All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Encrypted proxy/tunnel without SSL
I remember that someone here was recommending the use of some program which would enable TCP connections to be encrypted, as an alternative to SSL. It was quite some time ago, and I can't seem to find the post - does anyone remember what the program was?
The idea was quite simple: you have the TCP proxy running on both ends, which would encrypt/decrypt traffic using symmetric encryption (as opposed to asymmetric for SSL).
For example, if you wanted to use MySQL replication and encrypt the connection, instead of using the built-in SSL support, you'd have each MySQL instance connect to the local proxy/forwarder to have it encrypted. This avoids all the complexities of SSL when you can give each side a private key. And obviously this works with any TCP based network application where you control both sides.
Anyone remember what it was, or know something which does this?
Comments
ShadowSocks? Symmetric encrypted SOCKS5 proxy.
Probably should clarify more - it's more like a tunnel rather than a generic proxy.
I presume a SOCKS proxy isn't transparent, so wouldn't work unfortunately.
vtund?
Thanks for the responses so far, but not quite it. I'm probably explaining it wrong, so I'll try an example.
Assume your webserver doesn't support SSL. Say have have a reverse proxy setup like follows:
You want the connection between ServerA and ServerB to be encrypted (ignore the client), so you add in something like stunnel:
Stunnel essentially creates a transparent encrypted tunnel between two TCP applications, even though neither support it.
The application I'm looking for is like stunnel, only forwarding traffic to/from an exact port/IP combo (as opposed to arbitrary destination proxying), but uses symmetric encryption (private key) instead of SSL (public/private key).
@xyz, you could always use spipe for a simple symmetric key tunnel. It's written by an upstanding guy, Colin, who also does tarsnap.
Exactly what I was looking for, thank you @BeardyUnixGuy !