A simple proxy that allows a TLS connection to be proxied over a local plaintext port without OpenSSL
  • C 58.4%
  • Nim 37.8%
  • C# 2.3%
  • Makefile 1.2%
  • Shell 0.3%
Find a file
2023-10-01 01:30:34 -04:00
nimbledeps ignore binaries in dependencies page 2023-09-30 21:57:03 -04:00
src remove obsolete TODO 2023-10-01 01:30:34 -04:00
.gitignore Initial commit 2023-09-30 21:42:16 -04:00
build_windows_xp.bat Initial commit 2023-09-30 21:42:16 -04:00
config.nims a few improvements, and explicit 2.0.0 support 2023-09-30 21:55:30 -04:00
LICENSE Initial commit 2023-10-01 01:36:29 +00:00
README.md add usage section to config 2023-10-01 01:28:14 -04:00
tls_proxy.nimble a few improvements, and explicit 2.0.0 support 2023-09-30 21:55:30 -04:00

tls_proxy

A simple proxy that allows a TLS connection to be proxied over a local plaintext port without OpenSSL.

The program uses BearSSL and Chronos to provide TLS 1.2 support without requiring support on the system for it. This means that it can be used to expose servers behind TLS 1.2 requirements to applications running on old operating systems without TLS 1.2 support like Windows XP.

Usage

Usage:
  tls_proxy [REQUIRED,optional-params] 
Options:
  -h, --help                                      print this cligen-erated help
  --help-syntax                                   advanced: prepend,plurals,..
  -b=, --bindHost=           string  "127.0.0.1"  The local hostname to bind to
  --bindPort=                uint16  REQUIRED     The local port to bind to
  -e=, --endpointHost=       string  REQUIRED     The TLS endpoint host to proxy
  --endpointPort=            uint16  REQUIRED     The TLS endpoint port to proxy
  --endpointTlsName=         string  ""           The endpoint hostname to check TLS certificates against (omit to use
                                                  hostname from endpointHost)
  -d, --disableVerification  bool    false        Whether to disable TLS hostname verification (expired certs will
                                                  still fail)
  -p, --preferIpv4           bool    false        Whether to prefer IPv4 addresses when resolving the endpoint hostname
                                                  address
  --preferIpv6               bool    false        Whether to prefer IPv6 addresses when resolving the endpoint hostname
                                                  address

Building

Install Nim 1.6.14 or higher (including 2.0.0) and then run:

nimble build

Building on Windows

You need MinGW and a few of its libraries to build this, in addition to Nim.

Among those are:

  • mingw32-gcc bin+dev+lic
  • mingw32-gcc-core-deps dll
  • mingw32-libpthreadgc dev

If you are on Windows XP, you should run build_windows_xp.bat instead of nimble build.