OpenSSL is a toolkit for the TLS and SSL.
OpenSSL - Wikiwand
ossl-guide-introduction - OpenSSL Documentation
How SSL Certificates Use Digital Signatures
OpenSSL Cookbook | Feisty Duck ❗!important
OpenSSL PKI Tutorial v2.0 — OpenSSL PKI Tutorial
OpenSSL Essentials: Working with SSL Certificates, Private Keys and CSRs | DigitalOcean
Symmetric Key Decryption Methods (AES, ARIA, Blowfish, Camellia, ChaCha20, Cast, DES, 3DES, IDEA, RC2 and RC4) CLI command generator
The Most Common OpenSSL Commands
Some list of openssl commands for check and verify your keys
OpenSSL command cheatsheet
OpenSSL Quick Reference Guide
jbp.io :: TLS performance: rustls versus OpenSSL
Troubleshooting
sudo su
sudo tcpdump -vvv -s 0 -nni <interface> -w <file> host <host> and port <port> &
openssl s_client -connect <host>:<port> -state -msg
openssl s_client -connect www.feistyduck.com:443 -CApath /etc/ssl/certs/ # TLS1.2
openssl s_client -connect toco.hk:443 -CApath /etc/ssl/certs/ # cert error
# e.g.
sudo su
sudo tcpdump -vvv -s 0 -nni eno1 -w internal.cap host 10.6.64.170 and port 443 &
openssl s_client -connect 10.6.64.170:443 -state -msg
SOL15475 - Troubleshooting SSL/TLS renegotiation
SOL15292 - Troubleshooting SSL/TLS handshake failures
SOL10209 - Overview of packet tracing with the ssldump utility
Alternate Implementations
Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions
LibreSSL
fork of OpenSSL by OpenBSD
Tink/BoringSSL
Google originally forked OpenSSL as BoringSSL
Tink | Google for Developers
Goodbye OpenSSL, and Hello To Google Tink | by Prof Bill Buchanan OBE FRSE | ASecuritySite: When Bob Met Alice | Medium
Tink Cryptography Library
boringssl - Git at Google
mbedtls
implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols
Mbed TLS
Mbed-TLS/mbedtls: An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
Mbed TLS documentation hub — Mbed TLS documentation
Implements PSA Crypto API
PSA Certified Crypto API 1.2 — PSA Certified Crypto API 1.2
wolfSSL
wolfSSL – Embedded SSL/TLS Library
WolfSSL - Wikiwand
wolfSSL/wolfssl: The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3! GPL
SymCrypt
microsoft/SymCrypt: Cryptographic library
microsoft/SymCrypt-OpenSSL: OpenSSL engine for use with SymCrypt cryptographic library
Botan
Network Security Services (NSS)
Network Security Services (NSS) — Firefox Source Docs documentation
certutil
cmsutil
crlutil
modutil
nss-config
pk12util
shlibsign
signtool
signver
ssltap
CFSSL
Introducing CFSSL - CloudFlare's PKI toolkit
cloudflare/cfssl: CFSSL: Cloudflare's PKI and TLS toolkit
myca.json
:
{
"CN": "k3s",
"hosts": ["k3s"],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "SG",
"ST": "SG",
"L": "Singapore"
}
]
}
cfssl gencert -initca myca.json | cfssljson -bare myca
serverRuest.json
{
"CN": "registry",
"hosts": [ "ubuntu" ],
"key": {
"algo": "rsa",
"size": 2048
}
}
cfssl gencert -ca=myca.pem -ca-key=myca-key.pem -config=ca-config.json -profile=server -hostname=ubuntu serverRequest.json | cfssljson -bare registry
GnuTLS
pretty outdated, not recommend