debian/0000755000000000000000000000000012233475564007201 5ustar debian/stud.docs0000644000000000000000000000001212233475564011023 0ustar README.md debian/stud.postrm0000644000000000000000000000030512233475564011424 0ustar #!/bin/sh set -e #DEBHELPER# USER=_stud case "$1" in purge) deluser --system _stud || true delgroup --system _stud || true rm -rf /var/run/stud ;; esac exit 0 debian/source/0000755000000000000000000000000012233475564010501 5ustar debian/source/format0000644000000000000000000000001412233475564011707 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012233475564010630 5ustar debian/patches/only-use-syscall-futex-on-x86-and-x64.diff0000644000000000000000000000230412233475564020251 0ustar Description: disable USE_SYSCALL_FUTEX on architectures other than x86/x64 USE_SYSCALL_FUTEX seems to enable x86/x64 specific assembler With USE_SYSCALL_FUTEX disabled we also need to link in the pthread library Author: Peter Green Bug-Debian: http://bugs.debian.org/653040 Index: stud-0.3.new/Makefile =================================================================== --- stud-0.3.new.orig/Makefile 2011-12-22 23:48:09.000000000 +0000 +++ stud-0.3.new/Makefile 2011-12-23 00:17:44.000000000 +0000 @@ -15,10 +15,24 @@ # Shared cache feature ifneq ($(USE_SHARED_CACHE),) -CFLAGS += -DUSE_SHARED_CACHE -DUSE_SYSCALL_FUTEX +CFLAGS += -DUSE_SHARED_CACHE OBJS += shctx.o ebtree/libebtree.a ALL += ebtree +DEB_HOST_ARCH ?=$(shell dpkg-architecture -qDEB_HOST_ARCH) +#USE_SYSCALL_FUTEX depends on x86/x64 specific assembler code +#and afaict FUTEXes are linux-specific +ifeq ($(DEB_HOST_ARCH),i386) +CFLAGS += -DUSE_SYSCALL_FUTEX +else +ifeq ($(DEB_HOST_ARCH),amd64) +CFLAGS += -DUSE_SYSCALL_FUTEX +else +#we are on neither i396 or amd64, we need to link the pthread library +LDFLAGS += -lpthread +endif +endif + ebtree/libebtree.a: $(wildcard ebtree/*.c) make -C ebtree ebtree: debian/patches/kill-children-on-sigterm.patch0000644000000000000000000000321712233475564016457 0ustar Description: Fix to handle children termination Author: Louis Bouchard Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725797 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/stud/+bug/1123950 --- Index: stud-0.3/stud.c =================================================================== --- stud-0.3.orig/stud.c 2013-10-24 15:05:33.624471842 +0200 +++ stud-0.3/stud.c 2013-10-24 15:07:41.504479870 +0200 @@ -1217,6 +1217,21 @@ } } +/* Handle children process termination. + Display error if needed but continue and + exits at the end of the list */ +static void terminate_children() +{ + int i = 0; + + for (i = 0; i < OPTIONS.NCORES; i++) { + if (kill(child_pids[i], SIGTERM) < 0) { + perror("stud:terminate_children - "); + } + } + exit(0); +} + void init_signals() { struct sigaction act; @@ -1238,6 +1253,21 @@ fail("sigaction - sigchld"); } + +/* Enable specific SIGTERM handling by the parent proc + It becomes responsible for terminating children. */ +void handle_sigterm() { + struct sigaction act; + + sigemptyset(&act.sa_mask); + act.sa_flags = 0; + + act.sa_handler = terminate_children; + + if (sigaction(SIGTERM, &act, NULL) < 0) + fail("sigaction - sigterm"); +} + /* Process command line args, create the bound socket, * spawn child (worker) processes, and respawn if any die */ int main(int argc, char **argv) { @@ -1262,6 +1292,8 @@ start_children(0, OPTIONS.NCORES); + handle_sigterm(); + for (;;) { /* Sleep and let the children work. * Parent will be woken up if a signal arrives */ debian/patches/enable-hardening.diff0000644000000000000000000000123512233475564014646 0ustar Description: use `dpkg-buildflags` for generic CFLAGS and LDFLAGS to use. Author: Vincent Bernat diff --git a/Makefile b/Makefile index fab684f..b0dc5ac 100644 --- a/Makefile +++ b/Makefile @@ -7,9 +7,9 @@ PREFIX = /usr/local BINDIR = $(PREFIX)/bin MANDIR = $(PREFIX)/share/man -CFLAGS = -O2 -g -std=c99 -fno-strict-aliasing -Wall -W -D_GNU_SOURCE -LDFLAGS = -lssl -lcrypto -lev +CFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS) -std=c99 -fno-strict-aliasing -Wall -W -D_GNU_SOURCE +LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) -lssl -lcrypto -lev OBJS = stud.o ringbuffer.o all: realall debian/patches/kfreebsd-no-keepidle.patch0000644000000000000000000000122312233475564015626 0ustar Description: fix compilation on kFreeBSD for which TCP_KEEPIDLE is not available Author: Vincent Bernat diff --git a/stud.c b/stud.c index 4b76cba..62b3dc5 100644 --- a/stud.c +++ b/stud.c @@ -201,11 +201,13 @@ static void settcpkeepalive(int fd) { ERR("Error activating SO_KEEPALIVE on client socket: %s", strerror(errno)); } +#ifdef TCP_KEEPIDLE optval = OPTIONS.TCP_KEEPALIVE; optlen = sizeof(optval); if(setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &optval, optlen) < 0) { ERR("Error setting TCP_KEEPIDLE on client socket: %s", strerror(errno)); } +#endif } static void fail(const char* s) { debian/patches/series0000644000000000000000000000021312233475564012041 0ustar only-use-syscall-futex-on-x86-and-x64.diff enable-hardening.diff kfreebsd-no-keepidle.patch as-needed.patch kill-children-on-sigterm.patch debian/patches/as-needed.patch0000644000000000000000000000207012233475564013475 0ustar Description: fix FTBFS binutils with ld as-needed libraries must be placed behind objects needing them Author: Mahyuddin Susanto Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/stud/+bug/913640 --- a/Makefile +++ b/Makefile @@ -8,7 +8,8 @@ BINDIR = $(PREFIX)/bin MANDIR = $(PREFIX)/share/man CFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS) -std=c99 -fno-strict-aliasing -Wall -W -D_GNU_SOURCE -LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) -lssl -lcrypto -lev +LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) +LIBS = -lssl -lcrypto -lev OBJS = stud.o ringbuffer.o all: realall @@ -30,7 +30,8 @@ ifeq ($(DEB_HOST_ARCH),amd64) CFLAGS += -DUSE_SYSCALL_FUTEX else #we are on neither i396 or amd64, we need to link the pthread library -LDFLAGS += -lpthread +LDFLAGS += -pthread +CFLAGS += -pthread endif endif @@ -46,7 +47,7 @@ ALL += stud realall: $(ALL) stud: $(OBJS) - $(CC) $(LDFLAGS) -o $@ $^ + $(CC) $(LDFLAGS) -o $@ $^ $(LIBS) install: $(ALL) install -d $(DESTDIR)$(BINDIR) debian/copyright0000644000000000000000000000467712233475564011152 0ustar Format: http://dep.debian.net/deps/dep5 Upstream-Name: stud Source: https://gitub.com/bumptech/stud Files: * Copyright: 2011 Jamie Turner License: BSD-2-Clause Files: etree/* Copyright: 2002-2011 - Willy Tarreau License: LGPL-2.1 Files: debian/* Copyright: 2011 Christo Buschek 2011 Vincent Bernat License: BSD-2-Clause License: BSD-2-Clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: LGPL-2.1 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, version 2.1 exclusively. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'. debian/stud.dirs0000644000000000000000000000002112233475564011034 0ustar usr/bin etc/stud debian/rules0000755000000000000000000000046412233475564010265 0ustar #!/usr/bin/make -f # -*- makefile -*- %: dh $@ override_dh_auto_configure: override_dh_auto_install: override_dh_auto_build: make USE_SHARED_CACHE=1 #auto clean is insufficient, clean up some stuff manually override_dh_clean: dh_clean rm -rf build_dir rm -f *.o rm -f ebtree/*.o rm -f ebtree/*.a debian/README.Debian0000644000000000000000000000065012233475564011243 0ustar stud does not have any configuration file. You can setup some options in "/etc/default/stud" then configure any number of stud instances by creating configuration files in /etc/stud. Those files should be suffixed by ".conf" and must define two variables: OPTIONS and CERT. For example: OPTIONS="-f *,443 -b 127.0.0.1,8445" CERT="/etc/ssl/stud.pem" -- Vincent Bernat , Fri, 23 Sep 2011 15:01:22 +0200 debian/stud.manpages0000644000000000000000000000001612233475564011672 0ustar debian/stud.8 debian/stud.install0000644000000000000000000000001512233475564011544 0ustar stud usr/bin debian/compat0000644000000000000000000000000212233475564010377 0ustar 8 debian/stud.default0000644000000000000000000000040112233475564011521 0ustar # Stud defaults # Location of configuration files for stud # FILES="/etc/stud/*.conf" # $CHROOT and $USER are defined in /etc/init.d/stud but you can # override them if needed. # Options common for all stud instances COMMON_OPTIONS="-r $CHROOT -u $USER" debian/stud.init.d0000644000000000000000000001001412233475564011263 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: stud # Required-Start: $remote_fs $network $local_fs # Required-Stop: $remote_fs $network $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: The Scalable TLS Unwrapping Daemon # Description: stud is a network proxy that terminates TLS/SSL # connections and forwards the unencrypted traffic # to some backend. ### END INIT INFO # Author: Christo Buschek # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC=stud NAME=stud DAEMON=/usr/bin/stud SCRIPTNAME=/etc/init.d/$NAME FILES="/etc/stud/*.conf" CHROOT="/var/run/stud" USER="_stud" [ -x $DAEMON ] || exit 0 [ -r /etc/default/$NAME ] && . /etc/default/$NAME stat -t $FILES > /dev/null 2>&1 || exit 0 . /lib/lsb/init-functions do_chroot() { oldumask=$(umask) umask 022 [ -d $CHROOT ] || mkdir -p $CHROOT umask $oldumask } do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started do_chroot notfound=1 for conf in $FILES; do if test -f $conf; then BASE=$(basename $conf) PIDFILE=/var/run/stud.${BASE}.pid . $conf if ! start-stop-daemon --start --quiet --pidfile $PIDFILE \ --exec $DAEMON --test > /dev/null; then [ "$VERBOSE" != no ] && log_progress_msg "[Already running: ${BASE}]" else start-stop-daemon --start --quiet --pidfile $PIDFILE \ --exec $DAEMON -b -m -- \ $COMMON_OPTIONS $OPTIONS $CERT \ || { [ "$VERBOSE" != no ] && log_progress_msg "[Failed: ${BASE}]" return 2 } [ "$VERBOSE" != no ] && log_progress_msg "[Started: ${BASE}]" notfound=0 fi fi done return $notfound } do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred notfound=1 notstopped=0 for conf in $FILES; do if test -f $conf; then BASE=$(basename $conf) PIDFILE=/var/run/stud.${BASE}.pid . $conf start-stop-daemon --stop --quiet --retry=TERM/10/KILL/5 \ --pidfile $PIDFILE --name $NAME RETVAL="$?" if [ "$RETVAL" = 2 ]; then [ "$VERBOSE" != no ] && log_progress_msg "[Unable to stop: ${BASE}]" notstopped=1 else [ "$VERBOSE" != no ] && log_progress_msg "[Stop: ${BASE}]" rm -f $PIDFILE fi fi done [ $notstopped -eq 1 ] && return 2 [ $notfound -eq 1 ] && return 1 return 0 } # # Get the status of each daemon # do_status() { RETVAL=0 for conf in $FILES; do if test -f $conf; then BASE=$(basename $conf) PIDFILE=/var/run/stud.${BASE}.pid . $conf status=0 pidofproc -p $PIDFILE $DAEMON > /dev/null || status="$?" case "$status" in 0) log_progress_msg "[${BASE}: ok]" ;; 4) log_progress_msg "[${BASE}: cannot read PID file]" RETVAL=$status ;; *) log_progress_msg "[${BASE}: not running]" RETVAL=$status ;; esac fi done return $RETVAL } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; status) log_daemon_msg "Checking status of $DESC" "$NAME" do_status log_end_msg "$?" exit "$?" ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2 exit 3 ;; esac : debian/watch0000644000000000000000000000044212233475564010232 0ustar version=3 opts=uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|b|a)\d*)$/$1~$2/,dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$// \ https://github.com/bumptech/stud/tags .*/(\d.*)\.(?:tgz|tbz2|txz|tar\.(?:gz|bz2|xz)) # Bart Martens Sat, 22 Dec 2012 15:35:34 +0000 debian/changelog0000644000000000000000000000312412233475564011053 0ustar stud (0.3-6) unstable; urgency=low [ Louis Bouchard ] * debian/patches/kill-children-on-sigterm.patch Fix stud to handle termination of children processes Closes: #725797 [ Vincent Bernat ] * Not an NMU. -- Vincent Bernat Mon, 28 Oct 2013 15:56:40 +0100 stud (0.3-5) unstable; urgency=low * Fix FTBFS when using --as-needed on non x86 arch. -- Vincent Bernat Sat, 08 Jun 2013 23:08:58 +0200 stud (0.3-4) unstable; urgency=low * Add missing epoch to libev-dev dependency. * Fix FTBFS when using --as-needed. Patch from Julian Taylor. Closes: #710384 * Fix Vcs-* links. * Update debian/watch file, thanks to Bart Martens. * Bump Standards-Version. * Drop use of /lib/init/vars.sh in init.d script. * Remove Christo Buschek from the uploader list. Closes: #706968. -- Vincent Bernat Fri, 31 May 2013 00:05:25 +0200 stud (0.3-3) unstable; urgency=low * Fix FTBFS on kFreeBSD due to missing TCP_KEEPIDLE definition. -- Vincent Bernat Mon, 25 Jun 2012 08:25:20 +0200 stud (0.3-2) unstable; urgency=low * Update debian/watch to use githubredir.debian.net. * Fix FTBFS issues due to the use of x86/x86_64 assembly. Patch from Peter Green. Closes: #653040. * Add "init" subcommand to /etc/init.d/stud. * Bump Standards-Version. * Enable hardening flags. -- Vincent Bernat Sun, 24 Jun 2012 13:29:02 +0200 stud (0.3-1) unstable; urgency=low * Initial release (Closes: #636072) -- Vincent Bernat Fri, 09 Dec 2011 19:53:41 +0100 debian/stud.postinst0000755000000000000000000000042112233475564011765 0ustar #!/bin/sh set -e if ! ([ "$1" = "configure" ] || [ "$1" = "reconfigure" ]); then exit 0 fi USER=_stud adduser --system --disabled-password --disabled-login \ --home /var/run/stud --quiet --force-badname \ --no-create-home --group "$USER" #DEBHELPER# exit 0 debian/control0000644000000000000000000000157512233475564010614 0ustar Source: stud Section: net Priority: extra Maintainer: Debian stud Maintainers Uploaders: Vincent Bernat Build-Depends: debhelper (>= 8.1.3~), libev-dev (>= 1:4), libssl-dev (>=1.0.0) Standards-Version: 3.9.4 Homepage: https://github.com/bumptech/stud Vcs-Git: git://anonscm.debian.org/pkg-stud/pkg-stud.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-stud/pkg-stud.git Package: stud Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, adduser Description: scalable TLS unwrapping daemon stud is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines. stud has very few features -- it's designed to be paired with an intelligent backend like haproxy or nginx. debian/stud.80000644000000000000000000000762512233475564010263 0ustar .\" Copyright (c) 2011 Vincent Bernat .\" .\" Redistribution and use in source and binary forms, with or without modification, are .\" permitted provided that the following conditions are met: .\" .\" 1. Redistributions of source code must retain the above copyright notice, this list of .\" conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright notice, this list .\" of conditions and the following disclaimer in the documentation and/or other materials .\" provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY BUMP TECHNOLOGIES, INC. ``AS IS'' AND ANY EXPRESS OR IMPLIED .\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND .\" FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BUMP TECHNOLOGIES, INC. OR .\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON .\" ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING .\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" The views and conclusions contained in the software and documentation are those of the .\" authors and should not be interpreted as representing official policies, either expressed .\" or implied, of Bump Technologies, Inc. .\" .Dd $Mdocdate: September 23 2011 $ .Dt STUD 8 .Os .Sh NAME .Nm stud .Nd The Scalable TLS Unwrapping Daemon .Sh SYNOPSIS .Nm .Op Fl -tls .Op Fl -ssl .Op Fl c Ar ciphers .Op Fl b Ar host,port .Op Fl f Ar host,port .Op Fl n Ar cores .Op Fl r Ar path .Op Fl u Ar username .Op Fl -write-ip .Op Fl -write-proxy .Ar certificate.pem .Sh DESCRIPTION .Nm is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines. .Pp .Nm has very few features -- it's designed to be paired with an intelligent backend like haproxy or nginx. It maintains a strict 1:1 connection pattern with this backend handler so that the backend can dictate throttling behavior, maxmium connection behavior, availability of service, etc. .Pp The only required argument is a path to a PEM file that contains the certificate (or a chain of certificates) and private key. It should also contain DH parameter if you wish to use Diffie-Hellman cipher suites. .Pp The options are as follows: .Bl -tag -width Ds .It Fl -tls Use TLSv1 (default). .It Fl -ssl Use only SSLv3 and no TLSv1. .It Fl c Ar ciphers Set allowed ciphers using the same format as .Ic openssl ciphers . For example, you can use .Ar RSA:!COMPLEMENTOFALL . .It Fl b Ar host,port Define backend. Default is .Ar 127.0.0.1,8000 . Incoming connections will be unwrapped and sent to this IP and port. .It Fl f Ar host,port Define frontend. Default is .Ar *,8443 . Incoming connections will be accepted to this IP and port and will be sent to the backend defined above. .It Fl n Ar cores Use .Ar cores worker processes. Default is 1. .It Fl r Ar path Chroot to the given path. By default, no chroot is done. .It Fl u Ar username Set GID/UID after binding the socket. By default, no privilege is dropped. .It Fl -write-ip Write 1 octet with the IP family followed by the IP address in 4 (IPv4) or 16 (IPv6) octets little-endian to backend before the actual data. .It Fl -write-proxy Write HaProxy's PROXY (IPv4 or IPv6) protocol line before actual data. .El .Sh SEE ALSO .Xr ciphers 1SSL , .Xr dhparam 1SSL , .Xr haproxy 1 .Sh AUTHORS .Nm was originally written by Jamie Turner (@jamwt) and is maintained by the Bump server team. It currently provides server-side TLS termination for over 40 million Bump users.