30 open-source projects similar to rustls/rustls, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Rustls alternative.
rustls is a modern implementation of the Transport Layer Security protocol written in the Rust programming language. It serves as a cryptographic transport layer for establishing encrypted connections between clients and servers to ensure data privacy and integrity. The library features a pluggable crypto provider framework, allowing the substitution of cryptographic primitive implementations to meet specific platform architecture or regulatory compliance requirements. It provides capabilities for secure server configuration to handle encrypted incoming connections and secure client connecti
s2n is a C-based security library and TLS protocol implementation that serves as a secure network transport layer. It provides a modular cryptographic backend interface to encrypt data streams, manage handshakes, and handle mutual authentication between peers. The project focuses on post-quantum cryptography, integrating quantum-resistant key exchange and digital signatures to protect connections against future computing threats. It distinguishes itself through security hardening measures, such as memory-locked secret storage to prevent keys from being swapped to disk and timing-attack mitiga
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
This project is a C++ SDK and command-line interface designed for executing smart contract operations and managing blockchain wallet transactions. It functions as a toolkit for deploying and administering smart contract wallets through direct blockchain calls. The software incorporates a quantum-resistant cryptography library to generate and implement signatures designed to protect transactions against quantum computing threats. The SDK covers blockchain contract automation and administrative tooling, enabling the invocation of smart contract functions, fund transfers, and the automation of
This project is a comprehensive computer networking textbook and instructional resource. It serves as a technical guide for the design and implementation of network layers, protocols, and hardware architecture, covering the spectrum from physical links to application-layer protocols. The content provides a detailed study of standards for congestion control, reliable data delivery, and internetwork routing. It includes specialized technical material on network security, public-key infrastructure, and the operation of modern cloud infrastructure and data centers. The material covers a broad ra
Beast is a C++ library for implementing low-level HTTP and WebSocket clients and servers. It functions as an asynchronous networking framework designed to compose non-blocking I/O operations and layered stream stacks for managing concurrent network traffic, specifically utilizing the Boost.Asio asynchronous model. The library provides a comprehensive implementation of the HTTP/1.1 and WebSocket protocols. For HTTP, it includes primitives for parsing and serializing messages with support for chunked transfer encoding, incremental body reading, and request pipelining. Its WebSocket implementati
Signal-Android is an end-to-end encrypted messaging platform designed to ensure that only the sender and recipient can access communication content. The project provides a comprehensive framework for secure, asynchronous message initiation and key agreement, allowing users to establish private channels without requiring simultaneous online presence. It relies on a state machine architecture to manage communication epochs and authentication, ensuring consistent security transitions throughout the messaging lifecycle. The platform distinguishes itself through a hybrid cryptographic approach tha
This project provides a collection of practical implementations and code references for establishing secure network communications using transport layer security protocols. It serves as a guide for developers to implement public key infrastructure and enforce encryption standards within client and server applications. The repository focuses on cryptographic certificate management, including the generation of public and private key pairs and the creation of self-signed certificates for local testing environments. It covers the configuration of secure web servers, offering methods to harden ser
Signal-Desktop is a cross-platform messaging application that provides end-to-end encrypted communication. It implements the Signal Protocol to secure messages and voice calls, ensuring that only intended recipients can access content. The application manages asynchronous key exchange and session initialization to maintain secure communication channels between parties who are not online simultaneously. The project distinguishes itself through advanced cryptographic protections, including hybrid post-quantum security that combines classical elliptic curve cryptography with lattice-based algori
Liboqs is a C library that provides a unified interface for quantum-resistant cryptographic algorithms, including key encapsulation and digital signature mechanisms. It is designed to facilitate the integration of post-quantum security into existing protocols and applications, ensuring data protection against future threats from large-scale quantum computers. The library distinguishes itself through a focus on high-assurance implementations and side-channel resistance, utilizing constant-time primitives to prevent timing-based information leakage. It offers extensive build-time configuration,
This is a header-only C++ library that provides implementations for HTTP clients, HTTP servers, and a WebSocket framework. It allows for the creation of network services and the consumption of remote APIs without requiring a separate compilation step or external binary linking. The project features backend-agnostic TLS integration for secure HTTPS and WSS communication and employs a thread-pool model to process concurrent requests. It distinguishes itself with a full-duplex WebSocket state-machine and a middleware-based request pipeline that supports regular-expression path routing. The libr
Signal-iOS is an encrypted messaging client that provides secure communication for voice calls, media, and text. It functions as a complete implementation of the Signal Protocol, utilizing end-to-end encryption to ensure that only intended recipients can access transmitted data. The application distinguishes itself through the integration of advanced cryptographic standards, including the use of elliptic curve cryptography for identity verification and digital signature validation. It employs a double ratchet key exchange mechanism to rotate encryption keys for every individual message, ensur
Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchro
REALITY is a censorship circumvention tool and network traffic obfuscator designed to bypass internet filters. It functions as a secure tunneling protocol that masks connection patterns and identity by mimicking the TLS handshakes of legitimate target websites. The system removes server-side TLS fingerprints to hide encrypted traffic from network monitoring tools and deep packet inspection. It employs a website mimicking proxy to present valid handshakes and forward traffic to destination servers, masquerading the connection as a legitimate site visit. The project incorporates a quantum-resi
This repository is a collection of technical knowledge and solutions focused on mobile application development, particularly for Android and iOS platforms. It covers a wide range of practical engineering challenges, including hotfix and patching techniques, database management and repair, network communication, logging, and video processing. The content is presented as shared knowledge, documenting real-world problems and their implementations. The project provides detailed guidance on applying hotfixes to running Android applications through multiple methods, such as class replacement, full
pysheeet is a technical reference library providing a curated collection of code snippets and implementation patterns for advanced Python development, system integration, and high-performance computing. It serves as a comprehensive guide for implementing low-level network programming, native C extensions, and asynchronous and concurrent programming. The project provides specialized frameworks for the development and deployment of large language models, including tools for distributed GPU inference and high-performance serving. It also includes detailed patterns for high-performance computing
This project is an open-source software development kit and framework for implementing the Matter smart home standard. It provides a universal IPv6-based application layer and a cluster-based data model to ensure interoperability between diverse smart home devices and controllers. The system is distinguished by its multi-transport network abstraction, which maps Bluetooth LE, Thread, and Wi-Fi implementations to a common layer. It includes specialized tooling for secure device commissioning via QR codes and NFC, as well as a comprehensive over-the-air firmware update system for distributing s
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
Covenant is a .NET-based command and control framework designed for red team operations and adversary simulation. It serves as a collaborative platform for coordinating security assessments, managing remote implants, and executing tasks on compromised systems through a centralized server. The project is distinguished by its dynamic payload generator, which compiles and obfuscates executable binaries and scripts on the fly to bypass detection. It further separates itself through a collaborative environment that allows multiple authenticated operators to share a synchronized state, track operat
GlusterFS is a software-defined distributed file system and scale-out storage cluster that aggregates disk resources from multiple servers into a single global namespace. It functions as a unified storage platform, allowing the same underlying data to be exposed through file, block, and object storage interfaces. The system distinguishes itself through a decentralized architecture that uses consistent hashing to distribute files across network nodes without a central metadata server. It ensures data integrity and availability using self-healing replication, quorum-based consistency to prevent
This is a Ruby HTTP client designed for REST API integration, resource modeling, and automated network communication. It provides a set of tools for managing headers, cookies, and SSL configurations, along with a dedicated command-line interface for executing one-off HTTP commands and managing interactive API testing sessions. The project differentiates itself through its resource modeling capabilities, which allow for the definition of persistent base URLs and credentials to construct nested subresource endpoints. It also features a multipart request handler that detects MIME types to upload
Java-WebSocket is a collection of classes for implementing WebSocket clients and servers using pure Java. It provides a framework for hosting servers that manage connections via event-driven subclasses and tools for establishing client connections to remote servers. The library includes a secure communication tool for encrypting traffic using the WSS protocol and a compression library that uses per-message deflate extensions to reduce transmitted data size. It supports the configuration of cipher suites to limit encryption protocols and ensure compatible communication. The project enables bi
libwebsockets is an event-driven networking framework written in C. It provides a suite of tools for implementing HTTP servers and clients, WebSocket bidirectional communication, MQTT client messaging, and TLS-enabled socket encryption. The project distinguishes itself through a non-blocking event-loop architecture capable of scaling to high connection volumes by distributing network sessions across multiple service threads. It uses a protocol-based callback system and a pluggable event loop integration that allows the networking core to synchronize with external system event libraries. The
Forge is a JavaScript cryptography library providing a comprehensive set of tools for symmetric and asymmetric encryption, hashing, and digital signatures. It includes a full Transport Layer Security implementation for establishing secure network connections and managing encrypted traffic. The project implements a wide array of public key infrastructure tools, including X.509 certificate management, the generation of certificate signing requests, and the validation of certificate chains. It provides a PKCS cryptographic toolkit for handling secure archives and signed messages, alongside suppo
Mongoose is an embedded networking library providing TCP/IP stacks, web server hosting, and IoT device connectivity. It enables microcontrollers and desktop systems to implement network protocols including HTTP, WebSocket, and MQTT. The project provides a bare-metal TCP/IP stack for environments without a native operating system and includes built-in TLS and ECC encryption to secure network traffic. It features a binary-embedded file system to serve web content directly from the executable and supports over-the-air firmware updates for managing device fleets. Additional capabilities cover as
Ockam is a zero-trust networking framework designed to secure data transit between distributed applications using an identity-based network overlay. It provides the primitives necessary to establish mutually authenticated and end-to-end encrypted connections, removing the reliance on traditional network-layer security. The project is distinguished by its use of attribute-based access control and verifiable credentials to manage trust at scale. It implements cryptographic identity rotation to maintain identity continuity and integrates with hardware-backed key management systems to secure priv
mcp-agent is a framework for building AI agents that integrate with Model Context Protocol servers to execute tools and access data. It functions as a multi-agent orchestrator and protocol-compliant server, enabling the creation of agents that can discover and invoke tools from connected external servers. The project distinguishes itself through a durable workflow engine that supports long-running tasks capable of pausing, resuming, and surviving restarts. It implements complex orchestration patterns, including iterative evaluator-optimizer loops, hierarchical workflow nesting, and specialist
libhv is a high-performance C/C++ network library and event-driven I/O framework used to build TCP, UDP, SSL, HTTP, WebSocket, and MQTT clients and servers. It provides a non-blocking event loop for managing network sockets, timers, and system signals across multiple threads. The project is distinguished by its integrated support for specialized network roles, including a full HTTP web server with RESTful routing and middleware, an MQTT messaging client for IoT communication, and the ability to implement SOCKS5 and HTTP proxies. It also features a reliable UDP implementation to ensure ordered