[sslh] sslh v2.0-rc1 released

Yves Rutschle yves at rutschle.net
Tue Jun 7 19:35:20 UTC 2022


Hello all,

sslh-v2.0-rc1 is now available from the usual sources:
https://www.rutschle.net/tech/sslh/download.html

Here's the ChangeLog:

	New sslh-ev: this is functionaly equivalent to
	sslh-select (mono-process, only forks for specified
	protocols), but based on libev, which should make it
	scalable to large numbers of connections.

	New log system: instead of --verbose with arbitrary
	levels, there are now several message classes. Each
	message class can be set to go to stderr, syslog, or
	both. Classes are documented in example.cfg.

	UDP connections are now managed in a hash to avoid
	linear searches. The downside is that the number of
	UDP connections is a hard limit, configurable with
	the 'udp_max_connections', which defaults to 1024.
	Timeouts are managed with lists.

	inetd merges stderr output to what is sent to the
	client, which is a security issue as it might give
	information to an attacker. When inetd is activated,
	stderr is forcibly closed.

	New protocol-level option `resolve_on_forward`,
	requests that target names are resolved at each
	connection instead of at startup. Useful for dynamic
	DNS situations. (Paul Schroeder/milkpirate)


Why 2.0? Because I feel like sslh has reached a stable point
with a large amount of mature functionality, in particular with the
inclusion of the libev version, and support for UDP
protocols.

Why rc1? Because the UDP protocols, and in particular the
hash-based lookups, need production testing.

Thanks in advance to all those who'll help with testing!
Cheers,
Y.


More information about the sslh mailing list