Orenosp Secure Reverse Proxy

Information on impact of the SSL/TLS renegotiation vulnerability

All versions of Orenosp released up to November 8th, 2009 are vulnerable. There is no user-configurable option to disable SSL renegotiation.
New version of Orenosp (1.2.11) for Windows is available now. This version will disable the SSL renogiation completely. Linux version will be available shortly.
Orenosp does not use SSL renegotiation for any of its features (such as SSL Client Authentication). Therefore customers can use this patched version without breaking any functionality with standard web browsers.
If you are using a specialized SSL-enabled file transfer program, please test this version thoroughly with your client software before rolling it out to the production environment. Although we are not aware of such a client, an SSL client program that initiates and requires SSL renegotiation to succeed will be imcompatible with this patched version.
Please send us any questions or concerns about this issue to support at-mark orenosv.com.
We have added a functionality to Server Certificate Manager that will look for SSL-servers with this SSL renegotiation vulnerability on your network. See detailed description here.

[To Japanese page]

Orenosp is a secure reverse proxy and load-balancer for HTTP/HTTPS and secure port forwarder for many TCP-based applications. It can be used as an low-cost alternative solution to VPNs using IPSec or PPTP. Orenosp runs on Windows platforms (NT, 2000, XP and 2003), Linux x86, and Mac OS X.

News: Since May 2009, Kousec Software, Inc. develops and markets this product and all other Orenosv.com products and freewares. For existing customers of Orenosv.com products, please this notice.

Usage Examples

Securely make available internal web applications to external users.
Securely make available Remote Desktop access to internal PCs to external users.

Features

Client-less, trouble-free, restricted VPN access
A single gate that needs to be configured and monitored.
Can be placed in DMZ while all other servers can be placed in the LAN.
It has a LAN monitor in which you can scan your LAN and monitor status of found PCs, and wake up and shut down the PCs (Wake-on-LAN).
Numerous user authentication schemes supported: File-based, HTTP-based, ActiveDirectory, RADIUS.
Enables name-based SSL virtual-hosting of backend applications (TLS SNI)

For details, see Orenosp Documentation Page.

Customer Cases

We have customer cases.

Deployment Topology

Here we show a couple of deployment toplogies. Click pictures to enlarge.

Placing Orenosp in DMZ for Generic HTTP Applications
Placing Orenosp in DMZ for Exchange 2003/2000 Servers
Clustering Orenosp in Active/Standby using Linux Heartbeat Clusterware

Other Deployment Scenario

Click pictures to enlarge.

Named-Based SSL Virtual Hosting for Low-Cost VPS
Rather than dedicating a global IP address to each virtual server, position VPSes behind a NAT and Orenosp. This way, each virtual server can have an SSL virtual host with independent PKI certificate (Orenosp uses TLS SNI). This will make sense when global IPv4 addresses are scarse resource.

System Requirements

Windows NT 4.0 SP6a
Windows 2000 SP1 or later
Windows XP
Windows Server 2003
Windows Server 2008
Linux (Red Hat 7.2 or later)
Mac OS X 10.3 or later

Download

Orenosp Secure Reverse Proxy is a shareware program. You can download and try it for 90 days. For extended trial license, please contact Orenosv.com sales.
gtOrenoPC is another form of Orenosp package in that it is best suited for quick and easy SSL-enabled remote desktops. You can install Orenosp Secure Reverse Proxy and gtOrenoPC on the same PC.
To see changes in the latest version, please see this file.

Download 1.2.11 for Windows (IPv6-enabled, SNI-enabled, requires XP/2003/2008).
New: OpenSSL upgraded to 0.9.8l to avoid SSL renegotiation vulnerability. Other bug and stability fixes.
Download 1.2.4 for Windows (runs on Windows NT 4 or Windows 2000)
Download 1.2.11 for Linux (IPv4-only, SNI-enabled)
gtOrenoPC : Download 1.2.11 for Windows
Previous released versions are here.

Purchase License

You can purchase regular licenses from Orenosv.com. There are three product editions.

Standard license
Personal license : there are upper limit in some parameters.
gtOrenoPC license : specially packaged for remote desktop applications (Windows only). See gtOrenoPC page for details.

Then, there are two purchase options for each edition.

Product use license only.
Use license plus one-year support and upgrade entitlement

The following is a summary of product options.

	Standard license	Standard license with one-year support and upgrade entitlement	Personal license	Personal license with one-year support and upgrade entitlement	gtOrenoPC license	gtOrenoPC license with one-year support and upgrade entitlement
Functionality	Full		3 pass rules for reverse proxying, 1 pass rule for SSL tunneling (This edition should be choosed for a small HTTP/S reverse proxy environment)		1 pass rule for reverse proxying, 3 pass rules for SSL tunneling (This edition should be choosed for a small SSL tunneling remote desktop environment)
Support	No support, except for self-support in Discussion Forums	Email support for one year from the date of purchase	No support, except for self-support in Discussion Forums	Email support for one year from the date of purchase	No support, except for self-support in Discussion Forums	Email support for one year from the date of purchase
Upgrade	No free upgrade. Only maintenance updates (1.x)	Entitlement to upgrade to 2.x version, if 2.0 becomes available within one year from the purchase.	No free upgrade. Only maintenance updates (1.x)	Entitlement to upgrade to 2.x version, if 2.0 becomes available within one year from the purchase.	No free upgrade. Only maintenance updates (1.x)	Entitlement to upgrade to 2.x version, if 2.0 becomes available within one year from the purchase.
Field of Use	a single physical PC

For payment methods currently available, we have 1) credit card payment via PayPal or 2) domestic (Japan only) wire transfer. For any other payment and pricing arrangements, please contact sales@orenosv.com.

Pay with credit card via PayPal

You do not need a PayPal account. Please follow "If you do not currently have a PayPal account" section.
Once we confirmed your payment from PayPal, we will send you a license key to your email address that you specified at the PayPal screen.
Please contact sales@orenosv.com, if you don't receive your key within two days. Please include your email address associated with your payment.

Product	Price in US Dollars	Price in Euros
gtOrenoPC license (Windows) (SP-G001-001)	89 USD	70 EUR
gtOrenoPC license (Windows) with one-year support and upgrade entitlement (SP-PSM1-001)	134 USD	105 EUR
Personal license (Windows) (SP-P001-001)	100 USD	80 EUR
Personal license (Windows) with one-year support and upgrade entitlement (SP-PSM1-001)	150 USD	120 EUR
Personal license (Linux/Mac OS X) (SP-P001-003)	100 USD	80 EUR
Personal license (Linux/Mac OS X) with one-year support and upgrade entitlement (SP-PSM1-003)	150 USD	120 EUR
Standard license (Windows) (SP-FULL-001)	500 USD	400 EUR
Standard license (Windows) with one-year support and upgrade entitlement (SP-FSM1-001)	750 USD	600 EUR
Standard license (Linux/Mac OS X) (SP-FULL-003)	500 USD	400 EUR
Standard license (Linux/Mac OS X) with one-year support and upgrade entitlement (SP-FSM1-003)	750 USD	600 EUR

Customization and Source Code Licensing

are also available. details.

About

Since May 2009, Kousec Software, Inc. develops and markets this product and all other Orenosv.com products and freewares. For existing customers of Orenosv.com products, please this notice.
There is no service disruptions or any impacts on existing Orenosv.com customers. The following email contacts remain the same.

Sales : sales@orenosv.com, for pricing, licensing, pre-sales support and any special arrangements related to them.
Support : support@orenosv.com, for customers with support option.
Orenosv.com Discussion Forums: http://orenosv.com/bb/ for casual Q&A and free discussion related to Orenosv.com software.

Kousec Software, Inc.