What's this ? ----------------------------------------------------------------------------- Jonama is a piece of software acting as a relay between a client over the Net and your internal systems. It was developped which security in mind : * Use of SSL protocol to identify remotes and crypt channels. * Use of Unix mechanisms like chroot and setuid, to minimize rights and actions. Why ? ----------------------------------------------------------------------------- I was looking for an SSL relay but each implementation (sslwrap, stunnel, bjorb) didn't support CA mode and load-balancing when I decide to start project (Feb/March 1999). Now (June 1999) stunnel support full certificate verification ;-) Since I work on RPM for mod_ssl, I decided to grab parts of this software to start my very own SSL relay. Features ----------------------------------------------------------------------------- As of version 1.0, Jonama's feature : * Stand-alone server (no use of inetd wrapper). * SSL v2/v3/TLS 1 via SSLeay. * Multiples services proxying (ie telnet, imap, pop). * CA mode for reject of clients without valid certificates (SSLeay CA.sh). * Services could use multiples remotes servers, with automatic backup or load balancing (connection/traffic). * Free software. Needed software/hardware ----------------------------------------------------------------------------- All you need is Unix Box and free software. * A free Unix, like Linux or FreeBSD. * SSL libraries (SSLeay or OpenSSL). Todo ----------------------------------------------------------------------------- This is a very alpha software, we need also to : * Test, test and re-test to validate all securities aspects. * Port to others Unixes (I'm looking for a nice autoconf file). * Implement SSL in both entry (client-side) and exit (server-side). * Add others valitidy/redirection rules based on client certificate. * Correct by very bad english (Sorry I'm french ;-| ) * A decent manual (Ouch). Credits ----------------------------------------------------------------------------- I would like to thanks : * Ralf s. Engelschall for mod_ssl extension to Apache HTTP Server. It's code is both usefull and pedagogic and Jonama grab many parts of mod_ssl code . * Eric Young and Tim Hudson for SSLeay a powerfull and free SSL implementation libraries.