[stunnel-users] TLS "translation" & 2-way auth

Vincent Deschenes vdeschenes at stelvio.com
Thu Nov 9 21:19:11 CET 2017


Ho,
But that does not account for the A ->[TLS] ->B part.
I believe that my sample will listen for unencrypted connection only.


From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Vincent Deschenes
Sent: Thursday, 9 November 2017 3:16 PM
To: Igor Gatis <igorgatis at gmail.com>; stunnel-users at stunnel.org
Subject: Re: [stunnel-users] TLS "translation" & 2-way auth

You need to have a section in your config file which listen for requests but also have the “client = yes” option with a cert and key like this:

[http_a_to_c]
client = yes
accept = port_number_to_listen_on_server_b
connect = server_c_address:443
cert = certificate.crt
key = private.key


cert and key are the certificate and private key server B uses to identify itself on server C.
You could also add more options to specify a trustore to specify which cert coming from server C server B will trust, otherwise server B will simply allow the connection.

Good Luck


From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Igor Gatis
Sent: Thursday, 9 November 2017 1:14 PM
To: stunnel-users at stunnel.org<mailto:stunnel-users at stunnel.org>
Subject: [stunnel-users] TLS "translation" & 2-way auth

Consider scenario below:

Server A   ==TLS==> Server B  ==TLS+2WayAuth==> Server C

Server A needs to connect to Server C through Server B which runs Stunnel. Server C requires 2-way authentication. I have full control over Server A and Server B and Server C belongs to a third-party.

What does Stunnel config should look like?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20171109/924b3ca5/attachment-0001.html>


More information about the stunnel-users mailing list