User Tools

This is an old revision of the document!

SSL Proxy

General information

The Symbion SSL Proxy is a network server application. It listens on a TCP port, accepts SSL connections, and forwards them to an other (local or remote) TCP port, or UNIX domain socket. It is NOT a HTTPS server itself, but it can act as a HTTPS server, if you run an SSL Proxy server on port 443 which forwards the connections to port 80. SSL Proxy is tested with HTTP, but it should work with any SSL protocols, I think.

Security

SSL Proxy was developed with security in mind. When it allocated the server TCP port and loaded everything from the filesystem, it chroot()s to a (possibly empty) directory and changes the process's real and effective user id to a specified user.

Install

Make sure you have installed OpenSSL, than run make in the main directory. Copy ssl_proxy to anywhere you want :)

Key generation

SSL Proxy can not generate keys, use ssleay's req utility to do it: 

mkdir /etc/symbion; cd /etc/symbion
openssl req -days 365 -nodes -new -x509 -out cert.pem -keyout key.pem
chmod go-rwx key.pem

Usage

SSL Proxy does not has a config file, it simply has some command line options.

General options:

        -h                      Usage information.
        -d                      Turn on debugging. SSL Proxy will not go into
                                the background and it will print a lot of
                                debug information to stderr.
        -f                      Do not detach from the terminal and run in the
                                forground. Useful if you want to run SSL Proxy
                                from Symbion Daemon Tool.
        -i                      Provide some info to the server about the
                                client (see below)
        -s [<server host>:]<server port>
                                Specify the port, which SSL Proxy will listen
                                on (or address to bind to a specific interface).
        -c [<client host>:]<client port>
                                Specify the TCP port, which SSL Proxy will
                                connect to as a client (The forwarding port).
        -c unix:<socket path>
                                Specify the UNIX domain socket, which SSL Proxy
                                will connect to as a client (The forwarding port
        -m <max connection>     SSL Proxy will accept maximum this number of
                                connections.

SSL options:

        -C <certificate file>   SSL Public Certificate file (see Key generation)
        -K <key file>           SSL Private Key File (see Key generation).
        -p <cipher list>        SSL cipher list

Security options:

        -u <user/uid>           Change real and effective UID to this after
                                initialization.
        -r <chroot dir>         Chroot to the specified directory after
                                initialization.

Buffer size options:

        -U <upward buffer>      The size of the buffer used for
                                client -> server data transfer.
        -D <downward buffer>    The size of the buffer used for
                                server -> client data transfer.

Defaults:

    # ssl_proxy -s 443 -c localhost:80 -m 32 -C /etc/symbion/cert.pem \
            -K /etc/symbion/key.pem -U 2048 -D 8192

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also, you acknowledge that you have read and understand our Privacy Policy. If you do not agree, please leave the website.

More information