titus is a TLS/SSL proxy server (like stunnel or stud) that protects you from vulnerabilities in the TLS implementation such as Heartbleed (or worse).
Totally Isolated TLS Unwrapping Server
- Runs in a separate process from your application, protecting your application's state from compromise.
- Uses a separate process for every TLS connection, protecting the state of TLS connections from each other.
- Uses privilege separation and chrooting to protect your server as a whole.
- Isolates the private key in a dedicated process that doesn't talk to the network, protecting your private key from compromise.
- Can run in transparent proxy mode, preserving the client's IP address, so your backend doesn't even know it's there.
If there's a vulnerability in the TLS implementation, titus makes it very, very unlikely that an attacker could steal your private key, access the memory of your application, sniff data from other TLS connections, or otherwise attack your system.
The current version of titus is 0.2, released on 2014-08-17. titus aims to be bug-free and secure, though it has not yet undergone serious testing or performance optimization. Additionally, we may make backwards-incompatible changes to the behavior before titus reaches version 1.0
Building from Source
Compiling from Git
git clone https://www.agwa.name/git/titus.git
- OpenSSL 1.0.1 or higher, with development headers (libssl-dev)
- A C++11 compiler (such as GCC 4.7, Clang 3.0, or newer)
Verifying the Source
Since version 0.2, all tarballs and Git tags are signed by Andrew Ayer's PGP key, EF5D 84C1 838F 2EB6 D896 8C04 1037 8EFC 2080 080C.
If you're using the Debian/Ubuntu package:
- Copy the example config from
/etc/titus/titus.conf. Modify to fit your needs.
- Start titus with:
service titus start
titus(8) man page and
/usr/share/doc/titus/README.Debian for documentation.
If you've compiled from source:
- Start with titus.conf.example and modify to fit your needs.
- Run your configuration with:
titus --config /path/to/titus.conf
titus(8) man page for documentation.
Copyright © 2014 Andrew Ayer. Licensed under the X11 license.
- Announcement list (low traffic): subscribe / archives
- Discussion list:
firstname.lastname@example.org / archives
- GitHub project
- Issue tracker
For help or questions, send mail to the discussion list, email@example.com. To report a bug or make a feature request, please open an issue at GitHub or send mail to the discussion list. To contribute code, please send a properly-formatted patch to the discussion list, or open a pull request at GitHub.
To report a confidential security matter, please contact the author directly.
Want backups that take security as seriously as titus?
Check out Opsmate, a simple and secure backup service for Linux servers.