Provided by: gnutls-bin_3.4.10-4ubuntu1_i386 bug


       CryWrap - Simple TCP/IP service encryption using TLS/SSL


       crywrap --listen HOST/PORT --destination HOST/PORT [options]


       CryWrap  is  a  simple  wrapper that waits for TLS/SSL connections, and
       proxies them to an unencrypted location.


       CryWrap takes the following options:

   Required options
       --destionation (-d) HOST/PORT
              The destionation host and address, where CryWrap should  connect
              to. Both arguments are required.

   TLS options
       --anon (-a)
              Enables Anon-DH mode. If enabled, no certificate will be sent to
              the client, and only anonymous sessions will be enabled.
              Default is off.

       --cert (-c) PATH

       --key (-k) PATH
              The public certificate to  send  to  clients,  and  the  private
              server key.
              Default   is  /etc/crywrap/server.pem,  unless  --anon  is  also
              specified, in which case no certificate will be used.  --ca (-z)
              A  Certificate Authority certificate to be used for verification
              of client certificates.

       --verify (-v) [LEVEL]
              Set the level of  client  certificate  verification.  Level  one
              simply  logs  the  result,  level  two  and  above  abort if the
              certificate could not be verified.
              Default is 0.

   Miscellaneous options
       --inetd (-i)
              Enable inetd-mode. Use this if you  want  to  run  CryWrap  from
              inetd.  If  this  option  is  not  enabled,  then  --listen is a
              required option.
              Default is off.

       --listen (-l) HOST/PORT
              The host and port CryWrap should listen on. HOST can be an  IPv4
              or   IPv6   address,  or  a  hostname,  and  is  optional  -  if
              unspecified, CryWrap will listen  on  all  available  addresses.
              PORT is mandatory.
              This option is required, unless CryWrap was put into inetd mode.

       --pidfile (-P) PIDFILE
              Write the pid thy runs with to PIDFILE.
              Default is /var/run/

       --user (-u) UID
              UID is the numerical user id of the user thy should run as.
              Default is 65534.

       --version (-V)
              Print the version number and exit.

       --help (-?)
              Print a verbose help screen and exit.

              Print a short summary of options.


   Setting up pop3s
       crywrap --listen /995 --destination localhost/110

   Setting up imaps with a different certificate
       crywrap --listen /993 --destination localhost/143 \
            --pem /etc/ssl/certs/imap.pem


              This directory contains the default server key and certificate.


       Probably many.


       Gergely Nagy <>