3 tlssrv, tlsclient, tlssrvtunnel, tlsclienttunnel \- TLS server and client
84 is a helper program, typically exec'd in a
86 file to establish an SSL or TLS connection before launching
89 a typical command might start the IMAP or HTTP server.
91 is the server certificate;
93 should hold the corresponding private key.
96 is by convention the same as for the target server.
98 is mainly used for logging.
105 authentication is run before the TLS handshake and the resulting
106 plan9 session secret is used as a pre-shared key for TLS encryption.
107 This enables the use of TLS without certificates and also runs
108 the server command as the authorized user when the
119 between the network connection
120 and standard input and output or executes
122 with standard input and output redirected to the connection.
125 flag enables some debug output.
126 Specifying a certificate in pem(8) format with the
128 flag, causes the client to submit this certificate upon
129 server's request. A corresponding key has to be present in
134 (and, optionally, the
137 is given, the remote server must present a key
138 whose SHA1 hash is listed in
145 for more information. The
147 option passes the string
149 in the TLS hello message (Server Name Idenfitication)
150 which is usefull when talking to webservers.
153 option was specified,
155 is interpreted as a filename to be opend read-write instead of
165 to provide TLS network tunnels, allowing legacy
166 application to take advantage of TLS encryption.
168 Listen for TLS-encrypted IMAP by creating a server certificate
169 .B /sys/lib/tls/imap.pem
170 and a listener script
171 .B /bin/service.auth/tcp993
176 exec tlssrv -c/sys/lib/tls/imap.pem -limap4d -r`{cat $3/remote} \e
177 /bin/ip/imap4d -p -dyourdomain -r`{cat $3/remote} \e
181 Interact with the server, putting the appropriate hash into
186 tlsclient -t /sys/lib/tls/mail tcp!server!imaps
189 Create a TLS-encrypted VNC connection from a client on
196 mosc% tlssrvtunnel tcp!moscvax!5903 tcp!*!12345 \e
197 /usr/you/lib/cert.pem
198 krem% tlsclienttunnel tcp!moscvax!12345 tcp!*!5905 \e
199 /usr/you/lib/cert.thumb
203 (The port numbers passed to the VNC tools are offset by 5900 from the
204 actual TCP port numbers.)
209 .B /sys/src/cmd/tlssrv.c
211 .B /sys/src/cmd/tlsclient.c
213 .B /rc/bin/tlssrvtunnel
215 .B /rc/bin/tlsclienttunnel