sslh accepts connections in HTTP, HTTPS, SSH, OpenVPN, tinc, XMPP, or any other protocol that can be tested using a regular expression, on the same port. This makes it possible to connect to any of these servers on port 443 (e.g. from inside corporate firewalls, which almost never block port 443) while still serving HTTPS on that port.
|Tags||Networking Firewalls Internet Proxy Servers|
|Operating Systems||Unix POSIX Mac OS X|
Release Notes: The OpenVPN probe has been corrected to support pre-shared secret mode (the OpenVPN port-sharing code is wrong). New features include an actual TLS/SSL probe, a configurable --on-timeout protocol specification, and an --anyprot protocol probe (equivalent to what --ssl was). Makefile now respects the user's compiler and CFLAG choices (falling back to the current values if undefined), as well as LDFLAGS. "After" and "KillMode" have been added to systemd.sslh.service. Standard LSB tags have been added to etc.init.d.sslh.
Release Notes: This release supports a configuration file. New protocol probes can be defined using regular expressions that match the first packet sent by the client. sslh now connects timed out connections to the first configured protocol instead of 'ssh' (just make sure that SSH is the first defined protocol). It now tries protocols in the order in which they are defined (just make sure sslh is the last defined protocol).
Release Notes: The default behavior of the --user and --pidfile options has been changed to not change the user or create a pidfile, if not specified. This simplifies integration with systemd and launchd. An HTTP protocol probe has been added.
Release Notes: This release now works with FreeBSD and supports XMPP. It will try target addresses in turn until one works if there are several (e.g., "localhost:22" resolves to an IPv6 address and an IPv4 address and sshd does not listen on IPv6). sslh-fork has been fixed so that killing the head process kills the listener processes. This release introduces a better test suite.
Release Notes: This release supports IPv6, has more comprehensive logs, introduces long options, adds binding to multiple addresses, and supports tinc (experimental). Warning: options have changed, and you'll need to update your start-up scripts. The log format has changed, and you'll need to update log processing scripts.