A simple SSL/TLS proxy with mutual authentication for securing non-TLS services.
Second release candidate for 1.6.0, fixes ordering of TLS 1.3 cipher suites.
First release candidate for v1.6.0
Changes
Other
Updated Go to 1.15 and bumped dependencies to latest versions.
New Features Allow serving /_status and /_metrics via HTTP by explicitly setting http:// prefix in status flag (#295)
Other New Docker images are now available for arm64/armv7 via the ghostunnel/ghostunnel repo (#313)
New Features
Bugfixes & Other Changes
This release is the same as v1.5.0, but compiled with Go 1.12.12 to address CVE-2019-16276.
New Features
Bug fixes & more
Contains fixes a couple of bugs found in the previous release candidate, namely (1) a bug where running in client mode w/o a cert could panic if a cert was requested by the server and (2) a bug in the cipher suite flag validation logic.
Release candidate for 1.5.0, featuring support for the SPIFFE workload API, socket activation for systemd (Linux) and launchd (macOS), and a host of smaller changes.
Fixes a bug (#221) with the --disable-authentication
flag in server mode, wherein a client that would send a client certificate despite authentication being disabled would get rejected (fixed in #222). We also added some examples to the man page in this release.
New features
--proxy-protocol
flag on startup. Note that the backend must also support the PROXY protocol and must be configured to use it when setting this option.--quiet
flag, such as --quiet=conns
or --quiet=handshake-errs
. You can pass this flag repeatedly if you want to silence multiple different kinds of log messages. In particular --quiet=handshake-errs
is useful if you want to silence handshake errors caused by TCP health checks when running in Kubernetes.Other
--cert
/--key
to load certificate chain/private key from separate files.