[sslh] sslh v2.0-rc1 released
Yves Rutschle
yves at rutschle.net
Tue Jun 7 19:35:20 UTC 2022
Hello all,
sslh-v2.0-rc1 is now available from the usual sources:
https://www.rutschle.net/tech/sslh/download.html
Here's the ChangeLog:
New sslh-ev: this is functionaly equivalent to
sslh-select (mono-process, only forks for specified
protocols), but based on libev, which should make it
scalable to large numbers of connections.
New log system: instead of --verbose with arbitrary
levels, there are now several message classes. Each
message class can be set to go to stderr, syslog, or
both. Classes are documented in example.cfg.
UDP connections are now managed in a hash to avoid
linear searches. The downside is that the number of
UDP connections is a hard limit, configurable with
the 'udp_max_connections', which defaults to 1024.
Timeouts are managed with lists.
inetd merges stderr output to what is sent to the
client, which is a security issue as it might give
information to an attacker. When inetd is activated,
stderr is forcibly closed.
New protocol-level option `resolve_on_forward`,
requests that target names are resolved at each
connection instead of at startup. Useful for dynamic
DNS situations. (Paul Schroeder/milkpirate)
Why 2.0? Because I feel like sslh has reached a stable point
with a large amount of mature functionality, in particular with the
inclusion of the libev version, and support for UDP
protocols.
Why rc1? Because the UDP protocols, and in particular the
hash-based lookups, need production testing.
Thanks in advance to all those who'll help with testing!
Cheers,
Y.
More information about the sslh
mailing list