sslh v1.21 is now available. It uses conf2struct, which seems to be doing the job!


  • Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified in their configuration) and for listenint socket, if all client protocols support it. (Craig Andrews)
  • Added ‘minlength’ option to skip a probe if less than that many bytes have been received (mostly for regex)
  • Moved configuration and command-line management to use conf2struct. Hopefully this should be transparent to users.
  • Update Let’s Encrypt entry in example.cfg for tls-alpn-01 challenges; tls-sni-* challenges are now deprecated.
  • Log to syslog even if in foreground (for people who use fail2ban)
  • Use syslog_facility: “none” to disable syslog output.