package tlstunnel

  1. Overview
  2. Docs

TLS tunnel -- a TLS reverse proxy

Who needs a stunnel if you have a tls tunnel?

tlstunnel is picky; it won't accept connections:

  • which do not contain the secure renegotiation extension

  • which speak SSL version 3

  • if the given certificate chain is not valid (or contains an X.509 version 1 certificate, or less than 1024 bits RSA public key


You first need OCaml (at least 4.02.0) and OPAM (at least 1.2.2) from your distribution.

Run opam install tlstunnel after opam init finished.


A sample command line is:

tlstunnel -b -f 4433 -cert server.pem

which listens on TCP port 4433 with the given certificate chain and private key (both in server.pem), and forwards connections to on port 8080.

An optional argument is -l FILE to log into a file instead of to stdout. Try --help for all command line arguments.