Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   549 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TLSSRV(8)							     TLSSRV(8)

NAME
       tlssrv,	tlsclient,  tlssrvtunnel,  tlsclienttunnel  -  TLS  server and
       client

SYNOPSIS
       tlssrv [ -c cert.pem ] [ -l logfile ] [ -r remotesys ] cmd [  args  ...
       ]

       tlsclient [ -t trustedkeys ] [ -x excludedkeys ] address

       tlssrvtunnel plain-addr crypt-addr cert.pem

       tlsclienttunnel crypt-addr plain-addr trustedkeys

DESCRIPTION
       Tlssrv  is a helper program, typically exec'd in a /bin/service file to
       establish an SSL or TLS connection before launching cmd args; a typical
       command	might  start  the IMAP or HTTP server.	Cert.pem is the server
       certificate; factotum(4) should hold  the  corresponding	 private  key.
       The  specified  logfile	is  by	convention  the same as for the target
       server.	Remotesys is mainly used for logging.

       Tlsclient is the reverse of tlssrv: it dials address, starts  TLS,  and
       then  relays between the network connection and standard input and out‐
       put.  If the -t flag (and, optionally,  the  -x	flag)  is  given,  the
       remote  server must present a key whose SHA1 hash is listed in the file
       trustedkeys but not in the file excludedkeys.   See  thumbprint(6)  for
       more information.

       Tlssrvtunnel  and tlsclienttunnel use these tools and listen1 (see lis‐
       ten(8)) to provide TLS network tunnels, allowing legacy application  to
       take advantage of TLS encryption.

EXAMPLES
       Listen	for  TLS-encrypted  IMAP  by  creating	a  server  certificate
       /sys/lib/tls/imap.pem and a  listener  script  /bin/service.auth/tcp993
       containing:

	      #!/bin/rc
	      exec tlssrv -c/sys/lib/tls/imap.pem -limap4d -r`{cat $3/remote} \
		  /bin/ip/imap4d -p -dyourdomain -r`{cat $3/remote} \
		  >[2]/sys/log/imap4d

       Interact	  with	 the   server,	 putting  the  appropriate  hash  into
       /sys/lib/tls/mail and running:

	      tlsclient -t /sys/lib/tls/mail tcp!server!imaps

       Create a TLS-encrypted VNC connection from a client  on	kremvax	 to  a
       server on moscvax:

	      mosc% vncs -d :3
	      mosc% tlssrvtunnel tcp!moscvax!5903 tcp!*!12345 \
		      /usr/you/lib/cert.pem
	      krem% tlsclienttunnel tcp!moscvax!12345 tcp!*!5905 \
		      /usr/you/lib/cert.thumb
	      krem% vncv kremvax:5

       (The  port  numbers passed to the VNC tools are offset by 5900 from the
       actual TCP port numbers.)

FILES
       /sys/lib/tls

SOURCE
       /sys/src/cmd/tlssrv.c
       /sys/src/cmd/tlsclient.c
       /rc/bin/tlssrvtunnel
       /rc/bin/tlsclienttunnel

SEE ALSO
       factotum(4), listen(8), rsa(8)
       Unix's stunnel

								     TLSSRV(8)

                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 

Vote for polarhome