tlspr

-I

Inetd mode. Standalone service only.

-d

Daemonize. Detach service from console and run in the background.

-t

Be silenT. Do not log start/stop/accept error records.

-u

Never ask for username authentication

-e

External address. IP address of the interface the proxy should initiate connections from. By default, the system will decide which address to use in accordance with the routing table.

-i

Internal address. IP address the proxy accepts connections to. By default, connections to any interface are accepted. It´s usually unsafe. Unix domain sockets can be specified with -iunix:/path/to/socket syntax (e.g., -iunix:/var/run/tlspr.sock). On Linux, abstract sockets use -iunix:@socketname syntax.

-a

Anonymous. Hide information about client.

-a1

Anonymous. Show fake information about client.

-p

listening_port. Port proxy listens for incoming connections. Default is 1443.

-P

destination_port. Port to establish outgoing connections. Required unless the Transparent plugin is used, because the TLS handshake does not contain port information. Default is 443.

-c

TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check that the server sends a certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check that the server sends a certificate request and the client sends a certificate (not compatible with TLS 1.3)

-l

Log. By default logging is to stdout. If logfile is specified logging is to file. Under Unix, if ´@´ precedes logfile, syslog is used for logging.

-S

Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy crashes.