Discussion:
big thanks to
(too old to reply)
Wolfgang Agnes
2024-11-08 14:18:52 UTC
Permalink
I wanted to send a

BIG THANKS

to

Jan Mojžíš

for having written

https://github.com/janmojzis/tlswrapper

which is a TLS wrapper written in the UNIX way. I've been looking for a
program like that for a little while to be able to continue to use
Daniel J. Bernstein's tcpserver (wrapped in TLS).

And another thank-you for the fact that tlswrapper can read a single
file including the full chain of certificates and the private key of the
server.

(*) FreeBSD

I could not find a precompiled package of tlswrapper in FreeBSD's pkg
collection. Perhaps I should make that contribution.

(*) The ucspi-ssl package

There's sslserver from the ucspi-ssl package at

https://www.fehcom.de/ipnet/ucspi-ssl.html

but it hasn't been easy to compile it.

(*) inetd and xinetd

I did look at the current state of affairs of inetd and xinetd and it
looks like they ignore TLS completely. Perhaps they shouldn't?
Lawrence D'Oliveiro
2024-11-08 21:16:42 UTC
Permalink
Post by Wolfgang Agnes
(*) inetd and xinetd
I did look at the current state of affairs of inetd and xinetd and it
looks like they ignore TLS completely. Perhaps they shouldn't?
If you look at the tlswrapper docs, you’ll see that it can be invoked via
inetd (or systemd), and it in turn wraps the actual service process.
Wolfgang Agnes
2024-11-08 23:45:51 UTC
Permalink
Post by Lawrence D'Oliveiro
Post by Wolfgang Agnes
(*) inetd and xinetd
I did look at the current state of affairs of inetd and xinetd and it
looks like they ignore TLS completely. Perhaps they shouldn't?
If you look at the tlswrapper docs, you’ll see that it can be invoked via
inetd (or systemd), and it in turn wraps the actual service process.
That makes sense.
Alexis
2024-11-10 10:14:22 UTC
Permalink
Post by Wolfgang Agnes
https://github.com/janmojzis/tlswrapper
which is a TLS wrapper written in the UNIX way. I've been looking for a
program like that for a little while to be able to continue to use
Daniel J. Bernstein's tcpserver (wrapped in TLS).
You might be interested in reading about Laurent Bercot's s6-networking
suite, if you're not already aware of it:

https://skarnet.org/software/s6-networking/

For example, s6-tlsserver:

https://skarnet.org/software/s6-networking/s6-tlsserver.html
Post by Wolfgang Agnes
s6-tlsserver is an UCSPI server tool for TLS/SSL connections over INET
domain sockets. It acts as a TCP super-server that listens to
connections, accepts them, and for each connection, establishes a TLS
transport over it, then executes into a program.
Alexis.
Wolfgang Agnes
2024-11-11 22:07:51 UTC
Permalink
Post by Alexis
Post by Wolfgang Agnes
https://github.com/janmojzis/tlswrapper
which is a TLS wrapper written in the UNIX way. I've been looking for a
program like that for a little while to be able to continue to use
Daniel J. Bernstein's tcpserver (wrapped in TLS).
You might be interested in reading about Laurent Bercot's s6-networking
https://skarnet.org/software/s6-networking/
https://skarnet.org/software/s6-networking/s6-tlsserver.html
Post by Wolfgang Agnes
s6-tlsserver is an UCSPI server tool for TLS/SSL connections over INET
domain sockets. It acts as a TCP super-server that listens to
connections, accepts them, and for each connection, establishes a TLS
transport over it, then executes into a program.
Awesome! (Should've asked here many years ago!) Thanks for posting.
Loading...