A simple proxy that allows a TLS connection to be proxied over a local plaintext port without OpenSSL
- C 58.4%
- Nim 37.8%
- C# 2.3%
- Makefile 1.2%
- Shell 0.3%
| nimbledeps | ||
| src | ||
| .gitignore | ||
| build_windows_xp.bat | ||
| config.nims | ||
| LICENSE | ||
| README.md | ||
| tls_proxy.nimble | ||
tls_proxy
A simple proxy that allows a TLS connection to be proxied over a local plaintext port without OpenSSL.
The program uses BearSSL and Chronos to provide TLS 1.2 support without requiring support on the system for it. This means that it can be used to expose servers behind TLS 1.2 requirements to applications running on old operating systems without TLS 1.2 support like Windows XP.
Usage
Usage:
tls_proxy [REQUIRED,optional-params]
Options:
-h, --help print this cligen-erated help
--help-syntax advanced: prepend,plurals,..
-b=, --bindHost= string "127.0.0.1" The local hostname to bind to
--bindPort= uint16 REQUIRED The local port to bind to
-e=, --endpointHost= string REQUIRED The TLS endpoint host to proxy
--endpointPort= uint16 REQUIRED The TLS endpoint port to proxy
--endpointTlsName= string "" The endpoint hostname to check TLS certificates against (omit to use
hostname from endpointHost)
-d, --disableVerification bool false Whether to disable TLS hostname verification (expired certs will
still fail)
-p, --preferIpv4 bool false Whether to prefer IPv4 addresses when resolving the endpoint hostname
address
--preferIpv6 bool false Whether to prefer IPv6 addresses when resolving the endpoint hostname
address
Building
Install Nim 1.6.14 or higher (including 2.0.0) and then run:
nimble build
Building on Windows
You need MinGW and a few of its libraries to build this, in addition to Nim.
Among those are:
- mingw32-gcc bin+dev+lic
- mingw32-gcc-core-deps dll
- mingw32-libpthreadgc dev
If you are on Windows XP, you should run build_windows_xp.bat instead of nimble build.