socat - how to listen on non-ssl TCP and forward to ssl TCP endpoint?

Question

socat - how to listen on non-ssl TCP and forward to ssl TCP endpoint?

8.6k views Asked by Chris Snow At 05 September 2017 at 08:23

I have seen an example of using socat to accept ssl TCP traffic and forward the traffic to a non-ssl host:

socat TCP-LISTEN:443,reuseaddr,fork "^OPENSSL-SERVER,cert=server.pem | TCP:somehost:80"

Is it possible to do the opposite? I.e. I have a remote host that is ssl enabled and requires a client certificate, but my client is only able to connect via non-ssl connections.

I understand the security implications of this approach.

Original Q&A

There are 1 answers

**Chris Snow** · Accepted Answer · 2017-09-05 08:40:13

Chris Snow On 05 September 2017 at 08:40 BEST ANSWER

The answer for me was:

$ socat TCP-LISTEN:51000,fork,reuseaddr OPENSSL:remotehost:51000,cafile=certificate.pem,verify=0

The certificate didn't match the hostname so I had to switch off verification (verify=0)

TechQA.

socat - how to listen on non-ssl TCP and forward to ssl TCP endpoint?

There are 1 answers

Related Questions in SSL

Related Questions in TCP

Related Questions in SOCAT

Popular Questions

Popular Tags

Trending Questions