[stunnel-users] openvms and stunnel

Rob Lockhart rlockhar at gmail.com
Wed Apr 8 22:44:11 CEST 2015 

>
> *From:* stunnel-users [mailto:stunnel-users-bounces at stunnel.org
> <stunnel-users-bounces at stunnel.org>] *On Behalf Of *Rob Lockhart
>
> *Sent:* Wednesday, April 08, 2015 4:28 PM
> *To:* stunnel-users at stunnel.org
> *Subject:* Re: [stunnel-users] openvms and stunnel
>
>
>
> On Wed, Apr 8, 2015 at 4:10 PM, Coviello, Paul <pcoviello at ccsusa.com>
> wrote:
>
> Ok thanks here is the 1st version of the file...
>
> All I want to do is create a telnet session from a windows terminal
> emulator to my VMS server.
>
> also someone thinks that this version may not play well with SSL 1.4 that
> I have on VMS  as mentioned this is 4.20
>
> Can anyone confirm this ?
>
> Thanks
> Paul
>
> STUNNEL_SERVER.CONF;1
> ; Sample stunnel configuration file by Michal Trojnara 2002-2006
> ; Some options used here may not be adequate for your particular
> configuration
>
>
>
> It's been more than 20 years since I used HP VMS (VAX), but can you do
> something like this:
> stunnel /version
>
> or if that doesn't work:
>
> stunnel version
>
> or
>
> stunnel -version
>
> see the output and verify what you have. For my Cygwin x64 environment, it
> says this (stock configuration):
>
>
>
> $ stunnel -version
>
> stunnel 5.09 on x86_64-unknown-cygwin platform
>
> Compiled/running with OpenSSL 1.0.1k 8 Jan 2015
>
> Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
>
>
>
> Global options:
>
> debug                  = daemon.notice
>
> RNDbytes               = 64
>
> RNDfile                = /dev/urandom
>
> RNDoverwrite           = yes
>
>
>
> Service-level options:
>
> ciphers                = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2
>
> curve                  = prime256v1
>
> options                = NO_SSLv2
>
> options                = NO_SSLv3
>
> sessionCacheSize       = 1000
>
> sessionCacheTimeout    = 300 seconds
>
> stack                  = 65536 bytes
>
> TIMEOUTbusy            = 300 seconds
>
> TIMEOUTclose           = 60 seconds
>
> TIMEOUTconnect         = 10 seconds
>
> TIMEOUTidle            = 43200 seconds
>
> verify                 = none
>
>
>
>
>
> What I would do is to dumb this down and first see if you can get a
> stunnel client/server communication on the same box (using localhost or
> 127.0.0.1). I would use iperf to just send dummy data (iperf client and
> iperf server). Once that works, then move it up to using your network. If
> you need some example config files, I can provide that. What I did is to
> use iperf client connect to port 5000, then stunnel client listening on
> port 5000 and connect to port 6000, then stunnel server listening on port
> 6000 and connect to port 7000, and iperf server listening on port 7000.
> Since they're non-privileged ports, you don't need admin access.
>
>
>
> Are you using certificates? I think you need to generate the stunnel.pem
> file, and I did it (using cygwin/MinGW/Linux) using these commands below.
> Information stolen/modified from here:
> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu
>
>
>
> Create a self-signed key as follows:
>
> In MinGW:
>
> cd /c/STUNNEL5
>
> openssl genrsa -out key.pem 2048
>
> openssl req -new -x509 -key key.pem -out cert.pem -days 1095
>
>
>
> now put in the info pertinent to your organization.
>
>
>
> then run this command:
>
> cat key.pem cert.pem >> stunnel.pem
>
>
>
> I don't know if you can do that with VMS, some parameters may have to be
> tweaked and changed to forward-slashes (as typical in VMS). I also saw the
> logging statement commented out, have you tried uncommenting those two
> lines (logging verbosity and log file)?
>
>
>
> Regards,
>
>   -Rob
>
>
>
On Wed, Apr 8, 2015 at 4:36 PM, Coviello, Paul <pcoviello at ccsusa.com> wrote:

>
>
> No stunnel command is available...
>
>
>
> This is the doc I followed/following and currently on step 3
>
>
>
> http://h71000.www7.hp.com/opensource/stunnel_readme_axp_i64.txt
>
>
That looks to be for Stunnel 3, which is no longer maintained. Please see
this message on the main website:

The obsolete 3.x branch is no longer maintained. Use stunnel3
<https://www.stunnel.org/downloads/stunnel3> perl script as a drop-in
replacement for backward compatibility.

https://www.stunnel.org/downloads/stunnel3

If you have perl installed in VMS, you should be able to use that perl
script to emulate stunnel 4. I don't know if Stunnel 3 and Stunnel 4 are
interoperable, perhaps not?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150408/01902c1a/attachment.html>

More information about the stunnel-users mailing list