Introduction to NoSSL

NoSSL Slider

NoSSL is an open-source software to encrypt the data sent between browser and webserver to protect it from hackers, internet service providers and spies.
It is a simple-to-implement library written in PHP and JavaScript, which you can easily integrate into your website. It will protect your login forms, contact forms and posts.

While NoSSL is not a replacement for SSL-certificates it is a lot better than using no SSL / security at all.

Millions of great websites do not provide any protection for their login or contact forms. When website visitors enter confidential information like names, e-mail addresses and passwords, these informations are transmitted openly between web browsers and web servers. Anyone with a connection on the same network could grab these informations and impersonate the user not only on this website but sometimes on other websites, too as many people use the same passwords for multiple websites. Even simple contact forms can offer valuable information to criminals.

SSL is a good way to encrypt the data between the web browser and web server. However, SSL certificates come with some disadvantages like tedious installation, high yearly costs and the need for an individual IP address.

NoSSL offers a simple way to protect the traffic between browser and server by using strong encryption protocols. The setup for the protection of your website forms is easy and done in a few well-documented steps. You can download NoSSL for free here.

We are still looking for developers, who would like to write a plugin for Joomla or other CMS/software. NoSSL was invented and programmed in Germany by Smart In Media in 2013/2014.

Here is a demo of the functionality: Click to open

You can download Version 1.1 here!


  1. Hello,
    I am currently developing my website, and need an SSL alternative. I am pleased with what I am seeing regarding NoSSL, but want to see what can be done license wise. The website will always be free to our users, but I may need to add in Google ads in the future strictly to support server fees. It is not for profit whatsoever. May I have permission to integrate NoSSL in my website?

    Luke Bullard

  2. This project is brilliant — I have been looking around for options to the insecure handling of client to server data transmission where SSL is not guarunteed and was very happy to find this mentioned in a StackExchange comment.

    My question regards your license, and I figured posting it here would be a good option for anyone else who might have a similar question down the line.

    I would love to use NoSSL in a WordPress plugin I am developing for a client. NoSSL is ideal in this situation, because the availability of the php ssl extension on whatever server might be running the plugin is unknown. There will be a premium version of the plugin available, as well as a free version. The plugin’s purpose is to interact with a relatively obscure CRM API, and has nothing to do with security, encryption, etc.

    Regardless of whether or not you all are comfortable with your library being used in such an instance, let me say that this is a very cool plugin — great work!

    • Dear Patrick:
      Thank you very much for your nice comment. NoSSL has been a lot of work and yet it is not being recognized. But maybe this just takes time.
      For your question: There is a WordPress plugin + Typo3 plugin already, which are licensed under the GNU Public license (GPL).
      If you want to use the whole library for private /non-commercial use, you can also use it under the GPL. If you want to use it for a commercial product, please inquire through the contact form or info (at) smartinmedia (dot) com



  3. regarding MITM there might be ways to do external checks …. it would just need another server somewhere else – , hopefully where the network path to the user’s browser is somwhat different
    . if you have that get it to pass a token back — there you go ..

    think about something like a decentralised federated social network
    if there’s a network of sites then it might be possible for those sites to set up something to the external verification for each other .. and those sites might be more comfortable with trusting each other to do verification than unknown companies,

    then there’s also the classic case of a private local network – they might not want to depend on verification requests going to external servers outside their network.


    what if you have a vps with multiple domains pointing to it?
    with a lot of old browsers out there that don’t know how to send what domain they want whatever you do with port 443 there will be problems for users –
    and if you have a .com and a .net and a .info and a .org on there I doubt any wildcard certificate will be of much use even on modern browsers that can do SNI .. (and not everyone can can afford a wildcard cert anyway)
    so what are they meant to do?

    and that would be even worse for anyone on shared hosting

    a huge corporations can just put every domain on a separate server and maybe even buy up a CA trusted by browsers
    .. for most of the the rest of us those options aren’t really there.

    theres is no one-size-fits-all when it comes to whom to trust to do verification.
    … who should control that verification server probably depends somewhat on the use case.

    projects like this are very much needed .. a lot of people just have not woken up yet….