TLS
Illustrated TLS Connection & Implementing a toy version of TLS 1.3 are useful.
TLSNotary is interesting. Rustls is great library.
Links
- duraconf - Collection of hardened configuration files for SSL/TLS services.
- Lemur - Manages TLS certificate creation.
- Step Certificates - Online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere.
- TLS 1.3 Is Coming: Here's What You Need To Know To Be Prepared For It (2019)
- autocertdelegate - Get LetsEncrypt TLS certs for internal-only TLS servers via a delegated golang.org/x/crypto/acme/autocert server.
- SwiftTLS - TLS implementation in Swift.
- Illustrated TLS Connection - Every byte of a TLS connection explained and reproduced. (Code) (HN)
- SSLproxy - Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection.
- libtls-bearssl - Implementation of libtls on top of BearSSL.
- TLS Encrypted Client Hello (2020)
- IDontSpeakSSL - Simple tool based on sslyze to scan large scope and provide SSL/TLS vulnerabilities.
- crypto/tls in Go
- OpenSSL - Robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
- BoringSSL - Fork of OpenSSL that is designed to meet Google's needs.
- Certigo - Utility to examine and validate certificates to help with debugging SSL/TLS issues.
- TLS for the Browsers of the Internet of Old Things (2020)
- JARM - Active Transport Layer Security (TLS) server fingerprinting tool.
- secure-connections - Simple client and server for showing what's happening with certificates during TLS setup.
- iguanaTLS - Minimal, experimental TLS 1.2 implementation in Zig. (Fork)
- Auditing for TLS certificates (Go code)
- KEMTLS: Post-quantum TLS without signatures (2021)
- Simple Go HTTPS/TLS Examples
- third-wheel - TLS man-in-the-middle proxy written in rust, with the aim of being lightweight and fast.
- SSLsplit - Transparent SSL/TLS interception. (Web)
- Is TLS Fast Yet?
- tlsfuzzer - SSL and TLS protocol test suite and fuzzer.
- TLS Mastery (HN)
- mkcert.org - Web service that allows you to build customised TLS trust stores. (Code)
- Feisty Duck - SSL/TLS and PKI training and books.
- Bulletproof TLS Newsletter
- mint - Minimal TLS 1.3 Implementation in Go.
- Contruno - TLS termination proxy as a MirageOS.
- SSLyze - Fast and powerful SSL/TLS scanning library.
- NO STARTTLS - Why TLS is better without STARTTLS. Security Analysis of STARTTLS in the Email Context. (Lobsters)
- View your browser's TLS fingerprint (HN)
- BoringSSL Rust - Bindings for the Rust programming language and TLS adapters for tokio and hyper built on top of it.
- Tracing SSL/TLS connections using eBPF (2021) (HN)
- SmackTLS - State Machine Attacks.
- mod_md - Let's Encrypt (ACME) in Apache httpd.
- TLS Tools for Humans
- SSL Kill Switch 2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
- Provision TLS certificates for your internal Tailscale services (2021)
- Certifi - Provides Mozilla's carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
- Staging TLS Certificates: Make every deployment a safe deployment (2021)
- Handshake Encryption: Endgame (an ECH update) (2021)
- Introducing SSL/TLS Recommender (2021) (Tweet)
- trustme - #1 quality TLS certs while you wait. (Docs)
- go-tunnel - TLS/SSL Tunnel - A modern STunnel replacement written in Go.
- Automating TLS certificate management in Docker (2021)
- Mutual TLS (mTLS) - Documentation on how to configure a broad array of technologies to perform mutual TLS. (Code)
- s2n - Implementation of the TLS/SSL protocols. (Lobsters)
- TLS-Attacker - Java-based framework for analyzing TLS libraries.
- TLS Fingerprinting
- acme-rs - ACME Client for Let's Encrypt written in Rust to request SSL/TLS certificates.
- TLS Poison - Tool that allows for generic SSRF via TLS, as well as CSRF via image tags in most browsers.
- TLA+ Foundation
- Wait-For-Them - Wait until TCP services are running.
- TLStunnel - TLS reverse proxy unikernel.
- Post-Quantum TLS without handshake signatures (2020) (Code)
- Fighting TLS fingerprinting with Node.js (HN)
- Implementing TLS Encrypted Client Hello (2021) (HN)
- Not-quite-so-broken TLS
- cilium-certgen - Convenience tool to generate and store certificates for Hubble Relay mTLS.
- TLSChecker - Rust TLS/SSL certificate expiration date from command-line checker.
- async-tls - Async TLS/SSL streams using Rustls.
- async-native-tls - Asynchronous Native TLS.
- Ask HN: What's your solution for SSL on internal servers? (2022)
- Transport Layer Security (5/6) (2022)
- The Illustrated TLS 1.3 Connection: Every Byte Explained (Code) (HN)
- Bulletproof TLS and PKI (2022) - Understanding and deploying SSL/TLS and PKI to secure servers and web applications.
- tls-scan - Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven ).
- tincan-tls - Clean room implementation of TLS 1.3.
- tls-listener - Rust wrapper around a connection listener to support TLS.
- qtls - Modified version of the standard library's TLS implementation, modified for the QUIC protocol.
- Cero - Scrape domain names from SSL certificates of arbitrary hosts.
- Implementing a toy version of TLS 1.3 (2022) (HN)
- Feilich - Small, no dependency, TLS 1.3 implementation in Zig, for Zig.
- What is TLS fingerprinting? (2022)
- GoSSL - Cross platform, easy to use SSL tool written with native Go.
- uTLS - Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
- TLS Encrypted Client Hello
- snid - Lightweight proxy server that forwards TLS connections based on the server name indication (SNI) hostname.
- Ghostunnel - Simple SSL/TLS proxy with mutual authentication for securing non-TLS services.
- When eBPF meets TLS. Defeating TLS encryption with eBPF tricks (2022) (HN)
- Extracting TLS keys from an unwilling application (2020)
- hallucinate - One-stop TLS traffic inspection and manipulation using dynamic instrumentation.
- Mastering two way TLS - Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication.
- eCapture - Capture SSL/TLS text content without CA cert Using eBPF.
- proxyboi - Super simple reverse proxy with TLS support.
- TLS Reconciler - Hitless TLS Certificate Rotation Reconciliation Library.
- TLS-Scanner - Tool to assist pentesters and security researchers in the evaluation of TLS Server configurations.
- TLSX - Fast and configurable TLS grabber focused on TLS based data collection and analysis.
- Bertie - Minimal, high-assurance implementation of TLS 1.3 written in subset of Rust called hacspec.
- Picotls - TLS 1.3 implementation in C.
- The Illustrated DTLS Connection: Every Byte Explained (Code)
- hitch - Scalable TLS proxy by Varnish Software.
- Open to a fault: On the passive compromise of TLS keys via transient errors (2022)
- Using mutual TLS in place of API keys
- platform-tls - Certificate verification library for rustls that uses the operating system's verifier.
- TLS 1.3 in Zig
- BearSSL - Smaller SSL/TLS library. (HN)
- sslkeylog - Log SSL/TLS keys for decrypting SSL/TLS connections made in Python.
- TLSNotary - Proof of data authenticity. (Rust code)
- subtls - TypeScript TLS 1.3 client with limited scope.
- TLS Client - net/http.Client like HTTP Client with options to select specific client TLS Fingerprints to use for requests.
- Weakening TLS protection, South Korean style (2023) (HN)
- TurboTLS: TLS connection establishment with 1 less round trip (2023) (HN)
- CycleTLS - Spoof TLS/JA3 fingerprints in Go and JavaScript.
- Signal TLS Proxy
- Transport Layer Security (TLS) - Computerphile (2020)
- TLS Handshake Explained - Computerphile (2020)
- See this page fetch itself, byte by byte, over TLS (HN)
- Announcing Clipper: TLS-transparent HTTP debugging for native apps (2023) (Lobsters)