Jonama is a piece of software acting as a relay between a client over the Net and your internal systems.

It was developped which security in mind :

• Use of SSL protocol to identify remotes and crypt channels.
• Use of Unix mechanisms like chroot and setuid, to minimize rights and actions.
  
  
  

I was looking for an SSL relay but each implementation (sslwrap, stunnel, bjorb) didn't support CA mode and load-balancing.

Since I work on RPM for mod_ssl, I decided to grab parts of this software to start my very own SSL relay.

Today, June 1999, stunnel also support CA mode ;-)

 

As of version 1.1.x :

• Stand-alone server (no use of inetd wrapper).
• SSL v2/v3/TLS 1 via OpenSSL/SSLeay.
• Multiples services proxying (ie telnet, imap, pop).
• CA mode for reject of clients without valid certificates (SSLeay CA.sh).
• Services could use multiples remotes servers, with automatic backup .
• Relaying control via ACL Date/Time.
• Free software.
  
  
  

In version 1.2.x :

• Threaded Mode (Pre Requisite for load-balancing).
• CRL support (Certificate Resiliation).
• Real load balancing (connection/traffic).
• Windows Port.
• Free software.
  
  
  

All you need is Unix Box and free software.

• A free Unix, like Linux or FreeBSD.
• SSL libraries (SSLeay or OpenSSL).
  
  
  

This is a very alpha software, we need also to :

• Test, test and re-test to validate all securities aspects.
• Port to others Unixes (I'm looking for a nice autoconf file).
• Implement SSL in both entry (client-side) and exit (server-side).
• Add others valitidy/redirection rules based on client certificate.
• Correct by very bad english (Sorry I'm french ;-| )
• A decent manual (Ouch).
  
  
  

I would like to thanks :

• OpenSSL Team for OpenSSL a powerfull and free SSL implementation libraries.
  
• Ralf s. Engelschall for mod_ssl extension to Apache HTTP Server. It's code is both usefull and pedagogic and Jonama grab many parts of mod_ssl code .
• Eric Young and Tim Hudson for SSLeay the original SSL implementation libraries.