rust-tls - TLS in Rust (eventually)

  •        70

The intent of this package is to eventually provide a fully native Rust implementation of the TLS protocol. It uses rust-crypto ( to access OpenSSL's implementation of basic primitives like AES, RC4, SHA-1, and RSA.The reasoning is that while implementing the entire TLS protocol in a memory unsafe language is quite difficult, OpenSSL's implementations of the basic crypto operations are very well optimized and often constant time.



Related Projects

mesalink - MesaLink is a memory-safe and OpenSSL-compatible TLS library.

  •    Rust

MesaLink is a memory-safe and OpenSSL-compatible TLS library. Since 2014, the industry has seen a huge impact and loss due to memory vulnerabilities in TLS stacks; such as the infamous "Heartbleed" bug. MesaLink is born with the goal of eradicating memory vulnerabilities in TLS stacks; and it is written in Rust, a programming language that guarantees memory safety. This significantly reduces the attack surfaces; which further facilitates auditing and restricting the remaining attack surfaces. MesaLink is cross-platform and provides OpenSSL-compatible APIs. It works seamlessly in desktop, mobile, and IoT devices. With the growth of the ecosystem, MesaLink would also be adopted in the server environment in the future. To get better functionality along with strong security guarantees, MesaLink follows the following rules-of-thumb for hybrid memory-safe architecture designing proposed by the Rust SGX SDK project.

rustls - A modern TLS library in Rust

  •    Rust

Rustls is a modern TLS library written in Rust. It's pronounced 'rustles'. It uses ring for cryptography and libwebpki for certificate verification. It aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography.

ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services

  •    Go

Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.

scapy-ssl_tls - SSL/TLS layers for scapy the interactive packet manipulation tool

  •    Python

SSL/TLS layers for scapy the interactive packet manipulation tool. SSL/TLS and DTLS layers and TLS utiltiy functions for Scapy.

wolfssl - (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud

  •    C

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.

linkerd-tcp - A TCP/TLS load balancer for the linkerd service mesh.

  •    Rust

A TCP load balancer for the linkerd service mesh.We ❤️ pull requests! See for info on contributing changes.

MungeTLS - inspect/modify TLS 1.0, 1.1, and 1.2 traffic


A minimal TLS server implementation with a plugin system for manipulating and monitoring every stage of the TLS handshake and application data.

TLS - Transport Layer Security protocol implementation in Python

  •    Python

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communication security over the Internet. This is an open source Python implementation of TLS 1.2, using the Python Cryptographic Authority's (PyCA's) Cryptography libraries for all cryptographic primitives (e.g. AES, RSA, etc.). This project is part of PyCA's efforts to standardize and improve crypto libraries in Python.

slt - A TLS reverse proxy with SNI multiplexing in Go

  •    Go

slt is a dead-simple TLS reverse-proxy with SNI multiplexing (TLS virtual hosts).That means you can send TLS/SSL connections for multiple different applications to the same port and forward them all to the appropriate backend hosts depending on the intended destination.

forge - A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

  •    Javascript

A native implementation of TLS (and various other cryptographic tools) in JavaScript. The Forge software is a fully native implementation of the TLS protocol in JavaScript, a set of cryptography utilities, and a set of tools for developing Web Apps that utilize many network resources.

sslyze - Fast and powerful SSL/TLS server scanning library.

  •    Python

Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.4+. SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers.

certmagic - Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

  •    Go

CertMagic is the most mature, robust, and capable ACME client integration for Go. With CertMagic, you can add one line to your Go application to serve securely over TLS, without ever having to touch certificates.

ring - Safe, fast, small crypto using Rust

  •    Rust

ring is focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language. ring is focused on general-purpose cryptography. WebPKI X.509 certificate validation is done in the webpki project, which is built on top of ring. Also, multiple groups are working on implementations of cryptographic protocols like TLS, SSH, and DNSSEC on top of ring.

tarpc - An RPC framework for Rust with a focus on ease of use.

  •    Rust

Disclaimer: This is not an official Google product.tarpc is an RPC framework for rust with a focus on ease of use. Defining a service can be done in just a few lines of code, and most of the boilerplate of writing a server is taken care of for you.

distcache, Distributed session caching

  •    C

Distributed session caching tools and APIs, primarily for SSL/TLS servers though perhaps useful for other (non-SSL/TLS) circumstances. Also includes a self-contained network abstraction library (libnal), and the sslswamp SSL/TLS benchmark/test utility.

tls-observatory - An observatory for TLS configurations, X509 certificates, and more.

  •    Go

The analysis at the end tell you what need to be changed to reach the old, intermediate or modern level. We recommend to target the intermediate level by default, and modern if you don't care about old clients.A docker container also exists that contains the CLI, API, Scanner and Runner. Fetch is from docker pull mozilla/tls-observatory.

server-side-tls - Server side TLS Tools

  •    HTML

This repository also contains the mediawiki source for Mozilla's Server Side TLS document at .

cipherscan - A very simple way to find out which SSL ciphersuites are supported by a target.

  •    Python

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating system (which may have limited ciphers support), or your own version provided in the -o command line flag.