TLS Pool

TLS made easy

Fork me on Github
Man page

Securing internet connections?


Our software makes internet connections for us all day, and shielding nomadic users and unpredictable services against even the most common external attacks is pretty challenging. Transport Layer Security (TLS) was designed for this purpose, but more often than not it users do not get the protection they deserve. Cryptography may not be too difficult to get started with, but it certainly is tough to completely lock down. How do we protect and monitor all those connections, and make sure that no software is left behind in the arms race - exposing users and their systems to information leaks or worse?

What does TLS Pool do?

This is where TLS Pool comes into play - it creates one shared mechanism in your network (or on your machine) where all cryptography and security responsibilities are carefully dealt with. TLS Pool provides a policy enforcement point, speeds up connections by caching across protocols and users, enables hardware and software cryptodevices (PKCS11 even for unchanged software using our TLS Tunnel wrapper) and puts the process of setting up connections into an isolated process. And there is more: TLS Pool makes it possible to centrally manage keys (including pinning), process key rollovers and handle revocations. It is DNSSEC and DANE aware, and can use LDAP/Global Directory to securely retrieve keys for self-signed user certificates. If you need to use certificate authorities, of course that is still an option. And the great thing is - it is pretty darn easy to integrate into your software.

TLS Pool is part of the project. More technical information about TLS Pool, including how applications can use it, usage of PKCS #11 and more can be found on

Download or fork now

Download now from Github, or fork the code. Have fun!

Download now Fork

What is TLS Pool?

TLS pool consists of three components:

  • a cache where all the connections of different systems in the TLS Pool are stored
  • a background process (daemon) that sets up and brings down TLS connections, and handles authentication and encryption
  • a cryptografic interface to secure hardware and software crypto devices (PKCS #11)

Download or fork now

Download now from Github, or fork the code and send us a pull request.

Download now

Internet Wide organisation | Contact