SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.
OpenConnect server (ocserv) is an SSL VPN GNU/Linux server. Its purpose is to be a secure, small, fast, and configurable VPN server which depends on standard protocols like TLS 1.2 and Datagram TLS. It implements the AnyConnect SSL VPN protocol and is compatible with the OpenConnect VPN client and other Anyconnect SSL VPN clients.
MatrixSSL is an embedded SSL and TLS implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50K on disk with cipher suites. It includes SSL and TLS client and server support, session resumption, and implementations of RSA, AES, 3DES, ARC4, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.
CyaSSL is a C-language-based SSL library targeted for embedded and RTOS environments, primarily because of its small size and speed. CyaSSL supports the industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, includes SSL client libraries and an SSL server implementation, includes an OpenSSL compatibility layer, and offers several progressive ciphers such as RABBIT and HC-128. Dual licensed under both the GPLv2 and standard commercial licensing, it caters to a wide range of projects.
cqueues is a comprehensive event and networking library for Lua 5.2 and LuaJIT using modern Unix O(1) polling facilities. It includes libraries for buffered socket I/O, SSL/TLS sockets, DNS querying, signal handling, threading, file change notification, and X.509 key management. It natively supports Linux, *BSD, OS X, and Solaris systems without third-party dependencies, and is interoperable with any event loop that accepts plain descriptors, or is usable standalone.
pymiproxy is a small, lightweight, man-in-the-middle embeddable proxy capable of performing HTTP and HTTPS (or SSL) inspection. The proxy provides a built-in certificate authority that is capable of generating certificates for SSL-based destinations. Pymiproxy is also extensible, and provides two methods for extending the proxy: method overloading and a pluggable interface. It is ideal for situations where you're in dire need of a proxy to tamper with out- and/or in-bound HTTP data.
sec-wall is a feature-packed security proxy that supports SSL/TLS, WS-Security, HTTP Auth Basic/Digest, extensible authentication schemes based on custom HTTP headers and XPath expressions, powerful URL matching/rewriting, and an optional header enrichment. It's a security wall with which you can conveniently fence otherwise defenseless backend servers.
NXWEB is ultra-fast and super-lightweight web server for applications written in C. It can serve thousands of concurrent requests with a small memory footprint using an event-driven and multi-threaded model that is designed to scale. It features an exceptionally light code base, a simple API, decent HTTP protocol handling, keep-alive connections, SSL support (via GNUTLS), HTTP proxy (with keep-alive connection pooling), non-blocking sendfile support (with configurable small file memory cache), cacheable gzip content encoding, cacheable image thumbnails with watermarks (via ImageMagick), a modular design for developers, and the ability to run as a daemon.