How To Install tlswrapper on Debian 12

Introduction

In this tutorial we learn how to install tlswrapper on Debian 12.

What is tlswrapper

tlswrapper is:

The tlswrapper is an TLS encryption wrapper between remote client and local program prog.

Internet <–> tcpserver/inetd/systemd.socket/… <–> tlswrapper <–> prog

Separate process for every connection

The tlswrapper is executed from systemd.socket/inetd/tcpserver/… which runs separate instance of tlswrapper for each TLS connection. It ensures that a vulnerability in the code (e.g. bug in the TLS library) can’t be used to compromise the memory of another connection.

Separate process for network connection and for secret-key operation

To protect against secret-information leaks to the network connection (such Heartbleed) tlswrapper runs two independent processes for every TLS connection. One process holds secret-keys and runs secret-keys operations and second talks to the network. Processes communicate with each other through unix pipes.

Privilege separation, filesystem isolation, limits

The tlswrapper processes run under dedicated non-zero uid to prohibit kill, ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets ulimits to prohibit forks.

TLS library

The tlswrapper is using BearSSL library which implements only secure versions of TLS protocol (TLS1.0 - TLS1.2). And implements safe and constant-time algorithms.

There are three methods to install tlswrapper on Debian 12. We can use apt-get, apt and aptitude. In the following sections we will describe each method. You can choose one of them.

Install tlswrapper Using apt-get

Update apt database with apt-get using the following command.

sudo apt-get update

After updating apt database, We can install tlswrapper using apt-get by running the following command:

sudo apt-get -y install tlswrapper

Install tlswrapper Using apt

Update apt database with apt using the following command.

sudo apt update

After updating apt database, We can install tlswrapper using apt by running the following command:

sudo apt -y install tlswrapper

Install tlswrapper Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Debian. Update apt database with aptitude using the following command.

sudo aptitude update

After updating apt database, We can install tlswrapper using aptitude by running the following command:

sudo aptitude -y install tlswrapper

How To Uninstall tlswrapper on Debian 12

To uninstall only the tlswrapper package we can use the following command:

sudo apt-get remove tlswrapper

Uninstall tlswrapper And Its Dependencies

To uninstall tlswrapper and its dependencies that are no longer needed by Debian 12, we can use the command below:

sudo apt-get -y autoremove tlswrapper

Remove tlswrapper Configurations and Data

To remove tlswrapper configuration and data from Debian 12 we can use the following command:

sudo apt-get -y purge tlswrapper

Remove tlswrapper configuration, data, and all of its dependencies

We can use the following command to remove tlswrapper configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge tlswrapper

Dependencies

tlswrapper have the following dependencies:

• libbearssl0
• libc6

References

• tlswrapper website
• tlswrapper on packages.debian.org

Summary

In this tutorial we learn how to install tlswrapper package on Debian 12 using different package management tools: apt, apt-get and aptitude.