MCP Proxy

Who can access your
MCP server?

Right now: anyone with the URL. TLSMCP adds mTLS so only approved clients can connect. No certificate = no TCP handshake. Drop-in proxy, no code changes.

Get Started Free Learn About mTLS

The problem with MCP today

Anyone can connect

MCP servers have no native access control. If someone knows the URL, they're in.

API keys aren't enough

Keys can be stolen from logs, env vars, or intercepted. Attackers can still probe your endpoints.

No visibility

You can't see who's connecting, when, or whether unauthorized access attempts are being made.

With TLSMCP

Protocol: TLS 1.3 (With [ Cyphers ])

Auth: mTLS (client certificates)

No cert = No TCP handshake

Audit: Every connection logged

# Start the proxy
tlsmcp proxy \
  --bundle ./certs \
  --listen 8443 \
  --upstream localhost:3000

How TLSMCP works

Drop-in proxy. No changes to your MCP server code.

Client

(with certificate)

→ HTTPS →

TLS 1.3, mTLS

TLSMCP Proxy

:8443

→ HTTP →

localhost only

Your MCP Server

:3000

What you get

Server Authenticated TLS (HTTPS) + mTLS access control. Free to start.

Server Authenticated TLS (HTTPS)

TLS 1.3 only. Authenticated Encryption with Associated Data (AEAD) ciphers. No weak configurations. No downgrade attacks possible.

Mutual TLS (mTLS)

Both client and server authenticate with certificates. No certificate = no connection.

Certificate Management

Issue, rotate, and revoke certificates via Cyphers Hub. No PKI expertise required.

Connection Auditing

Every connection logged. Who connected, when, with which certificate. SIEM-ready.

Zero Trust Ready

Never trust, always verify. Every connection authenticated at the transport layer.

Drop-in Proxy

No code changes to your MCP server. TLSMCP proxy sits in front and handles TLS.

Free vs Pro

Same security. Different scale.

Free

Get started with Server Authenticated TLS (HTTPS) + mTLS

Server Authenticated TLS (HTTPS) (TLS 1.3, Authenticated Encryption with Associated Data (AEAD))
mTLS with 5 client certificates
2 server certificates
2 endpoints
Basic revocation checking
Cyphers Hub access

Get Started Free

Pro

Scale + compliance for production

Everything in Free, plus:

Unlimited client certificates
Unlimited server certificates
Unlimited endpoints
FIPS 140-3 mode
Certificate pinning
Hard-fail revocation
SIEM export (JSON, CEF, Syslog)

Contact Sales

Technical docs at tlsmcp.com

Control who connects to your MCP server.

5 minutes to set up. Free tier includes Server Authenticated TLS (HTTPS) + 5 client certificates.

Get Started Free View Pricing

Who can access your MCP server?