Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [stunnel]

Stunnel is a small tool that can wrap the connection of other protocols with SSL/TLS.

Stunnel is a free software based on OpenSSL providing a SSL/TLS encryption wrapper between remote clients and a local or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library.

For more information, see the homepage of the project at stunnel.org.

152 questions
3
votes
2 answers

stunnel version 4.53 says SSL server needs a certificate on Windows 7

I have been using stunnel previous versions just fine. It didn't apparently have the feature of a certificate in SSL server mode. That's alright but not necessary for us as we're simply running a localhost server to tunnel to the remote…
Wayne
  • 428
  • 4
  • 7
  • 15
3
votes
4 answers

Pound + HAProxy or Stunnel + HAProxy

I'm looking at introducing a loadbalancer to my existing site infrastructure to help with traffic growth and provide a level of failure protection. The site I am running uses SSL certificates for the login section and I will need to continue with…
user1075894
  • 55
  • 1
  • 5
3
votes
1 answer

HAProxy and Stunnel PCI Compliance

I am setting up HAProxy to load balance between two web servers. Some of the pages on the site require SSL. Stunnel is handling the https connections and passing them off to haproxy (Stunnel contains the cert). HAProxy will hand off requests to…
agabel
  • 33
  • 6
3
votes
1 answer

stunnel: SSL-to-SSL? (for smtp/imap)

How can I configure stunnel to accpet SSL connections, and connect then to an SSL port on a different server? Here is my setup: Our ISP's server, "Mail Server", supports smtp/imap over SSL. (Not starttls. Just over ssl.) But, I have a bunch of…
nonot1
  • 1,069
  • 1
  • 12
  • 16
3
votes
2 answers

Stunnel too many clients

I'm trying to hook up stunnel and haproxy to forward https connections through to some backend servers. I've got haproxy setup right, and I seem to have stunnel set up right. Trouble is that when I hit the setup with a load test after a while I…
davidsmalley
  • 457
  • 1
  • 6
  • 14
2
votes
1 answer

Unable to create seemingly simple stunnel configuration

I have a computer at work that is behind a firewall with an internal ip address of 192.168.12.13... the firewall maps ports 40000 - 40019 to matching ports on this local machine. (e.g. 40000 - 40000, 40001 - 40001, etc...) And, let's define the…
Brian Rice
  • 23
  • 7
2
votes
1 answer

Will ssh tunnelling be a simpler way to solve my link encryption issue rather than stunnel?

We have an encryption issue from a vendors mid-tier to an Oracle database. We can use encrypted database connections and have done for 90% of cases. Our security team has advised us that since this connection goes over a link, everything needs to…
Hawkeye
  • 2,669
  • 9
  • 30
  • 34
2
votes
1 answer

Redis Cluster over stunnel configuration

I'm trying to set up a 3 node Redis Cluster that communicates over stunnel. Redis listens on port 6379 (configurable) for client pub/sub and on the configured port+10000 (not configurable - it becomes 16379 in this case) for cluster communication. I…
user2871503
  • 21
  • 4
2
votes
1 answer

stunnel won't verify client certificate as expected

I'm trying to set up stunnel to provide a TLS wrapper to an HTTP service that doesn't natively support TLS. I have this working well without using TLS client certificates. When adding the client certificate configuration: CAfile =…
Christopher Schultz
  • 1,056
  • 1
  • 11
  • 20
2
votes
1 answer

Stunnel "wrong version number" error with TLS-PSK

I've got Stunnel running on a Raspberry Pi which is acting as a TLS wrapper for an apache2 server. I've configured it to use TLS-PSK (correctly, I think), but the logs show the following when I try to complete the TLS handshake: 2016.04.11 21:05:53…
Alex Hunter
  • 21
  • 1
  • 3
2
votes
1 answer

Stunnel TLS authentication with multiple Authorities

I am trying to secure a rethinkdb cluster behind stunnel. The service needs to support multiple Certificate Authorities (CA). Currently I concat the accepted CAs into one file (/certs/ca.pem) but it seems stunnel will only accept connections that…
zbyte
  • 121
  • 1
  • 5
2
votes
0 answers

iptables configuations for stunnel+squid

I'm building a highly anonymous proxy server with squid and stunnel, and I'm facing a configurations problem on iptables. The server should act like this: browser <-> client stunnel <=> server stunnel <-> server squid <=> site Wheres - means local…
Hartman
  • 141
  • 1
  • 7
2
votes
3 answers

Stunnel: ssl to ssl

I have a little service which listen only on https://localhost:41952 and checks source hostname (it must be localhost). I want to connect on "listen:1988" and redirect requests with stunnel to "localhost:41952" https://192.168.1.10:1988 -> redirect…
user66638
  • 377
  • 2
  • 6
  • 21
2
votes
2 answers

SSH over HTTPS through haproxy

I'm trying to setup an ssh over https connection using haproxy. I haven't found any working examples, so any help would be appreciated! client config; ~$ cat…
Thermionix
  • 907
  • 2
  • 15
  • 28
2
votes
1 answer

What does this notice mean "SNI: extension not received from the client", in stunnel log

I am working on multiple domain certificates using stunnel. I have two domains test.int and test1.int and given multiple certificates to each domain and one default certificate. I used sni option of stunnel to provide multiple domain certificates.…
Kaustubh Khare
  • 153
  • 1
  • 9
1 2
3
10 11