crywrap: Simple tcp/ip service encryption using tls/ssl

OPTIONS

CryWrap takes the following options:

Required options

--destionation (-d) HOST/PORT: The destionation host and address, where CryWrap should connect to. Both arguments are required.

TLS options

--anon (-a)

Enables Anon-DH mode. If enabled, no certificate will be sent to the client, and only anonymous sessions will be enabled.

Default is off.

--cert (-c) PATH

--key (-k) PATH

The public certificate to send to clients, and the private server key.

Default is /etc/crywrap/server.pem, unless --anon is also specified, in which case no certificate will be used. --ca (-z) PATH

A Certificate Authority certificate to be used for verification of client certificates.

--verify (-v) [LEVEL]

Set the level of client certificate verification. Level one simply logs the result, level two and above abort if the certificate could not be verified.

Default is 0.

Miscellaneous options

--inetd (-i)

Enable inetd-mode. Use this if you want to run CryWrap from inetd. If this option is not enabled, then --listen is a required option.

Default is off.

--listen (-l) HOST/PORT

The host and port CryWrap should listen on. HOST can be an IPv4 or IPv6 address, or a hostname, and is optional - if unspecified, CryWrap will listen on all available addresses. PORT is mandatory.

This option is required, unless CryWrap was put into inetd mode.

--pidfile (-P) PIDFILE

Write the pid thy runs with to PIDFILE.

Default is /var/run/crywrap.pid.

--user (-u) UID

UID is the numerical user id of the user thy should run as.

Default is 65534.

--version (-V)

Print the version number and exit.

--help (-?)

Print a verbose help screen and exit.

--usage

Print a short summary of options.

crywrap (8)

SYNOPSIS

DESCRIPTION

OPTIONS

Required options

TLS options

Miscellaneous options

EXAMPLES

Setting up pop3s

Setting up imaps with a different certificate

FILES

BUGS

AUTHOR