tAdd support for plain TCP without TLS. - tlstun - simple go program to add tls support to other listeners HTML git clone https://git.parazyd.org/tlstun DIR Log DIR Files DIR Refs DIR README DIR LICENSE --- DIR commit 80766e8d7d6b78f0c471717d3e3ec32f590bbf75 DIR parent 39006a514a813efc24ad4e4db8392ac0c9a3c8a1 HTML Author: parazyd <parazyd@dyne.org> Date: Wed, 11 Sep 2019 19:28:00 +0200 Add support for plain TCP without TLS. Diffstat: M README.md | 8 ++++++-- M tlstun.go | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) --- DIR diff --git a/README.md b/README.md t@@ -5,7 +5,8 @@ tlstun is a simple Go program that will add TLS support for your programs that do not have it. It simply proxies from one TLS-listening host:port to another plaintext -host:port. +host:port. If TLS is not your thing, you can also proxy plain TCP +traffic. Installation t@@ -34,6 +35,8 @@ Usage of ./tlstun: Path for Key file (default "server-key.pem") -listen string Listen address (default "127.0.0.1:7443") + -notls + Disable TLS and just tunnel plain TCP -tlsver int TLS version to use (11, 12, 13) (default 13) -verbose t@@ -44,7 +47,8 @@ Usage of ./tlstun: tlstun supports two different ways of multiplexing, one being normal TLS proxying, and the other being TLS proxying with client certificate -authentication. +authentication. In addition to this, tlstun can also opt-out of TLS and +proxy plain TCP without encryption by using the `-notls` flag. ### Without client verification DIR diff --git a/tlstun.go b/tlstun.go t@@ -39,6 +39,7 @@ var ( forward = flag.String("forward", "127.0.0.1:72", "Forward address") client = flag.Bool("verifyclient", false, "Do client verification") verbose = flag.Bool("verbose", false, "Verbose mode") + notls = flag.Bool("notls", false, "Disable TLS and just tunnel plain TCP") tlsver = flag.Int("tlsver", 13, "TLS version to use (11, 12, 13)") ) t@@ -108,6 +109,10 @@ func server() (net.Listener, error) { return nil, err } + if *notls { + return t, nil + } + cfg, err := tlsConfig(*cert, *key) if err != nil { return nil, err