sslh - SSL/SSH multiplexer

Property Value
Distribution openSUSE Tumbleweed
Repository Security all
Package filename sslh-1.20-1.8.x86_64.rpm
Package name sslh
Package version 1.20
Package release 1.8
Package architecture x86_64
Package type rpm
Category Productivity/Networking/SSH
License GPL-2.0+
Maintainer -
Download size 48.12 KB
Installed size 80.23 KB
sslh lets one accept both HTTPS and SSH connections on the same port. It makes
it possible to connect to an SSH server on port 443 (e.g. from inside a
corporate firewall) while still serving HTTPS on that port.


Package Version Architecture Repository
sslh-1.20-1.8.i586.rpm 1.20 i586 Security
sslh - - -


Name Value
coreutils - - - - -
openssh -
openssl -
pwdutils -
systemd -


Name Value
config(sslh) = 1.20-1.8
sslh = 1.20-1.8
sslh(x86-64) = 1.20-1.8


Type URL
Binary Package sslh-1.20-1.8.x86_64.rpm
Source Package sslh-1.20-1.8.src.rpm

Install Howto

  1. Add the Security repository:
    # zypper addrepo security
  2. Install sslh rpm package:
    # zypper install sslh




2018-11-23 -
- Update to 1.20:
* Added support for socks5 protocol (Eugene Protozanov)
* New probing method
* Test suite refactored
- ChangeLog from 1.19:
* Added ?syslog_facility? configuration option to specify where to log.
* TLS now supports SNI and ALPN (Travis Burtrum), including support for Let?s Encrypt challenges (Jonathan McCrohan)
* ADB probe. (Mike Frysinger)
* Added per-protocol ?fork? option. (Oleg Oshmyan)
* Added chroot option. (Mike Frysinger)
* A truckload of bug fixes and documentation improvements (Various contributors)
- Remove filepath-in-systemd-service.patch: upstreamed
- Add BuildRequires: pcre-devel
2017-11-06 -
- fix systemd vs SysVinit
* don't install both when system should be used
* add var has_systemd
2016-07-19 -
- Update to 1.18
* Added USELIBPCRE to make use of regex engine optional.
* Added support for RFC4366 SNI and RFC7301 ALPN
(Travis Burtrum)
* Changed connection log to include the name of the probe that
* Changed configuration file format: 'probe' field is
no longer required, 'name' field can now contain
'tls' or 'regex', with corresponding options (see
* Added 'log_level' option to each protocol, which
allows to turn off generation of log at each
* Added 'keepalive' option.
Version 1.17
* Support RFC5952-style IPv6 addresses, e.g. [::]:443.
* Transparant proxy support for FreeBSD  (Ruben van Staveren)
* Using -F with no argument will try
/etc/sslh/sslh.cfg and then /etc/sslh.cfg as configuration files.
(argument to -F can no longer be separated from the option by a space,
e.g. must be -Ffoo.cfg)
* Call setgroups() before setgid() (fixes potential
privilege escalation) (Lars Vogdt)
* Use portable way of getting modified time for OSX support (Aaron
* Example configuration for fail2ban (Every Mouw)
- Dropped missing-call-to-setgroups-before-setuid.patch, included
2014-12-18 -
- Added filepath-in-systemd-service.patch to point to correct
patch in systemd service file
2014-03-25 -
- update to 1.16:
+ Probes made more resilient, to incoming data
containing NULLs. Also made them behave properly
when receiving too short packets to probe on the
first incoming packet.
(Ondrej Kuzník)
+ Libcap support: Keep only CAP_NET_ADMIN if started
as root with transparent proxying and dropping
priviledges (enable USELIBCAP in Makefile). This
avoids having to mess with filesystem capabilities.
(Sebastian Schmidt/yath)
+ Fixed bugs related to getpeername that would cause
sslh to quit erroneously (getpeername can return
actual errors if connections are dropped before
getting to getpeername).
+ Set IP_FREEDBIND if available to bind to addresses
that don't yet exist.
- compile with libcap support
- added missing-call-to-setgroups-before-setuid.patch
- removed patches fixed upstream:
+ sslh-asprintf.patch
+ sslh-chroot.patch
2013-12-22 -
- added /etc/conf.d/sslh
now the service actually starts when using systemd
2013-12-11 -
- update to 1.15:
+ Added --transparent option for transparent proxying. See README for iptables magic and capability management.
+ Fixed bug in sslh-select: if number of opened file descriptor became bigger than FD_SETSIZE, bad things would happen.
+ Fixed bug in sslh-select: if socket dropped while defered_data was present, sslh-select would crash.
+ Increased FD_SETSIZE for Cygwin, as the default 64 is too low for even moderate load.
Thanks to Arnaud Gendre and Michael K. Avanessian for helping with investigation of the last three points.

See Also

Package Description
sslscan-1.11.10-17.11.i586.rpm SSL cipher scanning tool
sslscan-1.11.10-17.11.x86_64.rpm SSL cipher scanning tool
stoken-0.92-16.6.i586.rpm Token code generator compatible with RSA SecurID 128-bit (AES) token
stoken-0.92-16.6.x86_64.rpm Token code generator compatible with RSA SecurID 128-bit (AES) token
stoken-devel-0.92-16.6.i586.rpm Development files for stoken
stoken-devel-0.92-16.6.x86_64.rpm Development files for stoken
stoken-gui-0.92-16.6.i586.rpm Graphical interface program for stoken
stoken-gui-0.92-16.6.x86_64.rpm Graphical interface program for stoken
swing-layout-1.0.3-2.245.noarch.rpm Natural layout for Swing panels
swing-layout-javadoc-1.0.3-2.245.noarch.rpm Javadoc documentation for Swing-Layout
tarsnap-1.0.39-1.15.i686.rpm Backup tool for
tarsnap-1.0.39-1.15.x86_64.rpm Backup tool for
tboot-20170711_1.9.8-107.6.i586.rpm Program for performing a verified launch using Intel TXT
tboot-20170711_1.9.8-107.6.x86_64.rpm Program for performing a verified launch using Intel TXT
tcpflow-1.5.0-19.10.i586.rpm Program for capturing and collecting TCP streams