Provided by: stud_0.3-6_amd64 bug

NAME
       stud — The Scalable TLS Unwrapping Daemon


SYNOPSIS
       stud  [--tls]  [--ssl]  [-c  ciphers]  [-b  host,port]  [-f host,port] [-n cores] [-r path] [-u username]
            [--write-ip] [--write-proxy] certificate.pem


DESCRIPTION
       stud is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to  some
       backend.  It's designed to handle 10s of thousands of connections efficiently on multicore machines.

       stud  has  very  few  features  -- it's designed to be paired with an intelligent backend like haproxy or
       nginx.  It maintains a strict 1:1 connection pattern with this backend handler so that  the  backend  can
       dictate throttling behavior, maxmium connection behavior, availability of service, etc.

       The  only  required  argument  is  a  path  to  a  PEM  file that contains the certificate (or a chain of
       certificates) and private key. It should also contain DH parameter if  you  wish  to  use  Diffie-Hellman
       cipher suites.

       The options are as follows:

       --tls   Use TLSv1 (default).

       --ssl   Use only SSLv3 and no TLSv1.

       -c ciphers
               Set  allowed  ciphers  using  the  same  format  as  openssl  ciphers.   For example, you can use
               RSA:!COMPLEMENTOFALL.

       -b host,port
               Define backend. Default is 127.0.0.1,8000.  Incoming connections will be unwrapped  and  sent  to
               this IP and port.

       -f host,port
               Define  frontend.  Default  is *,8443.  Incoming connections will be accepted to this IP and port
               and will be sent to the backend defined above.

       -n cores
               Use cores worker processes. Default is 1.

       -r path
               Chroot to the given path. By default, no chroot is done.

       -u username
               Set GID/UID after binding the socket. By default, no privilege is dropped.

       --write-ip
               Write 1 octet with the IP family followed by the IP address in  4  (IPv4)  or  16  (IPv6)  octets
               little-endian to backend before the actual data.

       --write-proxy
               Write HaProxy's PROXY (IPv4 or IPv6) protocol line before actual data.


SEE ALSO
       ciphers(1SSL), dhparam(1SSL), haproxy(1)


AUTHORS
       stud  was  originally  written  by  Jamie  Turner (@jamwt) and is maintained by the Bump server team.  It
       currently provides server-side TLS termination for over 40 million Bump users.

Debian                                         September 23, 2011                                        STUD(8)