./security/tlswrapper, UCSPI/inetd-style TLS encryption wrapper

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

---

Branch: pkgsrc-2022Q1, Version: 20220114, Package name: tlswrapper-20220114, Maintainer: schmonz

tlswrapper is an TLS encryption wrapper between remote client and local
program prog. Systemd.socket/inetd/tcpserver/... creates the server
connection, tlswrapper encrypts/decrypts data stream and reads/writes
data from/to the program prog as follows:

Internet <--> systemd.socket/inetd/tcpserver/... <--> tlswrapper <--> prog

By running separate instance of tlswrapper for each TLS connection, a
vulnerability in the code (e.g. bug in the TLS library) can't be used to
compromise the memory of another connection.

To protect against secret-information leaks to the network connection
(such Heartbleed) tlswrapper runs two independent processes for every
TLS connection. One process holds secret-keys and runs secret-keys
operations and second talks to the network. Processes communicate with
each other through UNIX pipes.

---

Master sites:

• https://github.com/janmojzis/

---

Version history: (Expand)

• (2022-03-31) Package added to pkgsrc.se, version tlswrapper-20220114 (created)

---

---

This site is operated by pkgsrc.pub, Contact