(Author here.) I'd be more wary of using security software that changes frequently, since every code change is an opportunity for a new security vulnerability to be introduced. I'm very cautious with changes to titus.
That said, 0.3 will be released any day now. It's pending testing of the new FreeBSD support.
Is there a roadmap to reach 1.0 release? I wondered because of this statement in your web site: "it has not yet undergone serious testing or performance optimization. Additionally, we may make backwards-incompatible changes to the behavior before titus reaches version 1.0"
This looks great. Any tips on how to terminate mixed-mode protocols like MySQL's SSL mode and IMAP's STARTTLS? Vanilla unwrapper daemons generally don't handle the case of initial unencrypted bit twiddling, and then SSL negotiation.
Unfortunately not. STARTTLS is the bane of standalone TLS terminators like titus, which is one of the reasons I really dislike STARTTLS. I won't rule out titus supporting STARTTLS some day, but the idea of integrating parsers for a bunch of different protocols into titus is really unappealing.
Any program that is constantly being updated and/or re-released is, for me, the one I'm more wary about trusting.
As an example, look at djb's software. After a period in the beginning, you do not see the constant releases and updates.
To me, trustworthy software is software that is "correct", if that is even attainable.
Ideally, if the author is truly careful, it should be close to "correct" when it initially released.
Numerous releases and updates year after year to me suggests the software was not very close to correct when the author decided it was time to release. Or that the author is pandering to feature requests.
As with the parent comment, this is only an opinion.
NaCl and CurveCP have not been updated in years. But I feel it's more trustworthy than TLS.
That said, 0.3 will be released any day now. It's pending testing of the new FreeBSD support.