commit 80766e8d7d6b78f0c471717d3e3ec32f590bbf75
parent 39006a514a813efc24ad4e4db8392ac0c9a3c8a1
Author: parazyd <parazyd@dyne.org>
Date: Wed, 11 Sep 2019 19:28:00 +0200
Add support for plain TCP without TLS.
Diffstat:
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
@@ -5,7 +5,8 @@ tlstun is a simple Go program that will add TLS support for your
programs that do not have it.
It simply proxies from one TLS-listening host:port to another plaintext
-host:port.
+host:port. If TLS is not your thing, you can also proxy plain TCP
+traffic.
Installation
@@ -34,6 +35,8 @@ Usage of ./tlstun:
Path for Key file (default "server-key.pem")
-listen string
Listen address (default "127.0.0.1:7443")
+ -notls
+ Disable TLS and just tunnel plain TCP
-tlsver int
TLS version to use (11, 12, 13) (default 13)
-verbose
@@ -44,7 +47,8 @@ Usage of ./tlstun:
tlstun supports two different ways of multiplexing, one being normal TLS
proxying, and the other being TLS proxying with client certificate
-authentication.
+authentication. In addition to this, tlstun can also opt-out of TLS and
+proxy plain TCP without encryption by using the `-notls` flag.
### Without client verification
diff --git a/tlstun.go b/tlstun.go
@@ -39,6 +39,7 @@ var (
forward = flag.String("forward", "127.0.0.1:72", "Forward address")
client = flag.Bool("verifyclient", false, "Do client verification")
verbose = flag.Bool("verbose", false, "Verbose mode")
+ notls = flag.Bool("notls", false, "Disable TLS and just tunnel plain TCP")
tlsver = flag.Int("tlsver", 13, "TLS version to use (11, 12, 13)")
)
@@ -108,6 +109,10 @@ func server() (net.Listener, error) {
return nil, err
}
+ if *notls {
+ return t, nil
+ }
+
cfg, err := tlsConfig(*cert, *key)
if err != nil {
return nil, err
