MatrixSSL is an embedded SSL and TLS implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50K on disk with cipher suites. It includes SSL and TLS client and server support, session resumption, and implementations of RSA, AES, 3DES, ARC4, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.
CyaSSL is a C-language-based SSL library targeted for embedded and RTOS environments, primarily because of its small size and speed. CyaSSL supports the industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, includes SSL client libraries and an SSL server implementation, includes an OpenSSL compatibility layer, and offers several progressive ciphers such as RABBIT and HC-128. Dual licensed under both the GPLv2 and standard commercial licensing, it caters to a wide range of projects.
sessiond allows a cluster of SSL/TLS servers to share their session caches in order to prevent each node of the cluster from negotiating a separate session. SSL/TLS session is basically a set of secret values (symmetric encryption keys, MAC secrets) shared between a client and a server. The use of asymmetric cryptography required to establish new sessions is the main performance bottleneck of the SSL/TLS protocol.
Industria is a collection of portable R6RS Scheme libraries for cryptography (AES, DES, Blowfish, HMAC, MD5, SHA-1, SHA-2, RSA, DSA, etc.), zip/gzip/zlib decompression, disassembly of amd64 machine code, Off-The-Record messaging, bytevector pack/unpack syntax, TLS connections via custom binary ports, and more.
SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.
cqueues is a comprehensive event and networking library for Lua 5.2 and LuaJIT using modern Unix O(1) polling facilities. It includes libraries for buffered socket I/O, SSL/TLS sockets, DNS querying, signal handling, threading, file change notification, and X.509 key management. It natively supports Linux, *BSD, OS X, and Solaris systems without third-party dependencies, and is interoperable with any event loop that accepts plain descriptors, or is usable standalone.
OpenConnect server (ocserv) is an SSL VPN GNU/Linux server. Its purpose is to be a secure, small, fast, and configurable VPN server which depends on standard protocols like TLS 1.2 and Datagram TLS. It implements the AnyConnect SSL VPN protocol and is compatible with the OpenConnect VPN client and other Anyconnect SSL VPN clients.