homepage-data/Projects/TLStunnel
2017-09-17 14:14:29 +01:00

22 lines
1 KiB
Text

---
title: TLS reverse proxy
author: someone
abstract: ![TLS reverse proxy](/static/img/reverse.png)
---
![TLS reverse proxy](/static/img/reverse.png)
The [tlstunnel](https://github.com/hannesm/tlstunnel) is a proxy unikernel which
listens for TLS connections, and forwards requests to backend services, such as a
web server. The specific backend is chosen by inspecting the Server Name
Indication, a widely deployed extension of the TLS protocol, where a client
requests the server name to talk with during the TLS handshake.
It is similar to other projects such as stunnel or stud, but uses our TLS
implementation written in the memory-safe language OCaml, instead of one written
in the error-prone language C. The backend web servers don't need TLS support,
which lowers the maintainence burden. Many security issues in TLS
implementations are due to memory safety and support for outdated ciphersuites.
This TLS reverse proxy is deployed on various websites, including [Real World
OCaml](https://realworldocaml.org) since 2015.