Hi,

I've been looking and testing Chisel for a few days now, and it looks like a really good software solution... I'm evaluating now how the internal networking of the software works in order to use reverse tunneling.

I have a question regarding the difference between the HTTPS(WSS) connection to the default port 8080 and the SSH connections and authentication...

Some of my questions are:

• Are all individual connections multiplexed over the HTTPS(WSS) connection on port 8080 using SSH? Meaning, is this a situation where a connection will be encrypted using SSH and also using TLS?
  • For example, using this on the client R:8081:${PRIVATE_IP}:80 to connect to a server with reverse mode , would the connection flow be: User Browser -> Server Port 8081 -> Server Port 8080 -> SSH Connection -> Client -> ${PRIVATE_IP}:80
• What's the role of the mTLS authentication vs the SSH authentication? Are both used for the same behavior of authorizing clients and allowed ports? Or is it for a scenario where the connection to the HTTPS server is verified and also individual clients could be authorized as well for specific connections?
• Is there a way to specify the Ciphers for the SSH connections? I'm trying to be as compliant with FIPS as possible...

Thanks!