TCP (Transmission Control Protocol) proxy is a part of internal TCP extension and supports both insecure TCP and secure TCP using SSL/TLS.
TCP proxy configuration
To setup TCP proxy, you have to configure the following parameters:
- Proxy IP - IP address on which the proxy will listen to new connections (client will connect to it).
- Proxy port - Proxy on which the proxy will listen.
- Target IP - IP address of the real server.
- Target port - port of the application on the real server.
- Close delay (ms) - how many milliseconds will the proxy connection wait before closing sockets (f.e. when client sends data and closes the connection between client and proxy → proxy will wait 100 ms before closing the connection between proxy and server).
- Buffer size - maximal number of bytes to read from the TCP stream in one PDU.
- Charset - charset of the data (ISO-8859-1 recommended).
You can use SSL/TLS with TCP by configuring the following options:
Server (between client and proxy)
- Algorithm - which SSL/TLS algorithm you want to use.
- Keystore type - type of provided keystore (JKS, PKCS11, ...).
- Keystore path - where is the keystore located.
- Keystore password - password to decrypt the keystore.
- Key password - password to decrypt the key.
- Client (between proxy and server)
You can select SSL + certificate if you want the client to use client-certificate.
Client parameters are identical to the Server parameters.
To generate a certificate in JKS keystore, you can use the following command (tool that is part of official Java binaries):
keytool -genkey -alias petep -keyalg RSA -validity 3650 -keysize 4096 -keystore C:/server.jks