multiple X.509 certificates per given file, such as e.g. SSL certificates, CSRs (certificate signing requests), but also private keys.
x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates. All certificates are searched by default in the standard PKI directory, but any other directory can be specified as a parameter. Only Base64 encoded DER and PEM X.509 certificates are supported.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) as well as a full-strength general-purpose cryptography library.
PolarSSL is a light-weight cryptographic and SSL/TLS library written in C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) applications with as little hassle as possible. Loose coupling of the components inside the library means that it is easy to separate the parts that are needed, without needing to include the total library. PolarSSL is written with embedded systems in mind and has been ported on a number of architectures, including