Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [stunnel]

Stunnel is a small tool that can wrap the connection of other protocols with SSL/TLS.

Stunnel is a free software based on OpenSSL providing a SSL/TLS encryption wrapper between remote clients and a local or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library.

For more information, see the homepage of the project at stunnel.org.

152 questions
16
votes
2 answers

stunnel vpn traffic and ensure it looks like SSL traffic on port 443

I am trying to make my outgoing and incoming traffic look as legitimate as close to SSL traffic as possible. Is there a way to DPI my own traffic to ensure it looks like SSL traffic and not OpenVPN traffic? And based on my config setup does all…
Jason
  • 3,821
  • 17
  • 65
  • 106
16
votes
2 answers

Connecting to MySQL securely - MySQL's SSL vs Stunnel vs SSH Tunneling

We have a PHP application which connects to a MySQL server, and we wish to secure connections between the web & application servers and the database. At peak times, the web servers make many hundreds of concurrent connections to the database, and…
dastra
  • 195
  • 1
  • 5
15
votes
3 answers

Protecting against POODLE SSL on stunnel

How can I mitigate POODLE SSL vulnerability when using stunnel as HTTPS reverse proxy?
Sergey
  • 928
  • 4
  • 10
  • 22
13
votes
3 answers

How do I ensure that stunnel sends all intermediate CA certs?

A few computers, but not most, are rejecting the SSL certificate from my webserver. The problem seems to be that some computers are rejecting the CA certs. The problem seems to be manifesting on Mac OS X 10.6 when it is not fully updated. According…
Jack Stahl
  • 133
  • 1
  • 1
  • 5
10
votes
3 answers

Stunnel won't work with SSLv3 from some hosts

WARNING: SSLv3 is obsolete. Consider disabling it altogether. I'm trying to set up Stunnel to server as SSL cache. Everything was smooth, and mostly it works as designed. Then I encountered errors in log files: SSL_accept: 1408F10B:…
Sergey
  • 928
  • 4
  • 10
  • 22
10
votes
4 answers

haproxy + stunnel + keep-alive?

I'd like to put stunnel in front of haproxy 1.4 to handle HTTPS traffic. I also need stunnel to add the X-Forwarded-For header. This can be achieved by the "stunnel-4.xx-xforwarded-for.diff" patches from the haproxy website. However, the…
Chris Lercher
  • 3,982
  • 9
  • 34
  • 41
9
votes
2 answers

Bug setting up stunnel server: `SSL3_GET_CLIENT_HELLO:wrong version number`

I'm setting up an stunnel server on Windows XP, and I get this bug when a client tries to access: 2013.02.14 00:02:16 LOG7[8848:7664]: Service [https] accepted (FD=320) from 107.20.36.147:56160 2013.02.14 00:02:16 LOG7[8848:7664]: Creating a new…
Ram Rachum
  • 5,011
  • 6
  • 33
  • 44
5
votes
1 answer

How does stunnel redirect traffic?

I am familiar with the stunnel.conf and I know how to specify which unencrypted ports it listens to and to which encrypted ports it redirects, but I would like to understand how it gets the power to "snatch" the packets from a server listening on…
Bill The Ape
  • 165
  • 6
5
votes
2 answers

Failed to start stunnel4 on Ubuntu 15.04

I get the following error starting stunnel4 service on Ubuntu 15.04: root@scw-d91ec7:~# service stunnel4 start Job for stunnel4.service failed. See "systemctl status stunnel4.service" and "journalctl -xe" for details. root@scw-d91ec7:~# systemctl…
BBJ3
  • 177
  • 1
  • 1
  • 6
5
votes
1 answer

Multiple SSL certs with Stunnel

I have purchased two PositiveSSL certs (seperately), one for manager.domain.com and another for domain.com. Originally I only needed manager.domain.com using SSL, but than I needed to use SSL on domain.com. Everything works fine with the one SSL…
Errol Fitzgerald
  • 475
  • 1
  • 7
  • 17
5
votes
3 answers

Cannot find ssl libraries when configuring stunnel

I am using RHEL 5.6 and trying to install stunnel with the 'xforwardfor' patch from haproxy to get a setup similar to this (older) post: http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-and-https/ When I run ./configure I…
Derek Downey
  • 3,765
  • 4
  • 25
  • 29
5
votes
2 answers

Unknown protocol when trying to connect to remote host with stunnel

I'm trying to set up a stunnel for WebDav on Windows. I want to connect 80 port on my local interface to 443 on another machine in my network. I can ping the machine remote machine. However when I use the tunnel, I'm getting this error all the…
RaYell
  • 171
  • 2
  • 7
4
votes
2 answers

stunnel: ssl3_get_record error when using TLS 1.2

I'm trying to use stunnel to be able to use HTTPS (port 443) on my localhost for a development web server running locally on port 8000. It starts and accepts connections, but every time I open https://localhost:443, the connection is reset…
Teekin
  • 181
  • 1
  • 1
  • 6
4
votes
1 answer

HTTP to HTTPS local proxy that can do the HTTPS connection over a proxy

Here's the deal: Our client software can only connect using http protocol, it can not do https. However, security requirements dictate end-to-end security, so we need to use https when talking to the server. Now I have been able to do this in a…
codeape
  • 455
  • 2
  • 10
  • 16
4
votes
3 answers

SSHD real-ip behind haproxy

I'm trying to setup an ssh over https connection using haproxy. I'm currently looking for a way for SSHD to get the source ip from haproxy, similar to reading X-Forwarded-For or X-Real-IP headers. client config; ~$ cat…
Thermionix
  • 907
  • 2
  • 15
  • 28
1
2 3
10 11