parazyd.org/1/git/tlstun/file/README.md.gph

  URI:

       tREADME.md - tlstun - simple go program to add tls support to other listeners
  HTML git clone https://git.parazyd.org/tlstun
   DIR Log
   DIR Files
   DIR Refs
   DIR README
   DIR LICENSE
       ---
       tREADME.md (1848B)
       ---
            1 tlstun
            2 ======
            3 
            4 tlstun is a simple Go program that will add TLS support for your
            5 programs that do not have it.
            6 
            7 It simply proxies from one TLS-listening host:port to another plaintext
            8 (or TLS if using `-forwardtls`) host:port. If TLS is not your thing,
            9 you can also proxy plain TCP traffic.
           10 
           11 
           12 Installation
           13 ------------
           14 
           15 ```
           16 $ go get github.com/parazyd/tlstun
           17 ```
           18 
           19 Make sure you generate or acquire a TLS certificate keypair to use with
           20 tlstun.
           21 
           22 
           23 Usage
           24 -----
           25 
           26 ```
           27 Usage of ./tlstun:
           28   -cacert string
           29         Path for CA certificate file (default "ca.pem")
           30   -cert string
           31         Path for Certificate file (default "server.pem")
           32   -forward string
           33         Forward address (default "127.0.0.1:72")
           34   -forwardtls
           35         Forward using TLS
           36   -key string
           37         Path for Key file (default "server-key.pem")
           38   -listen string
           39         Listen address (default "127.0.0.1:7443")
           40   -notls
           41         Disable TLS and tunnel plain TCP
           42   -tlsver int
           43         TLS version to use (11, 12, 13) (default 13)
           44   -verbose
           45         Verbose mode
           46   -verifyclient
           47         Do client verification
           48 ```
           49 
           50 tlstun supports two different ways of multiplexing, one being normal TLS
           51 proxying, and the other being TLS proxying with client certificate
           52 authentication. In addition to this, tlstun can also opt-out of TLS and
           53 proxy plain TCP without encryption by using the `-notls` flag.
           54 
           55 
           56 ### Without client verification
           57 
           58 Start tlstun with `-cert` and `-key`, and it will simply provide a TLS
           59 forward to its destination with the given TLS certificate.
           60 
           61 
           62 ### With client verification
           63 
           64 With client verification, start tlstun with `-cacert`, `-cert`, `-key`,
           65 and `-verifyclient` and it will do client certificate verification. This
           66 means it will only allow access from clients providing a certificate
           67 signed by the CA certificate that is being loaded/used with tlstun on
           68 startup with `-cacert`.