Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.
Some of our users have received reports that their AddTrust External CA Root certificate is about to expire in less than 14 days. Here's how you can fix that.
This is an SSL certificate that is valid for all domains.
A Kubernetes controller to retrieve Letsencrypt certificates based on service annotationS
DNS lookup service incl EDNS client subnet, fast geolocation for IP or hostname, HTTP response headers, FREAK attack tester and more.
Scalable, open source X.509 certificate management
letskencrypt consists of isolated (jailed, sandboxed, privilege-dropped), independent components. Each of these is responsible for part of the sequence of manipulating a Let's Encrypt certificate for one or more domains:
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
acme-client - A Ruby client for the letsencrypt's ACME protocol.
Weak Diffie-Hellman and the Logjam Attack
Cipherli.st - Strong ciphers for Apache, nginx and Lighttpd
slscan tests SSL/TLS enabled services to discover supported cipher suites