How To Install tlswrapper on Debian 12
Introduction
In this tutorial we learn how to install tlswrapper
on Debian 12.
What is tlswrapper
tlswrapper is:
The tlswrapper is an TLS encryption wrapper between remote client and local program prog.
Internet <–> tcpserver/inetd/systemd.socket/… <–> tlswrapper <–> prog
Separate process for every connection
The tlswrapper is executed from systemd.socket/inetd/tcpserver/… which runs separate instance of tlswrapper for each TLS connection. It ensures that a vulnerability in the code (e.g. bug in the TLS library) can’t be used to compromise the memory of another connection.
Separate process for network connection and for secret-key operation
To protect against secret-information leaks to the network connection (such Heartbleed) tlswrapper runs two independent processes for every TLS connection. One process holds secret-keys and runs secret-keys operations and second talks to the network. Processes communicate with each other through unix pipes.
Privilege separation, filesystem isolation, limits
The tlswrapper processes run under dedicated non-zero uid to prohibit kill, ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets ulimits to prohibit forks.
TLS library
The tlswrapper is using BearSSL library which implements only secure versions of TLS protocol (TLS1.0 - TLS1.2). And implements safe and constant-time algorithms.
There are three methods to install tlswrapper
on Debian 12. We can use apt-get
, apt
and aptitude
. In the following sections we will describe each method. You can choose one of them.
Install tlswrapper Using apt-get
Update apt database with apt-get
using the following command.
sudo apt-get update
After updating apt database, We can install tlswrapper
using apt-get
by running the following command:
sudo apt-get -y install tlswrapper
Install tlswrapper Using apt
Update apt database with apt
using the following command.
sudo apt update
After updating apt database, We can install tlswrapper
using apt
by running the following command:
sudo apt -y install tlswrapper
Install tlswrapper Using aptitude
If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Debian. Update apt database with aptitude
using the following command.
sudo aptitude update
After updating apt database, We can install tlswrapper
using aptitude
by running the following command:
sudo aptitude -y install tlswrapper
How To Uninstall tlswrapper on Debian 12
To uninstall only the tlswrapper
package we can use the following command:
sudo apt-get remove tlswrapper
Uninstall tlswrapper And Its Dependencies
To uninstall tlswrapper
and its dependencies that are no longer needed by Debian 12, we can use the command below:
sudo apt-get -y autoremove tlswrapper
Remove tlswrapper Configurations and Data
To remove tlswrapper
configuration and data from Debian 12 we can use the following command:
sudo apt-get -y purge tlswrapper
Remove tlswrapper configuration, data, and all of its dependencies
We can use the following command to remove tlswrapper
configurations, data and all of its dependencies, we can use the following command:
sudo apt-get -y autoremove --purge tlswrapper
Dependencies
tlswrapper have the following dependencies:
References
Summary
In this tutorial we learn how to install tlswrapper
package on Debian 12 using different package management tools: apt
, apt-get
and aptitude
.