bash_tls: minimalist TLS 1.2 in pure bash


bash_tls, a pioneering project that brings TLS 1.2 protocol capabilities directly into the realm of Bash scripting. Designed for simplicity, bash_tls allows users to make HTTPS requests to most web servers using a pure Bash script. This lightweight implementation supports the TLS_RSA_WITH_AES_128_GCM_SHA256 cipher suite, incorporating RSA key exchange, HMAC-SHA256 for the pseudorandom function, and AES in GCM mode for encryption. It also features Server Name Indication support, enhancing its utility.

However, bash_tls comes with its limitations. It exclusively supports RSA certificates and lacks the functionality to validate certificate chains, pointing towards its use in specific scenarios rather than as a comprehensive TLS solution. The script’s dependencies are minimal, requiring only bash 4.3 or higher with net redirections enabled, GNU bc for RSA calculations, and sha256sum or shasum for hashing.

While bash_tls is a novel tool for tech enthusiasts and developers looking for a straightforward way to implement TLS in scripts, its performance is notably not its selling point. This project represents a unique intersection of networking security and shell scripting, opening new possibilities for scripting applications in secure communication contexts.
Read more at GitHub…