[stunnel-users] persistent SSL connection

• Previous message (by thread): [stunnel-users] persistent SSL connection
• Next message (by thread): [stunnel-users] Using stunnel in a box having http client and http server.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pierre, Peter, Aron,

Thanks for all the responses.

I now have a better understanding of the main usecase for stunnel. In our
particular case, We need the connection multiplexing since we cannot
maintain a persistent connection to the stunnel client and we cannot afford
to create a new SSL connection for every new connection to stunnel client.

So, we will probably go with SSH tunneling.

-Dorai

PS: My emails to the mailing list get blocked by a spam blocker so you might
not see this message in the mailing list archives.

On Mon, Mar 16, 2009 at 8:27 AM, Aron Griffis <aron at hp.com> wrote:

> Dorai Ashok wrote:  [Fri Mar 13 2009, 04:28:56PM EDT]
> >I was able to setup stunnel between two hosts successfully but
> >the only problem I am facing is that, the SSL connection between
> >the two hosts is not persistent. For every connection I make to
> >the stunnel client, a new SSL connection is established by the
> >stunnel client to the stunnel server.
> >
> >Is there a configuration variable in stunnel which can make the SSL
> >connection between stunnel client and server persistent ?
>
> stunnel always builds a new SSL connection for every connection
> it accepts on the client side.  This is normally the right thing
> because the server might be an SSL application rather than
> another instance of stunnel.
>
> It would be possible for stunnel to build a persistent SSL
> connection to the server if the server is known to be another
> stunnel instance, in which case every connection accepted on the
> client side would spawn a new "exec" or "connect" on the server,
> and the connections would be multiplexed over the single SSL
> connection.  That would be a very nice feature to add to stunnel,
> but AFAIK it's not there right now.
>
> It is, however, in openssh.  This is what ssh -L port:remote:port
> does.  That is probably where you need to look if you depend on
> this feature.
>
> Regards,
> Aron
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090316/6357cf76/attachment.html>

• Previous message (by thread): [stunnel-users] persistent SSL connection
• Next message (by thread): [stunnel-users] Using stunnel in a box having http client and http server.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]