Softpedia >Mac >Network/Admin >sslh >  Changelog

sslh Changelog

What's new in sslh 1.17

Mar 10, 2015
  • Support RFC5952-style IPv6 addresses, e.g. [::]:443.
  • Transparant proxy support for FreeBSD. (Ruben van Staveren)
  • Using -F with no argument will try /etc/sslh/sslh.cfg and then /etc/sslh.cfg as configuration files. (argument to -F can no longer be separated from the option by a space, e.g. must be -Ffoo.cfg)
  • Call setgroups() before setgid() (fixes potential privilege escalation). (Lars Vogdt)
  • Use portable way of getting modified time for OSX support. (Aaron Madlon-Kay)
  • Example configuration for fail2ban. (Every Mouw)

New in sslh 1.16 (Mar 27, 2014)

  • Probes made more resilient, to incoming data containing NULLs. Also made them behave properly when receiving too short packets to probe on the first incoming packet. (Ondrej Kuzník)
  • Libcap support: Keep only CAP_NET_ADMIN if started as root with transparent proxying and dropping priviledges (enable USELIBCAP in Makefile). This avoids having to mess with filesystem capabilities. (Sebastian Schmidt/yath)
  • Fixed bugs related to getpeername that would cause sslh to quit erroneously (getpeername can return actual errors if connections are dropped before getting to getpeername).
  • Set IP_FREEDBIND if available to bind to addresses that don't yet exist.

New in sslh 1.15 (Jul 29, 2013)

  • Added--transparent option for transparent proxying. See README for iptables magic and capability management.
  • Fixed bug in sslh-select: if number of opened file descriptor became bigger than FD_SETSIZE, bad things would happen.
  • Fixed bug in sslh-select: if socket dropped while defered_data was present, sslh-select would crash.
  • Increased FD_SETSIZE for Cygwin, as the default 64 is too low for even moderate load.

New in sslh 1.14 (Jul 29, 2013)

  • sharing code is... wrong). Thanks to Kai Ellinger for help in investigating and testing.
  • Added an actual TLS/SSL probe.
  • Added configurable --on-timeout protocol specification.
  • Added a --anyprot protocol probe (equivalent to what --ssl was).
  • Makefile respects the user's compiler and CFLAG choices (falling back to the current values if undefined), as well as LDFLAGS. (Michael Palimaka)
  • Added "After" and "KillMode" to systemd.sslh.service (Thomas Weiflschuh).
  • Added LSB tags to etc.init.d.sslh (Thomas Varis).

New in sslh 1.13 (Jul 29, 2013)

  • Added --background, which overrides 'foreground' configuration file setting.
  • Added example systemd service file from Archlinux in scripts/ https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh

New in sslh 1.12 (May 9, 2012)

  • Added support for configuration file.
  • New protocol probes can be defined using regular expressions that match the first packet sent by the client.
  • sslh now connects timed out connections to the first configured protocol instead of 'ssh' (just make sure ssh is the first defined protocol).
  • sslh now tries protocols in the order in which they are defined (just make sure sslh is the last defined protocol).

New in sslh 1.11 (Apr 23, 2012)

  • WARNING: defaults have been removed for --user and --pidfile options, update your start-up scripts!
  • No longer stop sslh when reverse DNS requests fail for logging.
  • Added HTTP probe.
  • No longer create new session if running in foreground.
  • No longer default to changing user to 'nobody'. If --user isn't specified, just run as current user.
  • No longer create PID file by default, it should be explicitely set with --pidfile.
  • No longer log to syslog if in foreground. Logs are instead output to stderr.
  • The four changes above make it straightforward to integrate sslh with systemd, and should help with launchd.

New in sslh 1.10 (Nov 28, 2011)

  • Fixed calls referring to sockaddr length so they work with FreeBSD.
  • Try target addresses in turn until one works if there are several (e.g. "localhost:22" resolves to an IPv6 address and an IPv4 address and sshd does not listen on IPv6).
  • Fixed sslh-fork so killing the head process kills the listener processes.
  • Heavily cleaned up test suite. Added stress test t_load script. Added coverage (requires lcov).
  • Support for XMPP (Arnaud Gendre).
  • Updated README.MacOSX (Aaron Madlon-Kay).

New in sslh 1.9 (Aug 3, 2011)

  • WARNING: Options changed, you'll need to update your start-up scripts! Log format changed, you'll need to update log processing scripts!
  • Now supports IPv6 throughout (both on listening and forwarding)
  • Logs now contain IPv6 addresses, local forwarding address, and resolves names (unless --numeric is specified).
  • Introduced long options.
  • Options -l, -s and -o replaced by their long counterparts.
  • Defaults for SSL and SSH options suppressed (it's legitimate to want to use sslh to mux OpenVPN and tinc while not caring about SSH nor SSL).
  • Bind to multiple addresses with multiple -p options.
  • Support for tinc VPN (experimental).
  • Numeric logging option.

New in sslh 1.8 (Jul 18, 2011)

  • Changed log format to make it possible to link connections to subsequent logs from other services.
  • Updated CentOS init.d script (Andre Krajnik).
  • Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not propagated to the child process, so we set up signals after the fork.) (FranÁois FRITZ)
  • Added -o "OpenVPN" and OpenVPN probing and support.
  • Added single-threaded, select(2)-based version.
  • Added support for "Bold" SSH clients (clients that speak first) Thanks to Guillaume Ricaud for spotting a regression bug.
  • Added -f "foreground" option.
  • Added test suite. (only tests connexions. No test for libwrap, setsid, setuid and so on) and corresponding 'make test' target.
  • Added README.MacOSX (thanks Aaron Madlon-Kay)
  • Documented use with proxytunnel and corkscrew in README.