homepage-data/Projects/TLStunnel

23 lines
1 KiB
Text
Raw Normal View History

2017-09-17 13:13:28 +00:00
---
title: TLS reverse proxy
author: someone
abstract: ![TLS reverse proxy](/static/img/reverse.png)
---
![TLS reverse proxy](/static/img/reverse.png)
2017-09-17 13:14:29 +00:00
The [tlstunnel](https://github.com/hannesm/tlstunnel) is a proxy unikernel which
listens for TLS connections, and forwards requests to backend services, such as a
2017-09-17 14:00:44 +00:00
web server. The backend is chosen by inspecting the Server Name
2017-09-17 13:14:29 +00:00
Indication, a widely deployed extension of the TLS protocol, where a client
requests the server name to talk with during the TLS handshake.
2017-09-17 13:13:28 +00:00
2017-09-17 14:00:44 +00:00
The project is similar to others, such as stunnel or stud, but uses our TLS
2017-09-17 13:13:28 +00:00
implementation written in the memory-safe language OCaml, instead of one written
2017-09-17 14:00:44 +00:00
in C. The backend web servers don't need TLS support,
which lowers the maintainence burden. Most security problems in TLS
implementations are caused by unsafe memory handling and support for weak cryptographic primitives.
2017-09-17 13:13:28 +00:00
This TLS reverse proxy is deployed on various websites, including [Real World
OCaml](https://realworldocaml.org) since 2015.