Let's Encrypt for the rest of us

Before Let's Encrypt, getting a TLS certificate was not an process you could automate. It was tedious and manual, you had to go through an administrative process, send documentation. It ranged from costly to very costly.

Let's Encrypt made obtaining TLS certificates easy.

But even with LE, setting up TLS is a tedious process. You must go through tons of options of your webserver, and check that your configuration satisfies best practices.

That's because TLS/SSL is an old protocol born more than 20 years ago, and it has changed a lot since then. Many security features were added, and vulnerabilities were removed since that time. So webservers had to support all these options, attempting to support all those changes in time.

TLSproxy trades configurability for ease of use. The majority of the web is still not using TLS, because TLS is hard to get right and most people feel intimidated or grow bored when it comes to setup a secure web server.

TLSproxy makes setting up a TLS server easy.

I'm also the author of SSLping.com. It was created to monitor your TLS webserver, checking its configuration every day. And Everyday, SSLping sends emails to people attempting to tell them what mistake they made in their configuration. Wrong or expired certificates, old and insecure protocol versions or ciphers still supported, these errors are commonplace.

That's why I built TLSproxy: because TLS was hard to get right.

Fork me on GitHub