Search Results for "tls"
Sort By:
Showing 450 open source projects for "tls"
View related business solutions-
Build Securely on Azure with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
1
s2n
An implementation of the TLS/SSL protocols
...Additionally there are no locks or mutexes within s2n-tls. s2n-tls implements SSLv3, TLS1.0, TLS1.1, TLS1.2, and TLS1.3. For encryption, s2n-tls supports 128-bit and 256-bit AES in the CBC and GCM modes, ChaCha20, 3DES, and RC4. For forward secrecy, s2n-tls supports both DHE and ECDHE. s2n-tls also supports the Server Name Indicator (SNI), Application-Layer Protocol Negotiation (ALPN), and Online Certificate Status Protocol (OCSP) TLS extensions. ... -
2
Cloudflare-Socks5
CF-workers/pages proxy script: supports Vless-ws (tls) and Trojan-ws
...The project provides scripts that enable users to deploy proxy services locally without relying on external subscription providers, improving privacy and control over configuration data. It supports multiple transport modes including WebSocket with TLS, as well as optional encrypted handshake mechanisms like ECH-TLS, standard TLS, or even non-TLS configurations to adapt to different network restrictions. The system is designed with accessibility in mind, offering simplified setup processes that allow users to deploy nodes with minimal configuration, often requiring only a UUID or password. ... -
3
eCapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF
Capture SSL/TLS text content without a CA certificate using eBPF. Supports Linux/Android kernel versions x86_64 4.18 and above, aarch64 5.5 and above. Does not support Windows and macOS systems. -
4
InterceptSuite
A TLS MITM proxy for Non-HTTP traffic, with support for TLS upgrades
InterceptSuite is a cross‑platform, SOCKS5‑based MITM proxy specially designed to intercept, inspect, analyze, and manipulate encrypted network traffic at the TCP/TLS layer. It goes beyond HTTP‑focused tools like Burp Suite and ZAP by providing universal TLS interception—including STARTTLS and non‑HTTP protocols—offering deep visibility and control for security testing and debugging. InterceptSuite bridges this gap by providing a universal TLS interception engine that works with any protocol, giving security researchers the tools they need to analyze, understand, and test encrypted communications effectively. ... -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
5
OpenSSL Project
TLS/SSL and crypto library
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the TLS (formerly SSL), DTLS and QUIC (currently client-side only) protocols. The protocol implementations are based on a full-strength general-purpose cryptographic library, which can also be used stand-alone. Also included is a cryptographic module validated to conform with FIPS standards. OpenSSL is descended from the SSLeay library developed by Eric A. -
6
Ghostunnel
A simple SSL/TLS proxy with mutual authentication
Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications. Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. -
7
Caddy
Powerful, enterprise-ready, open source web server w/ automatic HTTPS
Caddy is a powerful, extensible, enterprise-ready server platform that uses TLS by default. Everything you would require in your infrastructure, from TLS certificate renewals and OCSP stapling, to reverse proxying and ingress, Caddy simplifies it all. Its modular architecture lets you do more with just a single static binary that compiles for any platform. Caddy is the only web server that uses HTTPS automatically and by default. -
8
OpenFortiVPN
Client for PPP+TLS VPN tunnel services
openfortivpn is a command-line SSL VPN client for connecting to Fortinet FortiGate gateways without relying on proprietary GUIs. It negotiates the SSL/TLS tunnel, authenticates with credentials (and commonly with two-factor methods), then brings up a secure point-to-point interface and installs routes and DNS settings. The tool aims to be minimal and dependable: a single binary with an INI-style config file, systemd compatibility, and clear runtime diagnostics. It handles details like MTU tuning, split tunneling via pushed routes, and reconnect logic to keep the session stable. ... -
9
rnet
Python HTTP client with TLS and HTTP/2 fingerprint emulation support
...It provides a flexible API for making HTTP requests while supporting both asynchronous and blocking workflows, allowing it to integrate easily into different Python applications and runtimes. rnet focuses on low-level protocol customization, giving users fine-grained control over TLS and HTTP/2 configuration in order to emulate specific browser behaviors. This includes support for TLS fingerprinting techniques such as JA3 and JA4 as well as detailed HTTP/2 settings, enabling more accurate simulation of real client network traffic. It is powered by the underlying wreq engine and is built with performance and modularity in mind. rnet also supports advanced networking capabilities such as proxy rotation, connection pooling, and streaming transfers, which make it suitable for automation, scraping, and high-performance network. -
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
10
whoami.filippo.io
A ssh server that knows who you are. $ ssh whoami.filippo.io
whoami.filippo.io powers a diagnostic service that reports what your client and connection look like from the other side, making it a handy mirror for network and TLS debugging. It surfaces details such as your IP address, protocol versions, cipher suites, SNI, and other attributes that are otherwise tedious to confirm across layers. The tool emphasizes clarity and minimalism, helping engineers quickly verify configuration changes in browsers, proxies, VPNs, or CLI tools. It is especially helpful when validating modern TLS features like ALPN, HTTP versions, and certificate behavior under different client stacks. ... -
11
V2Ray
Shell script that aims to make installing and managing V2Ray
...The script includes a menu-driven manager to modify ports, protocols, and users, restart the service, or view logs without hand-editing configuration files. It supports widely used transport options like TCP and WebSocket and can be paired with a reverse proxy for TLS termination, allowing cleaner integration with standard web servers. Designed for pragmatism over pedagogy, the tool focuses on getting a working, maintainable V2Ray server online in minutes rather than requiring deep familiarity with every configuration knob. -
12
s2n-quic
An implementation of the IETF QUIC protocol
...QUIC is a UDP-based, multiplexed, encrypted transport layer that underpins HTTP/3 and addresses issues such as head-of-line blocking and faster handshake times compared to TCP+TLS. This library integrates with AWS’s s2n-tls or rustls for the TLS 1.3 handshake and leverages Rust’s memory and thread safety guarantees to deliver a robust implementation. It is built with configurability in mind—you can tune congestion control (like CUBIC), pacing, packet size discovery, and other advanced network behaviors. Extensive testing (unit, fuzz, interop) ensures protocol compliance and interoperability with other implementations. ... -
13
CertMagic
Automatic HTTPS for any Go program
Caddy's automagic TLS features, now for your own Go programs, in one powerful and easy-to-use library! CertMagic is the most mature, robust, and powerful ACME client integration for Go, and perhaps ever. With CertMagic, you can add one line to your Go application to serve securely over TLS, without ever having to touch certificates. Just a line of code will serve your HTTP router mux over HTTPS, complete with HTTP->HTTPS redirects. -
14
MQTTnet
High performance .NET library for MQTT based communication
MQTTnet is a high-performance .NET library for MQTT-based communication. It provides an MQTT client and an MQTT server (broker) and supports the MQTT protocol up to version 5. TLS support for client and server (but not UWP servers). Extensible communication channels (e.g. In-Memory, TCP, TCP+TLS, WS). Lightweight (only the low-level implementation of MQTT, no overhead). Performance optimized (processing ~150.000 messages/second). Uniform API across all supported versions of the MQTT protocol. Tested on the local machine (Intel i7 8700K) with MQTTnet client and server running in the same process using the TCP channel. ... -
15
Modlishka
Powerful and flexible HTTP reverse proxy
...It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy of multi-domain destination traffic, both TLS and non-TLS, over a single domain, without the requirement of installing any additional certificate on the client. What exactly does this mean? In short, it simply has a lot of potential, that can be used in many use case scenarios. Modlishka was written as an attempt to overcome standard reverse proxy limitations and as a personal challenge to see what is possible with sufficient motivation and a bit of extra research time. ... -
16
grpc_health_probe
A command-line tool to perform health-checks for gRPC applications
A command-line tool to perform health checks for gRPC applications in Kubernetes and elsewhere. -
17
MsQuic
Cross-platform, C implementation of the IETF QUIC protocol
...It is cross-platform, written in C and designed to be a general-purpose QUIC library. MsQuic also has C++ API wrapper classes and exposes interop layers for both Rust and C#. QUIC has many benefits when compared to existing "TLS over TCP" scenarios. MsQuic has several features that differentiate it from other QUIC implementations. Optimized for client and server. Optimized for maximal throughput and minimal latency. Asynchronous IO. Receive side scaling (RSS) support. UDP send and receive coalescing support. All packets are encrypted and handshake is authenticated with TLS 1.3. ... -
18
gost
GO Simple Tunnel, a simple tunnel written in golang
...Listening on multiple ports, multi-level forward proxies - proxy chain, standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support. Probing resistance support for web proxy, TLS encryption via negotiation support for SOCKS5 proxy. Support multiple tunnel types, tunnel UDP over TCP. Local/remote TCP/UDP port forwarding, TCP/UDP Transparent proxy, Shadowsocks Protocol (TCP/UDP), and SNI Proxy. Permission control, load balancing, route control, DNS resolver and proxy, and TUN/TAP Device. In GOST, GOST and other proxy services are considered as proxy nodes, GOST can handle the requests itself, or forward the requests to any one or more proxy nodes. ... -
19
mitmproxy
A free and open source interactive HTTPS proxy
mitmproxy is an open source, interactive SSL/TLS-capable intercepting HTTP proxy, with a console interface fit for HTTP/1, HTTP/2, and WebSockets. It's the ideal tool for penetration testers and software developers, able to debug, test, and make privacy measurements. It can intercept, inspect, modify and replay web traffic, and can even prettify and decode a variety of message types. -
20
testssl.sh
Testing TLS/SSL encryption anywhere on any port
...OpenBSD only needs bash to be postinstalled. You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443. Several command line options help you to run your test and configure your output. If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning. You can look at the code, see what's going on and you can change it. -
21
AWS IoT Device SDK for Python
SDK for connecting to AWS IoT from a device using Python
...We invite your feedback! The SDK is built on top of a modified Paho MQTT Python client library. Developers can choose from two types of connections to connect to AWS IoT. For MQTT over TLS (port 8883 and port 443), a valid certificate and a private key are required for authentication. For MQTT over the WebSocket protocol (port 443), a valid AWS Identity and Access Management (IAM) access key ID and secret access key pair are required for authentication. -
22
v2flyNG
A V2Ray client for Android, support v2fly core
...Per-app proxy controls allow you to include or exclude specific applications, which is useful for balancing privacy with bandwidth and latency. The client exposes routing controls, TLS settings, custom DNS, and UDP handling so advanced users can fine-tune behavior. Status panels and logs help diagnose connectivity issues and confirm that rules are being applied as intended. -
23
Talos Linux
Talos Linux is a modern Linux distribution built for Kubernetes
...It only takes 3 minutes to launch a Talos cluster on your laptop inside Docker. Talos reduces your attack surface. It's minimal, hardened and immutable. All API access is secured with mutual TLS (mTLS) authentication. Talos eliminates configuration drift, reduces unknown factors by employing immutable infrastructure ideology, and delivers atomic updates. Talos simplifies your architecture, increases your agility, and always delivers current stable Kubernetes and Linux versions. Talos consists of only a handful of binaries and shared libraries: just enough to run containerd and a small set of system services. -
24
Certificate Transparency Go
Auditing for TLS certificates (Go code)
...It includes forked ASN.1 and X.509 packages tailored to accept and analyze real-world certificates, including pre-certificates that stricter libraries would reject, supporting CT’s role as an ecosystem observatory. A TLS parsing library, CT data types, and multiple client libraries enable access to CT logs over HTTP and DNS, along with scanners for traversing entire logs. The repository also provides command-line tools for verifying signed certificate timestamps, inspecting certificates and CRLs, and querying logs. For operators, a “CT personality” integrates with Trillian so you can run a CT log backed by a verifiable transparency log. ... -
25
docker-jitsi-meet
Jitsi Meet on Docker
docker-jitsi-meet is an official Docker-based deployment solution for Jitsi Meet, a secure and scalable open-source video conferencing platform. It uses Docker Compose to orchestrate the necessary services (web, Prosody, Jicofo, JVB) and enables quick deployment of a self-hosted Jitsi instance with TLS support and custom configuration.
