Proper SSL is a series of best practices for establishing SSL connections between clients and servers.
For an overview of SSL itself and the inspiration that that lead to the creation of this site read this post.
Examples of using SSL found across the web are frequently incomplete or insecure. Proper SSL aims to make it easier to follow best practices by providing a series of complete example configurations for establishing SSL connections in the most popular client/server environments.
Each repository contains a self-contained example of how to properly establish and use an SSL connection. The objective isn't to create the most extensible SSL examples but to have a cheat sheet of the right way to do things. Whenever possible, external dependencies should be minimized.
Each example is runnable. Given their client/server nature, the preferred way is to define a test server using Vagrant so that new users can run tests with a simple
vagrant up command.
Any additional steps needed to run an example should be in its
Examples of clients securely connecting to servers should be named in the following format:
languageis the programming language used (eg. java, ruby, python).
interface/frameworkis the framework used (eg. jdbc, sqlalchemy, datamapper, dbi).
targetis the server being connected to. This will usually be an external server (eg. postgresql, mysql).
Unless there's a good reason, don't add "ssl" to the name of the repo.
Examples of server configurations should be named in the following format:
server-nameis the name of the server used (eg. nginx, apache2, mysql).
descriptionis a short description about what's being configured (eg. pfs).
- nginx with Perfect Forward Security
- PostgreSQL JDBC with self-signed certificate validation
- MariaDB JDBC with self-signed certificate validation
Contributions of new examples are always welcome. To suggest new examples, please submit an issue. If you've created a working example publish it on GitHub and we'll fork it.
Unless explicitly specified otherwise, all Proper SSL code is released under the MIT License.
Proper SSL is brought to you by JackDB.