Good question. No, the bore server only listens on ports dynamically when it gets a new connection. It cleans up connections as well. This is managed by Rust’s ownership system. Could you also clarify what the specific risk is of opening ports?
Bore has an explicit design goal of being easy to deploy yourself. Unfortunately adding TLS termination would necessitate setup steps like creating a wildcard certificate and uploading it. It also requires additional configuration options, since TLS termination is on top of HTTP, but bore only proxies TCP directly and is unaware of HTTP. This is by design.
> Could you also clarify what the specific risk is of opening ports?
I guess I was meant from a firewall perspective. I understand the ports won't be listening but any potential firewall will not be able to block the port unless you have some integration to dynamically get the firewall to open and close ports on demand.
Bore has an explicit design goal of being easy to deploy yourself. Unfortunately adding TLS termination would necessitate setup steps like creating a wildcard certificate and uploading it. It also requires additional configuration options, since TLS termination is on top of HTTP, but bore only proxies TCP directly and is unaware of HTTP. This is by design.