---
- Important: The file proxy-dh.pem is now required. tlsproxy-setup creates it,
- but running it will overwrite the existing proxy-*.pem files. To create only
- proxy-dh.pem use:
+ but running it will overwrite the existing proxy-*.pem files (which will
+ invalidate all certificate-*-proxy.pem files). To create only proxy-dh.pem
+ use:
certtool --generate-dh-params --sec-param high --outfile proxy-dh.pem
+- Use "SECURE" (replacing "NORMAL") as GnuTLS priority string which disallows
+ insecure algorithms.
- Add -a option, authentication for tlsproxy via basic digest authentication.
+- Add new debug level (-d 3) for even more debug output, including information
+ about the current TLS session.
+- Allow rehandshakes for server connections (%SAFE_RENEGOTIATION is forced to
+ prevent security issues).
- Use pre-generated Diffie-Hellman parameters in proxy-dh.pem.
- Code cleanup.
- Better error handling.