homepage-data/Projects/TLStunnel
2017-09-17 10:00:44 -04:00

22 lines
1 KiB
Text

---
title: TLS reverse proxy
author: someone
abstract: ![TLS reverse proxy](/static/img/reverse.png)
---
![TLS reverse proxy](/static/img/reverse.png)
The [tlstunnel](https://github.com/hannesm/tlstunnel) is a proxy unikernel which
listens for TLS connections, and forwards requests to backend services, such as a
web server. The backend is chosen by inspecting the Server Name
Indication, a widely deployed extension of the TLS protocol, where a client
requests the server name to talk with during the TLS handshake.
The project is similar to others, such as stunnel or stud, but uses our TLS
implementation written in the memory-safe language OCaml, instead of one written
in C. The backend web servers don't need TLS support,
which lowers the maintainence burden. Most security problems in TLS
implementations are caused by unsafe memory handling and support for weak cryptographic primitives.
This TLS reverse proxy is deployed on various websites, including [Real World
OCaml](https://realworldocaml.org) since 2015.