This is an evented proxy around OpenSSL's async interface. It has a totally reasonably ring buffer library it uses to buffer the data it's proxying, and virtually no other logic. It's so simple it doesn't really even present many obvious <i>opportunities</i> for security bugs.<p>My only complaint is that Jamie didn't tap us to look at it too. I feel slighted!<p>Apart from that, this is great stuff. I have clients that can use it immediately. Thanks!
FWIW, Jamie asked me to audit an earlier version of this code. I haven't looked at the version he released, but the version I saw looked secure to me (subject to the assumption that OpenSSL bugs aren't exploitable, at least).
So at first I thought this was for people who don't want to use something like nginx. But then I read "it's designed to be paired with an intelligent backend like haproxy or nginx." If I'm already using nginx, why wouldn't I just have it do SSL?<p>Oops, that was stupid, I somehow made it the github page without reading the actual blog post. nm.