Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Encrypted proxy/tunnel without SSL
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Encrypted proxy/tunnel without SSL

xyzxyz Member

I remember that someone here was recommending the use of some program which would enable TCP connections to be encrypted, as an alternative to SSL. It was quite some time ago, and I can't seem to find the post - does anyone remember what the program was?

The idea was quite simple: you have the TCP proxy running on both ends, which would encrypt/decrypt traffic using symmetric encryption (as opposed to asymmetric for SSL).

For example, if you wanted to use MySQL replication and encrypt the connection, instead of using the built-in SSL support, you'd have each MySQL instance connect to the local proxy/forwarder to have it encrypted. This avoids all the complexities of SSL when you can give each side a private key. And obviously this works with any TCP based network application where you control both sides.

Anyone remember what it was, or know something which does this?

Comments

  • NevilNevil Member

    ShadowSocks? Symmetric encrypted SOCKS5 proxy.

  • xyzxyz Member

    Probably should clarify more - it's more like a tunnel rather than a generic proxy.

    I presume a SOCKS proxy isn't transparent, so wouldn't work unfortunately.

  • vtund?

  • xyzxyz Member
    edited March 2016

    Thanks for the responses so far, but not quite it. I'm probably explaining it wrong, so I'll try an example.

    Assume your webserver doesn't support SSL. Say have have a reverse proxy setup like follows:

    ServerA:80 <--- HTTP ---> ServerB:80 <--- HTTP ---> Client
    (webserver)                 (proxy)
    

    You want the connection between ServerA and ServerB to be encrypted (ignore the client), so you add in something like stunnel:

    ServerA:80 <-> ServerA_stunnel:443 <--- HTTPS ---> ServerB_stunnel:443 <-> ServerB:80 <--- HTTP ---> Client
    

    Stunnel essentially creates a transparent encrypted tunnel between two TCP applications, even though neither support it.

    The application I'm looking for is like stunnel, only forwarding traffic to/from an exact port/IP combo (as opposed to arbitrary destination proxying), but uses symmetric encryption (private key) instead of SSL (public/private key).

  • BeardyUnixGuyBeardyUnixGuy Member
    edited March 2016

    @xyz, you could always use spipe for a simple symmetric key tunnel. It's written by an upstanding guy, Colin, who also does tarsnap.

    Thanked by 2xyz deadbeef
  • xyzxyz Member

    Exactly what I was looking for, thank you @BeardyUnixGuy !

Sign In or Register to comment.