MatrixSSL is an embedded SSL and TLS implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50Kb on disk with cipher suites. It includes client and server support through TLS 1.2, mutual authentication, session resumption, and implementations of RSA, ECC, AES, 3DES, ARC4, SHA2, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
The CyaSSL embedded SSL library is a lightweight SSL library written in ANSI C and targeted for embedded and RTOS environments, primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments and cloud services as well because of its royalty-free pricing and excellent cross platform support. CyaSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as HC-128, RABBIT, and NTRU.
OpenConnect server (ocserv) is an SSL VPN GNU/Linux server. Its purpose is to be a secure, small, fast, and configurable VPN server which depends on standard protocols like TLS 1.2 and Datagram TLS. It implements the AnyConnect SSL VPN protocol and is compatible with the OpenConnect VPN client (compatibility with other Anyconnect SSL VPN clients is experimental).
SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.
sec-wall is a feature-packed security proxy that supports SSL/TLS, WS-Security, HTTP Auth Basic/Digest, extensible authentication schemes based on custom HTTP headers and XPath expressions, powerful URL matching/rewriting, and an optional header enrichment. It's a security wall with which you can conveniently fence otherwise defenseless backend servers.
Industria is a collection of portable R6RS Scheme libraries for cryptography (AES, DES, Blowfish, HMAC, MD5, SHA-1, SHA-2, RSA, DSA, etc.), zip/gzip/zlib decompression, disassembly of amd64 machine code, Off-The-Record messaging, bytevector pack/unpack syntax, TLS connections via custom binary ports, and more.
sessiond allows a cluster of SSL/TLS servers to share their session caches in order to prevent each node of the cluster from negotiating a separate session. SSL/TLS session is basically a set of secret values (symmetric encryption keys, MAC secrets) shared between a client and a server. The use of asymmetric cryptography required to establish new sessions is the main performance bottleneck of the SSL/TLS protocol.
cqueues is a comprehensive event and networking library for Lua 5.2 and LuaJIT using modern Unix O(1) polling facilities. It includes libraries for buffered socket I/O, SSL/TLS sockets, DNS querying, signal handling, threading, file change notification, and X.509 key management. It natively supports Linux, *BSD, OS X, and Solaris systems without third-party dependencies, and is interoperable with any event loop that accepts plain descriptors, or is usable standalone.