Provided by: crywrap_0.2.1-4_i386 bug


       CryWrap - Simple TCP/IP service encryption using TLS/SSL


       crywrap --listen HOST/PORT --destination HOST/PORT [options]


       CryWrap  is  a  simple  wrapper that waits for TLS/SSL connections, and
       proxies them to an unencrypted location.


       CryWrap takes the following options:

   Required options
       --destionation (-d) HOST/PORT
              The destionation host and address, where CryWrap should  connect
              to. Both arguments are required.

   TLS options
       --anon (-a)
              Enables Anon-DH mode. If enabled, no certificate will be sent to
              the client, and only anonymous sessions will be enabled.
              Default is off.

       --pem (-p) cert=PATH,key=PATH

       --pem (-p) PATH
              The public certificate to  send  to  clients,  and  the  private
              server  key.  If one of cert or key is omitted, the value of the
              other will be used for the missing one too.  If no cert= or key=
              tag is given, PATH will be used for both.
              Default   is  /etc/crywrap/server.pem,  unless  --anon  is  also
              specified, in which case no certificate will be used.

       --verify (-v) [LEVEL]
              Set the level of  client  certificate  verification.  Level  one
              simply  logs  the  result,  level  two  and  above  abort if the
              certificate could not be verified.
              Default is 0.

   Miscellaneous options
       --inetd (-i)
              Enable inetd-mode. Use this if you  want  to  run  CryWrap  from
              inetd.  If  this  option  is  not  enabled,  then  --listen is a
              required option.
              Default is off.

       --listen (-l) HOST/PORT
              The host and port CryWrap should listen on. HOST can be an  IPv4
              or   IPv6   address,  or  a  hostname,  and  is  optional  -  if
              unspecified, CryWrap will listen  on  all  available  addresses.
              PORT is mandatory.
              This option is required, unless CryWrap was put into inetd mode.

       --pidfile (-P) PIDFILE
              Write the pid thy runs with to PIDFILE.
              Default is /var/run/

       --user (-u) UID
              UID is the numerical user id of the user thy should run as.
              Default is 65534.

       --version (-V)
              Print the version number and exit.

       --help (-?)
              Print a verbose help screen and exit.

              Print a short summary of options.


   Setting up pop3s
       crywrap --listen /995 --destination localhost/110

   Setting up imaps with a different certificate
       crywrap --listen /993 --destination localhost/143 \
            --pem /etc/ssl/certs/imap.pem


              This directory contains the default server key and  certificate.


       Probably many.


       Gergely Nagy <>