tlswrapper(1) | General Commands Manual | tlswrapper(1) |
tlswrapper - TLS encryption wrapper
tlswrapper [ options ] prog
The tlswrapper is an TLS encryption wrapper between remote client and local program prog. Systemd.socket/inetd/tcpserver/... creates the server connection, tlswrapper encrypts/decrypts data stream and reads/writes data from/to the program prog as follows:
Internet <--> systemd.socket/inetd/tcpserver/... <--> tlswrapper <--> prog
Separate process for every connection
The tlswrapper is executed from systemd.socket/inetd/tcpserver/... which runs separate instance of tlswrapper for each TLS connection. It ensures that a vulnerability in the code (e.g. bug in the TLS library) can't be used to compromise the memory of another connection.
Separate process for network connection and separate process for secret-key operation
To protect against secret-information leaks to the network connection (such Heartbleed) tlswrapper runs two independent processes for every TLS connection. One process holds secret-keys and runs secret-keys operations and second talks to the network. Processes communicate with each other through UNIX pipes.
JAIL - Privilege separation, filesystem isolation, limits
The tlswrapper processes run under dedicated non-zero uid to prohibit kill, ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets ulimits to prohibit forks.
PEM files
The tlswrapper uses for simplicity both secret-key and certificates in one PEM file. When the server starts, runs two independent UNIX processes, one for network communication, second for secret-key operations. The network-process is immediately jailed and starts TLS handshake. Secret-key-process starts under root privileges, waits when network-process receives SNI extension from client-hello packet. Then the network-process assemble the PEM filename and sends the name to the secret-key-process. Secret-key-process loads the PEM file and immediately is jailed and drops it's privileges. Since here both processes runs jailed (see JAIL above). Note that PEM files are loaded under root privileges, but parsed in jailed unpriviledged process. It ensures that a vulnerability in the parsing code can't be used to gain root privileges/information. Warning: For security reasons tlswrapper does not allow dots immediately after slashes in file names. It changes these dots to colons before attempting to open the PEM file.
TLS library
The tlswrapper uses BearSSL. BearSSL is an implementation
of the SSL/TLS protocol (RFC 5246) written in C. It aims at offering the
following features:
- Be correct and secure. In particular, insecure protocol versions and
choices of algorithms are not supported, by design; cryptographic algorithm
implementations are constant-time by default.
- Be small, both in RAM and code footprint. For instance, a minimal server
implementation may fit in about 20 kilobytes of compiled code and 25
kilobytes of RAM.
- Be highly portable. BearSSL targets not only big operating systems like
Linux and Windows, but also small embedded systems and even special contexts
like bootstrap code.
- Be feature-rich and extensible. SSL/TLS has many defined cipher suites and
extensions; BearSSL should implement most of them, and allow extra algorithm
implementations to be added afterwards, possibly from third parties.
TLS version (-m option -M option) | ||
tls10 | TLS 1.0 | optional |
tls11 | TLS 1.1 | optional |
tls12 | TLS 1.2 | default |
tls13 | TLS 1.3 | TODO |
ciphers (-c option) | ||
CHACHA20_POLY1305_SHA256 | ChaCha20+Poly1305 encryption (TLS 1.2+) | default |
AES_256_GCM_SHA384 | AES-256/GCM encryption (TLS 1.2+) | default |
AES_128_GCM_SHA256 | AES-128/GCM encryption (TLS 1.2+) | default |
AES_256_CBC_SHA384 | AES-256/CBC + SHA-384 (TLS 1.2+) | optional |
AES_128_CBC_SHA256 | AES-128/CBC + SHA-384 (TLS 1.2+) | optional |
AES_256_CBC_SHA | AES-256/CBC + SHA-1 | optional |
AES_128_CBC_SHA | AES-128/CBC + SHA-1 | optional |
ephemeral (-e option) | ||
x25519 | ECDHE using X25519 | default |
secp256r1 | ECDHE using NIST P-256 | default |
secp384r1 | ECDHE using NIST P-384 | optional |
secp521r1 | ECDHE using NIST P-521 | optional |
Run tlswrapper using tcpserver/busybox/inetd on port 443.
tcpserver -HRDl0 0 443 tlswrapper [ options ] prog busybox tcpsvd 0 443 tlswrapper [ options ] prog inetd.conf line: https stream tcp nowait root /usr/bin/tlswrapper tlswrapper [ options ] prog
Simple usage, use one '/etc/.../rsa.pem' certificate:
... tlswrapper -f '/etc/.../rsa.pem' ...
Use '/etc/.../ecdsa.pem' certificate and fall-back to '/etc/.../rsa.pem' certificate, if the client doesn't support previous one.
... tlswrapper -f '/etc/.../ecdsa.pem' -f '/etc/.../rsa.pem' ...
Use certificate '/etc/.../rsa.d/{hostname}' where {hostname} is extracted from the SNI extension:
... tlswrapper -d '/etc/.../rsa.d/' ...
Use certificate '/etc/.../ecdsa.d/{hostname}' where {hostname} is extracted from the SNI extension, and fall-back to '/etc/.../rsa.d/{hostname}', if the client doesn't support previous one.
... tlswrapper -d '/etc/.../ecdsa.d/' -d '/etc/.../rsa.d/' ...
Use certificate '/etc/.../ecdsa.d/{hostname}' where {hostname} is extracted from the SNI extension, and fall-back to '/etc/.../rsa.pem', if the client doesn't support previous one.
... tlswrapper -d '/etc/.../ecdsa.d/' -f '/etc/.../rsa.pem' ...
Enable TLS 1.0 - TLS 1.2 and all supported algorithms:
... tlswrapper -m tls10 \
-M tls12 \
-c CHACHA20_POLY1305_SHA256 \
-c AES_256_GCM_SHA384 \
-c AES_128_GCM_SHA256 \
-c AES_256_CBC_SHA384 \
-c AES_128_CBC_SHA256 \
-c AES_256_CBC_SHA \
-c AES_128_CBC_SHA \
-e x25519 \
-e secp256r1 \
-e secp384r1 \
-e secp521r1 \
...
Enable TLS 1.0 - TLS 1.2 and all supported algorithms, but different order (prefer AES128):
... tlswrapper -m tls10 \
-M tls12 \
-c CHACHA20_POLY1305_SHA256 \
-c AES_128_GCM_SHA256 \
-c AES_128_CBC_SHA256 \
-c AES_128_CBC_SHA \
-c AES_256_GCM_SHA384 \
-c AES_256_CBC_SHA384 \
-c AES_256_CBC_SHA \
-e x25519 \
-e secp256r1 \
-e secp384r1 \
-e secp521r1 \
...
Enable only 256-bit symmetric ciphers:
... tlswrapper -c CHACHA20_POLY1305_SHA256 \
-c AES_256_GCM_SHA384 \
-c AES_256_CBC_SHA384 \
-c AES_256_CBC_SHA \
...
Enable client certificate authentication:
... tlswrapper -a anchorCA.pem -f rsa.pem ...
Enable client certificate authentication, and run program under user extracted from client cert. from commonName:
... tlswrapper -a anchorCA.pem -U commonName -f rsa.pem ...
Enable client certificate authentication, and run program under user extracted from client cert. from emailAddress:
... tlswrapper -a anchorCA.pem -U emailAddress -f rsa.pem ...
tlswrapper-tcp(1), tlswrapper-smtp(1), systemd.socket(5), inetd(8), tcpserver(1)