[stunnel-users] TLS "translation" & 2-way auth

• Previous message (by thread): [stunnel-users] TLS "translation" & 2-way auth
• Next message (by thread): [stunnel-users] TLS "translation" & 2-way auth
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yep, that's exactly what I'm seeking for help here.

If we can abstract the 2-way bit for a second, I'd call this a "certificate
transcription" TLS tunnel.

On Thu, Nov 9, 2017 at 5:19 PM, Vincent Deschenes <vdeschenes at stelvio.com>
wrote:

> Ho,
>
> But that does not account for the A ->[TLS] ->B part.
>
> I believe that my sample will listen for unencrypted connection only.
>
>
>
>
>
> *From:* stunnel-users [mailto:stunnel-users-bounces at stunnel.org] *On
> Behalf Of *Vincent Deschenes
> *Sent:* Thursday, 9 November 2017 3:16 PM
> *To:* Igor Gatis <igorgatis at gmail.com>; stunnel-users at stunnel.org
> *Subject:* Re: [stunnel-users] TLS "translation" & 2-way auth
>
>
>
> You need to have a section in your config file which listen for requests
> but also have the “client = yes” option with a cert and key like this:
>
>
>
> [http_a_to_c]
>
> client = yes
>
> accept = port_number_to_listen_on_server_b
>
> connect = server_c_address:443
>
> cert = certificate.crt
>
> key = private.key
>
>
>
>
>
> cert and key are the certificate and private key server B uses to identify
> itself on server C.
>
> You could also add more options to specify a trustore to specify which
> cert coming from server C server B will trust, otherwise server B will
> simply allow the connection.
>
>
>
> Good Luck
>
>
>
>
>
> *From:* stunnel-users [mailto:stunnel-users-bounces at stunnel.org
> <stunnel-users-bounces at stunnel.org>] *On Behalf Of *Igor Gatis
> *Sent:* Thursday, 9 November 2017 1:14 PM
> *To:* stunnel-users at stunnel.org
> *Subject:* [stunnel-users] TLS "translation" & 2-way auth
>
>
>
> Consider scenario below:
>
>
>
> Server A   ==TLS==> Server B  ==TLS+2WayAuth==> Server C
>
>
>
> Server A needs to connect to Server C through Server B which runs Stunnel.
> Server C requires 2-way authentication. I have full control over Server A
> and Server B and Server C belongs to a third-party.
>
>
>
> What does Stunnel config should look like?
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20171113/ec34aa46/attachment.html>

• Previous message (by thread): [stunnel-users] TLS "translation" & 2-way auth
• Next message (by thread): [stunnel-users] TLS "translation" & 2-way auth
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]