<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Times New Roman","serif";
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Times New Roman","serif";
font-weight:bold;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>here is the hp webpage…<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>http://h71000.www7.hp.com/opensource/opensource.html#stunnel<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:7.5pt;margin-right:0in;margin-bottom:15.0pt;margin-left:0in;background:#131313'><b><span style='font-size:18.0pt;font-family:"Arial","sans-serif";color:white'>Stunnel<o:p></o:p></span></b></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;background:#131313'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#B2B2B2;letter-spacing:.25pt'>Stunnel allows you to encrypt arbitrary TCP/IP connections inside an SSL (Secure Sockets Layer) connection from your OpenVMS system to another machine. Stunnel allows you to secure non-SSL aware applications (such as Telnet, IMAP, RCP, and FTP authentication) by having Stunnel provide the encryption, so you do not have to change the original application. Both images and source code are provided. For more information about Stunnel, see <a href="http://www.stunnel.org/"><span style='color:#00BFF3;text-decoration:none'>http://www.stunnel.org.</span></a><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;background:#131313'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#B2B2B2;letter-spacing:.25pt'>The Stunnel kit is a compressed, self-extracting EXE file. To expand the Stunnel source kit, enter one of the following commands:<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;background:#131313'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#B2B2B2;letter-spacing:.25pt'>$ RUN STUNNEL-4_20_AXP.EXE ! for Alpha <i>(Updated September 2007)</i><br>$ RUN STUNNEL-4_20_I64.EXE ! for Integrity servers <i>(Updated September 2007)</i><br>$ RUN STUNNEL-3_26_VAX.EXE ! for VAX<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;background:#131313'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#B2B2B2;letter-spacing:.25pt'>At the Decompress into (file specification): prompt, press return. The system expands the file and names the decompressed file STUNNEL-4_20.BCK or STUNNEL-3_26.BCK.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;background:#131313'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#B2B2B2;letter-spacing:.25pt'>See <a href="http://h71000.www7.hp.com/opensource/STUNNEL_README_AXP_I64.TXT"><span style='color:#00BFF3;text-decoration:none'>STUNNEL_README_AXP_I64.TXT</span></a> (for Alpha and Integrity servers) or<br><a href="http://h71000.www7.hp.com/opensource/STUNNEL_README_VAX.TXT"><span style='color:#00BFF3;text-decoration:none'>STUNNEL_README_VAX.TXT</span></a> (for VAX) for information about Stunnel on OpenVMS.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:20.4pt;background:#131313'><span style='font-size:9.0pt;font-family:"Arial","sans-serif";color:#B2B2B2;letter-spacing:.25pt'><a href="ftp://ftp.hp.com/pub/openvms/opensource/STUNNEL-4_20_AXP.EXE"><span style='color:#00BFF3;text-decoration:none'>Download Stunnel for Alpha ›</span></a> (September 2007)<br><a href="ftp://ftp.hp.com/pub/openvms/opensource/STUNNEL-4_20_I64.EXE"><span style='color:#00BFF3;text-decoration:none'>Download Stunnel for Integrity servers ›</span></a> (September 2007)<br><a href="ftp://ftp.hp.com/pub/openvms/opensource/STUNNEL-3_26_VAX.EXE"><span style='color:#00BFF3;text-decoration:none'>Download Stunnel for VAX ›</span></a> (November 2002)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> stunnel-users [mailto:stunnel-users-bounces@stunnel.org] <b>On Behalf Of </b>Rob Lockhart<br><b>Sent:</b> Wednesday, April 08, 2015 4:44 PM<br><b>To:</b> stunnel-users@stunnel.org<br><b>Subject:</b> Re: [stunnel-users] openvms and stunnel<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> stunnel-users [<a href="mailto:stunnel-users-bounces@stunnel.org" target="_blank">mailto:stunnel-users-bounces@stunnel.org</a>] <b>On Behalf Of </b>Rob Lockhart</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Sent:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Wednesday, April 08, 2015 4:28 PM<br><b>To:</b> <a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br><b>Subject:</b> Re: [stunnel-users] openvms and stunnel</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Wed, Apr 8, 2015 at 4:10 PM, Coviello, Paul <<a href="mailto:pcoviello@ccsusa.com" target="_blank">pcoviello@ccsusa.com</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Ok thanks here is the 1st version of the file...<br><br>All I want to do is create a telnet session from a windows terminal emulator to my VMS server.<br><br>also someone thinks that this version may not play well with SSL 1.4 that I have on VMS as mentioned this is 4.20<br><br>Can anyone confirm this ?<br><br>Thanks<br>Paul<br><br>STUNNEL_SERVER.CONF;1<br>; Sample stunnel configuration file by Michal Trojnara 2002-2006<br>; Some options used here may not be adequate for your particular configuration<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>It's been more than 20 years since I used HP VMS (VAX), but can you do something like this:<br>stunnel /version<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>or if that doesn't work:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>stunnel version<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>or<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>stunnel -version<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>see the output and verify what you have. For my Cygwin x64 environment, it says this (stock configuration):<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>$ stunnel -version<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>stunnel 5.09 on x86_64-unknown-cygwin platform<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Compiled/running with OpenSSL 1.0.1k 8 Jan 2015<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Global options:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>debug = daemon.notice<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>RNDbytes = 64<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>RNDfile = /dev/urandom<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>RNDoverwrite = yes<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Service-level options:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>curve = prime256v1<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>options = NO_SSLv2<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>options = NO_SSLv3<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>sessionCacheSize = 1000<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>sessionCacheTimeout = 300 seconds<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>stack = 65536 bytes<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TIMEOUTbusy = 300 seconds<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TIMEOUTclose = 60 seconds<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TIMEOUTconnect = 10 seconds<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>TIMEOUTidle = 43200 seconds<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>verify = none<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>What I would do is to dumb this down and first see if you can get a stunnel client/server communication on the same box (using localhost or 127.0.0.1). I would use iperf to just send dummy data (iperf client and iperf server). Once that works, then move it up to using your network. If you need some example config files, I can provide that. What I did is to use iperf client connect to port 5000, then stunnel client listening on port 5000 and connect to port 6000, then stunnel server listening on port 6000 and connect to port 7000, and iperf server listening on port 7000. Since they're non-privileged ports, you don't need admin access.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Are you using certificates? I think you need to generate the stunnel.pem file, and I did it (using cygwin/MinGW/Linux) using these commands below. Information stolen/modified from here: <a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu</a><o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Create a self-signed key as follows:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>In MinGW:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>cd /c/STUNNEL5<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>openssl genrsa -out key.pem 2048<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>openssl req -new -x509 -key key.pem -out cert.pem -days 1095<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>now put in the info pertinent to your organization.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>then run this command:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>cat key.pem cert.pem >> stunnel.pem<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I don't know if you can do that with VMS, some parameters may have to be tweaked and changed to forward-slashes (as typical in VMS). I also saw the logging statement commented out, have you tried uncommenting those two lines (logging verbosity and log file)?<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Regards,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> -Rob<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><o:p> </o:p></p></div></div></div></div></div></div></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>On Wed, Apr 8, 2015 at 4:36 PM, Coviello, Paul <<a href="mailto:pcoviello@ccsusa.com" target="_blank">pcoviello@ccsusa.com</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>No stunnel command is available…</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>This is the doc I followed/following and currently on step 3</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://h71000.www7.hp.com/opensource/stunnel_readme_axp_i64.txt" target="_blank">http://h71000.www7.hp.com/opensource/stunnel_readme_axp_i64.txt</a></span><o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>That looks to be for Stunnel 3, which is no longer maintained. Please see this message on the main website:<o:p></o:p></p></div></div><div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:black'>The obsolete 3.x branch is no longer maintained. Use </span><a href="https://www.stunnel.org/downloads/stunnel3"><span style='font-family:"Arial","sans-serif"'>stunnel3</span></a><span style='font-family:"Arial","sans-serif";color:black'> perl script as a drop-in replacement for backward compatibility.</span><o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a href="https://www.stunnel.org/downloads/stunnel3">https://www.stunnel.org/downloads/stunnel3</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:black'>If you have perl installed in VMS, you should be able to use that perl script to emulate stunnel 4. I don't know if Stunnel 3 and Stunnel 4 are interoperable, perhaps not?</span><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></div></body></html>