Provided by: hitch_1.1.1-1_i386 bug


       Hitch - high performance TLS proxy


       hitch [OPTIONS] [PEM]


       Hitch  is  a  network  proxy  that  terminates  TLS/SSL connections and
       forwards the unencrypted traffic to  some  backend.  It's  designed  to
       handle  10s  of  thousands  of  connections  efficiently  on  multicore

       Hitch has very few features -- it's  designed  to  be  paired  with  an
       intelligent  backend  like  Varnish  Cache.  It  maintains a strict 1:1
       connection pattern with this backend handler so that  the  backend  can
       dictate  throttling behavior, maximum connection behavior, availability
       of service, etc.

       The only required argument is a path to a PEM file  that  contains  the
       certificate  (or  a  chain  of certificates) and private key. It should
       also contain DH parameter if you  wish  to  use  Diffie-Hellman  cipher


                 Load configuration from specified file.

          --tls  TLSv1 (default. No SSLv3)

          --ssl  SSLv3 (enables SSLv3)


                        Sets allowed ciphers (Default: "")


                        Sets OpenSSL engine (Default: "")


                        Prefer server list order

                 Enable client proxy mode

          -b     --backend=[HOST]:PORT       Backend   [connect]  (default  is

          -f     --frontend=[HOST]:PORT[+CERT]     Frontend [bind] (default is
                 "[*]:8443")   (Note:   brackets  are  mandatory  in  endpoint


                        Number of worker processes (Default: 1)


                        Set listen backlog size (Default: 100)


                        TCP keepalive on client socket (Default: 3600)


                        Sets chroot directory (Default: "")


                        Set uid/gid after binding the socket (Default: "")


                        Set gid after binding the socket (Default: "")


                        Be quiet; emit only error messages


                        Send  log   message   to   syslog   in   addition   to

                 Syslog facility to use (Default: "daemon")

                 Fork  into background and become a daemon; this also sets the
                 --quiet option (Default: off)

                 Write 1 octet with the IP family followed by the  IP  address
                 in  4  (IPv4)  or  16  (IPv6) octets little-endian to backend
                 before the actual data (Default: off)

                 Write HaProxy's PROXY v1 (IPv4 or IPv6) protocol line  before
                 actual data (Default: off)

                 Write HaProxy's PROXY v2 binary (IPv4 or IPv6)  protocol line
                 before actual data (Default: off)

                 Equivalent to  --write-proxy-v2.  For  PROXY  version  1  use
                 --write-proxy-v1 explicitly

                 Proxy  HaProxy's  PROXY  (IPv4  or IPv6) protocol line before
                 actual data (PROXY v1 only) (Default: off)

                 Abort handshake  when  client  submits  an  unrecognized  SNI
                 server name (Default: off)


                 --test Test configuration and exit


                        PID file


                        Print program version and exit


                 --help This help message


       Hitch  was  originally  called  stud and was written by Jamie Turner at