Our software makes internet connections for us all day, and shielding nomadic users and unpredictable services against even the most common external attacks is pretty challenging. Transport Layer Security (TLS) was designed for this purpose, but more often than not it users do not get the protection they deserve. Cryptography may not be too difficult to get started with, but it certainly is tough to completely lock down. How do we protect and monitor all those connections, and make sure that no software is left behind in the arms race - exposing users and their systems to information leaks or worse?
This is where TLS Pool comes into play - it creates one shared mechanism in your network (or on your machine) where all cryptography and security responsibilities are carefully dealt with. TLS Pool provides a policy enforcement point, speeds up connections by caching across protocols and users, enables hardware and software cryptodevices (PKCS11 even for unchanged software using our TLS Tunnel wrapper) and puts the process of setting up connections into an isolated process. And there is more: TLS Pool makes it possible to centrally manage keys (including pinning), process key rollovers and handle revocations. It is DNSSEC and DANE aware, and can use LDAP/Global Directory to securely retrieve keys for self-signed user certificates. If you need to use certificate authorities, of course that is still an option. And the great thing is - it is pretty darn easy to integrate into your software.
TLS pool consists of three components:
Download now from Github, or fork the code and send us a pull request.Download now