Projects / sslh / Releases

All releases of sslh

  •  23 Mar 2014 17:53
Avatar

    Release Notes: Probes have been made more resilient to incoming data containing NULLs and now behave properly when receiving too-short packets to probe on the first incoming packet. Libcap support has been added to keep only CAP_NET_ADMIN if started as root with transparent proxying and dropping privileges (enable USELIBCAP in Makefile). This avoids having to mess with filesystem capabilities. Bugs related to getpeername which would cause sslh to quit erroneously have been fixed. IP_FREEDBIND is now set (if available) to bind to addresses which don't yet exist.

    •  27 Jul 2013 15:03
    Avatar

      Release Notes: The release adds transparent proxying so servers behind sslh see the connection as if it came from the outside, with its original IP address and port. It also corrects a couple of bugs which could crash sslh under heavy loads, especially in Cygwin.

      •  20 Dec 2012 19:55
      Avatar

        Release Notes: The OpenVPN probe has been corrected to support pre-shared secret mode (the OpenVPN port-sharing code is wrong). New features include an actual TLS/SSL probe, a configurable --on-timeout protocol specification, and an --anyprot protocol probe (equivalent to what --ssl was). Makefile now respects the user's compiler and CFLAG choices (falling back to the current values if undefined), as well as LDFLAGS. "After" and "KillMode" have been added to systemd.sslh.service. Standard LSB tags have been added to etc.init.d.sslh.

        •  08 May 2012 10:49
        Avatar

          Release Notes: This release supports a configuration file. New protocol probes can be defined using regular expressions that match the first packet sent by the client. sslh now connects timed out connections to the first configured protocol instead of 'ssh' (just make sure that SSH is the first defined protocol). It now tries protocols in the order in which they are defined (just make sure sslh is the last defined protocol).

          •  21 Apr 2012 17:01
          Avatar

            Release Notes: The default behavior of the --user and --pidfile options has been changed to not change the user or create a pidfile, if not specified. This simplifies integration with systemd and launchd. An HTTP protocol probe has been added.

            •  27 Nov 2011 11:09
            Avatar

              Release Notes: This release now works with FreeBSD and supports XMPP. It will try target addresses in turn until one works if there are several (e.g., "localhost:22" resolves to an IPv6 address and an IPv4 address and sshd does not listen on IPv6). sslh-fork has been fixed so that killing the head process kills the listener processes. This release introduces a better test suite.

              •  02 Aug 2011 19:42
              Avatar

                Release Notes: This release supports IPv6, has more comprehensive logs, introduces long options, adds binding to multiple addresses, and supports tinc (experimental). Warning: options have changed, and you'll need to update your start-up scripts. The log format has changed, and you'll need to update log processing scripts.

                •  15 Jul 2011 16:10
                Avatar

                  Release Notes: This release adds a single-threaded, select(2)-based version. It adds -o "OpenVPN" and OpenVPN probing and support. It adds support for "Bold" SSH clients (clients that speak first, e.g. ConnectBot). The log format has been changed to make it possible to link connections to subsequent logs from other services. The CentOS init.d script has been updated. A zombie issue with OpenBSD has been fixed. An -f "foreground" option, a test suite, and README.MacOSX have been added. Use with proxytunnel and corkscrew is documented in the README.

                  •  01 Feb 2010 13:54
                  Avatar

                    Release Notes: This release adds a CentOS init.d script, fixes a default SSL address inconsistency (it now defaults to "localhost:443", and the documentation has been fixed accordingly), no longer binds children to the listening socket (so a parent server can be stopped without killing an active child), and adds inetd support.

                    •  12 Jun 2009 13:18
                    Avatar

                      Release Notes: This release adds -V, a version option. The install target directory is configurable in the Makefile. The syslog prefix in auth.log has been changed to "sslh[%pid]". A man page has been added. There are new 'make install' and 'make install-debian' targets. The PID file is now specified using the -P command line option. Aombie generation has actually been fixed (the v1.5 patch was lost).

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.