TLSWrap v1.04
TLSWrap is a TLS/SSL FTP wrapper/proxy for UNIX and Windows, allowing you to
use your favourite FTP client with any TLS/SSL-enabled FTP server.
Features
- Full
encryption of both control and data connections (data encryption is
optional, see README) following the standard defined in RFC 4217.
- Allows existing FTP clients to support Transport Layer Security/Secure Socket Layer.
- Works on both UNIX and Windows.
- One process handles all connections (non-blocking I/O).
- A helper process does hostname lookups so the main process is free for other work during slow lookups.
- Both C source and Windows executables for both 32-bit (x86) and 64-bit (x64: AMD64 and EM64T) systems are available.
- Proper support for X.509 certificates, see here
- TLSWrap is also included as a package/port in Gentoo Linux, FreeBSD and grml - Linux Live-CD.
- Used/recommended by AT&T Worldnet, University of California at Berkeley, Katholieke Universiteit Leuven and others.
Tested on the following platforms
- NetBSD 2.0.2 (i386, Alpha)
- OpenBSD 3.0 (i386, Alpha)
- FreeBSD 6.1 (i386, Alpha)
- Solaris 7 (SPARC with both GCC and WorkShop Compilers 5.0 98/12/15 C 5.0)
- Solaris 9 (SPARC)
- Compaq Tru64 UNIX V5.1B (Alpha with both GCC and Compaq C V6.5-207)
- HP-UX 11i v2 (IA64 with both GCC and HP C/aC++ B3910B A.06.12 [Aug 17 2006])
- HP-UX 11i v2 (PA-RISC with both GCC and HHP92453-01 B.11.X.35098-35101.GP HP C Compiler)
- Debian GNU/Linux 2.2r5 (i386, StrongARM)
- Mac OS X v10.4 Tiger (PPC with GCC)
- Red Hat Enterprise Linux AS 4.0 (x64 and IA64 with GCC 3.4.3)
- Red Hat Enterprise Linux AS 4.0 (IA64 with Intel(R) C Itanium(R) Compiler 9.0)
- Red Hat Enterprise Linux AS 4.0 (i386 with Intel(R) C Compiler for 32-bit applications, Version 9.0)
- SuSE Linux Enterprise Server 10 (Itanium II)
- Ubuntu Linux 6.10 (i386)
- Windows 2000 (i386 with Cygwin)
- Windows 2000 (i386 with Intel(R) C++ Compiler for 32-bit applications, Version 8.1)
- Windows 2000 (i386 with Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8804 for 80x86)
- Windows XP Pro (i386 with Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50630 for 80x86)
- Windows XP Pro (i386 with Intel(R) C++ Compiler for 32-bit applications, Version 9.0)
- Windows XP Pro x64 (x64 with Intel(R) C++ Compiler for Intel(R) EM64T-based applications, Version 9.0)
- Windows XP Pro x64 (x64 with Microsoft (R) C/C++ Optimizing Compiler Version 14.00.50630 for x64)
- Windows Vista Business (i386 with Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80x86)
Recent changes
1.04
- The fixing of the silly memleak introduced a bug that could cause
crashes on some systems, fixed. Thanks to Jukka Anttonen for reporting
it.
- Upgraded TLSWTray to MFC 8.
1.03
- At least one ftpd can't handle PROT before USER, this is (unfortunately)
allowed by the TLS FTP spec so handle it properly.
- The debug mode crashed on Linux and probably some other OSes.
- It now is possible to build a version for Windows 9x/ME (which does not
have the possibility to run as a service). This is the first version
ever to work properly on this platform, as the old Cygwin version
didn't work on 9x.
- Improved the error handling for connection resets in the TLS handshake.
- Improved the error handling for connection attempts blocked by software
firewalls in Windows.
- Fixed a silly memleak.
- All binary distributions upgraded to OpenSSL 0.9.8d and MFC 8.
1.02
- Minor HP-UX fixes (UNIX95 vs UNIX98 vs current).
- Fixed detection of recent versions of the Intel compiler on Linux, to prevent a strange compilation error on Itanium systems.
- A small fix to work with the recently released OpenSSL 0.9.8.
- Since OpenSSL 0.9.8 supports 64-bit Windows (x64 and IA64), TLSWrap also
does:
I have provided an installer for Windows x64, just like for the normal x86
version. The installer is unfortunately 32-bit for now, but everything
else is 64-bit. The included OpenSSL DLL's are compiled with the Intel C++
Compiler 9.0 for EM64T and should in many cases have superior performance
compared to the 32-bit versions (I get twice the speed with AES on my EM64T
CPU, but the performance will vary with algorithm and CPU type).
I found a bug in OpenSSL 0.9.8 that broke DES encryption when using the
latest Intel compiler. The included DLL's have this fix applied and the
next official version of OpenSSL 0.9.8 will also have this fix.
1.01
- Fixed a bug in the startup code that could randomly prevent it from loading
on Windows XP Pro x64 Edition (and theoretically on other Windows versions).
- The Configuration Manager should not start if the TLSWrap service is not
installed, fixed. Improved some error messages.
1.00
- Added support for Active FTP (both PORT and EPRT modes supported).
- Added support for X.509 user certificates.
- Improved the certificate handling in the Configuration Manager (and updated
Windows pictures).
0.9
- There is now a native Windows version for Windows 2000/XP which can be installed as a Windows service. I added some
GUI tools to help configuring it. This version is a lot faster than the old Cygwin versions.
- TLSWrap now properly supports scalable Public Key Infrastructure (PKI) through X.509 certificates, see here.
- Various fixes and changes, including cached SSL sessions for data connections. See the ChangeLog for detailed information
on what has been fixed and changed.
Download
Version 1.04
README
ChangeLog
tlswrap-1.04.tar.gz
tlswrap-1.04-x86-setup.exe
tlswrap-1.04-x64-setup.exe (Works only on Windows XP x64 Edition and Windows Server 2003 x64 Edition, untested on Vista x64)
Version 1.03
README
ChangeLog
tlswrap-1.03.tar.gz
tlswrap-1.03-x86-setup.exe
tlswrap-1.03-x64-setup.exe (Works only on Windows XP x64 Edition and Windows Server 2003 x64 Edition, untested on Vista x64)
Version 1.02
README
ChangeLog
tlswrap-1.02.tar.gz
tlswrap-1.02-x86-setup.exe
tlswrap-1.02-x64-setup.exe (Works only on Windows XP x64 Edition and Windows Server 2003 x64 Edition)
Related links
lamefwd is a highly configurable single process port forwarder (TCP/UDP) for *BSD, Linux and Windows.
It is ment as a fast and lightweight alternative to portfwd.