## Gopher and TLS
"Encryption is easy, do it!"
Ivan J. <
[email protected]>
## Gopher and TLS
Table of contents
* Why
* Current status
* Future plans
## Why TLS?
* Gopher is a cleartext protocol
* I'd like some encryption
* Tor is often slow and sometimes difficult to set up
* Requires a local Tor daemon and LD_PRELOAD hacks
* No need for a protocol change or a new RFC
* Transparent to users
## Implementations
* Server-side:
* sslh -> tlstun -> geomyidae
* Client-side:
* clic
* gnutls-cli
## Server-side concept
1. Serve a gopherhole with a daemon (geomyidae)
2. Add TLS on top of it (tlstun)
3. Differ clear and encrypted traffic and manage it (sslh)
## 1. Gopher daemon
* Install Geomyidae and serve your gopherhole on some port
that is not port 70
## 2. TLS tunnel
* Install tlstun and setup a TLS certificate
* Run tlstun to proxy TLS traffic from some port to your
gopher daemon's port
## 3. Multiplexing
* Install sslh and configure it to work with your gopherhole
* geomyidae on port 71
* tlstun on port 7771
* sslh on port 70
Example sslh.cfg:
protocols:
(
{ name: "regex"; host: "127.0.0.1"; port: "71";
regex_patterns: [ "^\r\n$", "^\n$", "^.\n$" ]; },
{ name: "tls"; host: "127.0.0.1"; port: "7771"; },
{ name: "anyprot"; host: "127.0.0.1"; port: "71"; },
{ name: "timeout"; host: "127.0.0.1"; port: "71"; }
);
on-timeout: "timeout";
## Client-side concept
1. Connect to gopherhole
2. Ask for TLS
3. Connect with TLS if possible, otherwise go plain
## Client-side practice
* Connect with GnuTLS
$ printf '\r\n' | gnutls-cli parazyd.org:78
* Connect with netcat
$ printf '\r\n' | nc parazyd.org 78
* Both work!
* solene has also added TLS support in clic!
## Future plans
* Add TLS support to other Gopher clients
* Teach Gopher users about the concept and adopt it
## Resources
*
https://github.com/yrutschle/sslh
* git://parazyd.org/tlstun
## Thank you!
* Questions?
