Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [stunnel]

Stunnel is a small tool that can wrap the connection of other protocols with SSL/TLS.

Stunnel is a free software based on OpenSSL providing a SSL/TLS encryption wrapper between remote clients and a local or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library.

For more information, see the homepage of the project at stunnel.org.

152 questions
1
vote
1 answer

HAProxy-Apache encrypt connection

I have haproxy_server and apache_server in different datacenters, what is the best way to have encrypt connection between them? It’s working with the certbotand with the following configuration: frontend http_front bind…
pata2004
  • 11
  • 3
1
vote
0 answers

stunnel create systemd service files ?

I need to use stunnel to encrypt a service that by itself does not support any type of encryption. stunnel needs to run on the frontend and on the backend server. Because stunnel does not come with a systemd service file I'm looking for ways how to…
postFix
  • 41
  • 7
1
vote
0 answers

How to put Stunnel behind a Nginx reverse proxy to mask OpenVPN?

I have setup Nginx as a reverse proxy listening to the 443 port for several blogs. I'd like to have Nginx pass a specific sub-domain to Stunnel to have a less-detectable VPN as shown below. Is it possible to make Nginx redirect a sub-domain,…
Maxithi
  • 111
  • 1
  • 3
1
vote
1 answer

stunnel - certificate verification

I have stunnel to provide SSL for Redis. I have the following configuration: [redis] CAfile= /etc/stunnel/ca.crt accept = 636 cert = /etc/stunnel/server1.crt connect = localhost:6379 key = /etc/stunnel/server1.key verify = 2 I generate all of the…
Rahul
  • 119
  • 1
  • 2
1
vote
1 answer

Stunnel agent emitting file not found error

I have an Stunnel 4.29 on Red Hat Linux 6.8 that will not start and emits a 'No such file or directory' error: # /usr/bin/stunnel /etc/stunnel/agent/dynatrace-agent.conf 2017.05.03 19:04:26 LOG7[3880:140667243153344]: Snagged 64 random bytes from…
Alex Harvey
  • 231
  • 1
  • 2
  • 10
1
vote
0 answers

Hosting SSL tunneled OpenVPN and HTTPS on the same server at the same 443 port

Is there a way to host a SSL-tunneled (using stunnel) OpenVPN server and a regular Apache HTTPS server on the same server using HAProxy? It seems that by using stunnel, the format of the packets should all the way be the same. Is there any ways to…
Nguyen H Chan
  • 31
  • 7
1
vote
0 answers

Stunnel on ubuntu fails to listen on the port

I have installed stunnel4 on my 16.04 ubuntu and I have not been able to get any result out of the specific ports I have set it on via netstat -tulnp | grep 4444 here is my service status : stunnel4.service - LSB: Start or stop stunnel 4.x (SSL…
Hypothesis
  • 143
  • 1
  • 5
1
vote
0 answers

stunnel does not handle SNI correctly

I am trying to get stunnel-4.53-1.1 in Debian Wheezy running. The important parts of my configuration (/etc/stunnel/stunnel.conf) look like that: [https] cert = /etc/ssl/certs/mydomain.pem key = /etc/ssl/private/mydomain.key accept = 443 connect =…
Matthias
  • 11
  • 2
1
vote
0 answers

Syslog-ng and Stunnel between two hosts (Connection refused)

I'd like to setup syslog-ng over stunnel between a host on my LAN and a host in my DMZ but can't quite figure out the configuration. The stunnel config seems to be correct. If I shutdown syslog on both machines, I can run nc -l 5140 on the dmzhost…
Server Fault
  • 3,454
  • 7
  • 48
  • 88
1
vote
1 answer

stunnel4: Disable Secure Client-Initiated Renegotiation

How is it possible to disable Secure Client-Initiated Renegotiation in stunnel4? I'm using version stunnel 4.53-1.1ubuntu1 on Ubuntu 14.04 Trusty with OpenSSL 1.0.1f and stunnel 4.53-1.1 on Debian Wheezy with OpenSSL 1.0.1e. The stunnel docs lists…
sebix
  • 4,175
  • 2
  • 25
  • 45
1
vote
1 answer

Stunnel as Windows service doesn't "start" on reboot

Running stunnel 5.03 on Windows 2008 R2. Everything is installed and working fine. I can even start/stop the service no problem... When I reboot my server stunnel service shows as started but nothing gets logged and none of my connections work. Once…
user432024
  • 273
  • 3
  • 14
1
vote
1 answer

Does stunnel prevent non ssl traffic to "the" specified port?

So say I have an arbitrary tcp port 12345 and it's non ssl and I want to put stunnel to secure traffic to it. When stunnel is in front of it does it mean that this port is now tls/ssl only? Or can you still connect to it unencrypted? Basically I…
user432024
  • 273
  • 3
  • 14
1
vote
0 answers

Can stunnel be used to round robin tcp connections without SSL?

Today, I'm already using stunnel to provide SSL termination to a set of TCP services where the connections are round-robin'ed, this is done, for example, like follows: [myserv] accept = 443 connect = 9274 connect = 9275 connect = 9276 connect =…
Christian
  • 131
  • 3
1
vote
2 answers

DER encoded hash

according to the manpage of stunnel4 the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the cert (the first 4 bytes of the MD5 hash in least significant byte order). How can…
exeral
  • 1,609
  • 9
  • 19
1
vote
1 answer

How to best encrypt http traffic between frontent (VPS/AWS) and remote backend?

I have a couple of frontend servers running on AWS (running pound for SSL termination and Varnish for caching). My backend is at a remote location (not on AWS). I am looking for the best/fastest way to securely connect AWS with my backend. I assume…
hulunkilm
  • 11
  • 1
1 2 3
10 11