22 lines
1 KiB
Text
22 lines
1 KiB
Text
---
|
|
title: TLS reverse proxy
|
|
author: someone
|
|
abstract: 
|
|
---
|
|
|
|
|
|
|
|
The [tlstunnel](https://github.com/hannesm/tlstunnel) is a proxy unikernel which
|
|
listens for TLS connections, and forwards requests to backend services, such as a
|
|
web server. The backend is chosen by inspecting the Server Name
|
|
Indication, a widely deployed extension of the TLS protocol, where a client
|
|
requests the server name to talk with during the TLS handshake.
|
|
|
|
The project is similar to others, such as stunnel or stud, but uses our TLS
|
|
implementation written in the memory-safe language OCaml, instead of one written
|
|
in C. The backend web servers don't need TLS support,
|
|
which lowers the maintainence burden. Most security problems in TLS
|
|
implementations are caused by unsafe memory handling and support for weak cryptographic primitives.
|
|
|
|
This TLS reverse proxy is deployed on various websites, including [Real World
|
|
OCaml](https://realworldocaml.org) since 2015.
|