Cryptlib - provides Encryption and Authentication Service

•    C

---

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

cryptography encryption s-mime digital-signature security security-library

Nogotofail - Network Security Testing Tool

•    Python

---

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

penetration-testing pentesting vulnerability-scanner testing-tool security-testing network-testing

Botan - Crypto library for C++

•    C++

---

Botan (Japanese for peony) is a cryptography library written in C++11. Botan's goal is to be the best option for cryptography in new C++ code by offering the tools necessary to implement a range of practical systems, such as TLS/DTLS, PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing, and post quantum crypto schemes. In addition to the C++, botan has a C89 API specifically designed to be easy to call from other languages. A Python binding using ctypes is included, and several other language bindings are available.

cryptography crypto security pgp ssl secure-library

s2n-tls - s2n : an implementation of the TLS/SSL protocols

•    C

---

s2n-tls is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. It is released and licensed under the Apache License 2.0. If you are building on OSX, or simply don't want to execute the entire build script above, you can use build tools like Ninja.

tls ssl cryptography crypto encryption c99 s2n

ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services

•    Go

---

Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.

tls tunnel ssl proxy stunnel security crypto

Ejbca - PKI Certificate Authority software

•    Java

---

EJBCA is an enterprise class PKI Certificate Authority software. It supports SSL/TLS, Smart card logon to Windows and/or Linux, Signing and encrypting email (SMIME), Mobile PKI, Secure mobile networks and lot more.

certificate-authority certificate s-mime pki cryptography security ssl

certstrap - Tools to bootstrap CAs, certificate requests, and signed certificates.

•    Go

---

A simple certificate manager written in Go, to bootstrap your own certificate authority and public key infrastructure. Adapted from etcd-ca.certstrap is a very convenient app if you don't feel like dealing with openssl, its myriad of options or config files.

crypto certificate bootstrap certificate-authority ssl csr tls

rustls - A modern TLS library in Rust

•    Rust

---

Rustls is a modern TLS library written in Rust. It's pronounced 'rustles'. It uses ring for cryptography and libwebpki for certificate verification. It aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography.

tls cryptography ssl security rsa

rustls - A modern TLS library in Rust

•    Rust

---

Rustls is a modern TLS library written in Rust. It uses ring for cryptography and libwebpki for certificate verification. Rustls aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography.

tls ssl cryptography security

certigo - A utility to examine and validate certificates in a variety of formats

•    Go

---

Certigo is a utility to examine and validate certificates to help with debugging SSL/TLS issues.Supports all common file formats: Certigo can read and dump certificates in various formats. It can automatically detect and read from X.509 (DER/PEM), JCEKS, PKCS7 and PKCS12 files. Certificates can be dumped to a human-readable format, a set of PEM blocks, or a JSON object for use in scripting.

tls certificate ssl command-line-app crypto keystore pem x509 pkcs12 jceks pkcs7 cli

pem - Create private keys and certificates with node.js

•    Javascript

---

Here are some examples for creating an SSL key/cert on the fly, and running an HTTPS server on port 443. 443 is the standard HTTPS port, but requires root permissions on most systems. To get around this, you could use a higher port number, like 4300, and use https://localhost:4300 to access your server. Please have a look into the API documentation.

certificate csr certificate-signing-request tls-certificate tls signing pem ssl-certificate ssl nodejs signing-certificates

SSLsplit - Transparent SSL/TLS interception

•    C

---

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a network address translation engine. SSLsplit then terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted.

tls ssl http https nat sni transparent-proxy starttls sslsplit tls-interception man-in-the-middle mitm

lemur - Repository for the Lemur Certificate Manager

•    Python

---

Lemur manages TLS certificate creation. While not able to issue certificates itself, Lemur acts as a broker between CAs and environments providing a central portal for developers to issue TLS certificates with 'sane' defaults.It works on CPython 3.5. We deploy on Ubuntu and develop on OS X.

tls ssl ssl-certificates aws certificate-manager

certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

•    Go

---

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

tls x509 certificates security security-tools certificate-authority pki ca

openssl - TLS/SSL and crypto library

•    C

---

TLS/SSL and crypto library

cryptography openssl encryption tls ssl decryption

wolfssl - (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud

•    C

---

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.

ssl tls cryptography embedded security cipher-suites openssl openssl-library openssl-alternvative tls13 dtls sgx-enclave tls-library trusted-execution https docker decryption iot-security

python-certifi - (Python Distribution) A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts

•    Python

---

Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project. Browsers and certificate authorities have concluded that 1024-bit keys are unacceptably weak for certificates, particularly root certificates. For this reason, Mozilla has removed any weak (i.e. 1024-bit key) certificate from its bundle, replacing it with an equivalent strong (i.e. 2048-bit or greater key) certificate from the same CA. Because Mozilla removed these certificates from its bundle, certifi removed them as well.

certify - SSL Certificate Manager UI for Windows, powered by Let's Encrypt

•    CSharp

---

The SSL/TLS Certificate Management GUI for Windows, powered by Let's Encrypt, allowing you to generate and install free SSL certificates for Windows/IIS (with automated renewal). Advanced users can explore the different validation modes, deployment modes and other advanced options.

ssl-certificate-manager letsencrypt iis gui-application letsencrypt-certificates ssl

s2n - an implementation of the TLS/SSL protocols from Amazon

•    C

---

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

ssl tls ssl-library security cryptography

sslyze - Fast and powerful SSL/TLS server scanning library.

•    Python

---

Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.4+. SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers.

ssl scans ssllabs library tls security tls13