Hello Paul!
On Tue, 24 Dec 2019 at 10:32 +1300, you wrote to me:
AF>> Actually I did it just for fun as a PoC. My system is reachable
AF>> both via binkp and binkps on a single port - 24554. It also uses
AF>> a LetsEncrypt certificate. You can try it.
PH> If you could share the steps I would love to repro this and test also
PH> :)
I have latest version of SSLH (built from source) running with this config:
=== Start of Windows Clipboard ===
verbose: 0;
foreground: true;
inetd: false;
numeric: true;
transparent: false;
timeout: 2;
user: "nobody";
pidfile: "/var/run/sslh.pid";
chroot: "/opt/sslh";
syslog_facility: "auth";
listen:
(
{ host: "0.0.0.0"; port: "24554"; },
{ host: "::"; port: "24554"; }
);
protocols:
(
{ name: "tls"; host: "127.0.0.1"; port: "24553"; },
{ name: "anyprot"; host: "192.168.1.2"; port: "24554"; }
);
on_timeout: "anyprot";
=== End of Windows Clipboard ===
And haproxy listening on 24553 with the following config:
=== Start of Windows Clipboard ===
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM
ssl-default-bind-options no-sslv3
# Custom
tune.ssl.default-dh-param 2048
defaults
log global
timeout connect 5000
timeout client 50000
timeout server 50000
listen binkps
mode tcp
bind 127.0.0.1:24553 ssl crt /etc/ssl/certs/bsrealm.net.pem
server binkd 192.168.1.2:24554
=== End of Windows Clipboard ===
Please note that latest SSLH has a bug in on_timeout (on-timeout) config
directive handling (see https://github.com/yrutschle/sslh/issues/253) so maybe
it's a good idea to use version supplied by your distro.
... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net
--- GoldED+/W32-MSVC 1.1.5-b20180707
* Origin: Music Station | https://ms.bsrealm.net (2:5030/1997)
|