April 2021 - stunnel-users

older browsers, stunnel and privoxy
by kovacs janos 04 Mar '24

04 Mar '24

sorry to bother, im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 sites. i heard stunnel cant be configured to always forward to the current site address dynamically, thats why i would use privoxy. the browser is configured to send to: 127.0.0.1 443 stunnel config has this at the end: [Tunnel_in] client = yes accept = 127.0.0.1:443 connect = 127.0.0.1:8118 verifyChain = yes CAfile = ca-certs.pem checkHost = localhost 127.0.0.1:8118 is the privoxy address. this is what stunnel writes: LOG5[main]: Configuration successful LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261 LOG5[0]: s_connect: connected 127.0.0.1:8118 LOG5[0]: Service [Tunnel_in] connected remote server from 127.0.0.1:3262 and the browser infinitely loads, and never loads anything or leaves the page. if i remove the last 3 lines, its the same just with this line added: LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM attacks but it doesnt give an error or anything. with a configuration like: [Tunnel_out] client = no accept = 127.0.0.1:443 connect = 127.0.0.1:8118 cert = stunnel.pem this is what it gives: LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294 LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket and browser gives a server not found error immediately. im not even sure if i should use client or server configuration in a case like this, but none of them works anyway. all i would need is for my browser to get the pages decrypted, or at least in less than TLS1.1. like how on newipnow.com i can access sites with any encryption, since they are sent to the browser without encryption. the browser just gives an "unencrypted tunnel" warning, which is how i found stunnel, and which is exactly what i need, just locally.

8 41

TPM based mutual tls authentication
by Nyiri, Gabor (Nokia - HU/Budapest) 07 Nov '23

07 Nov '23

Hi, Can you help me how to configure stunnel client to use TPM for mutual TLS authentication? I want to connect with mTLS to a remote server then make this connection available for localhost without mTLS. Thanks for your help in advance! Here is my configuration so far without TPM: debug = debug output = /tmp/stunnel.log foreground = yes [mtls_client] client = yes accept = 127.0.0.1:12019 sni = server-with-mtls.example.com checkHost = server-with-mtls.example.com connect = 1.2.3.4:443 verifyChain = yes CApath = /etc/ssl/certs/ cert = client.crt key = client.key Thanks & br, Gábor Nyíri,

2 1

Stunnel static compile with open ssl error while running make command
by snainwar＠rediffmail.com 30 Apr '21

30 Apr '21

I am running RHEL release v 7.9 and have successfully compiled OpenSSL version 1.1.1k using the following configuration: ##> ./config --prefix=/usr/src/openssl-1.1.1 --openssldir=/etc/openssl The following paths are shown when I run command whereis openssl # whereis openssl openssl: /usr/lib64/openssl /usr/local/bin/openssl /usr/include/openssl /opt/openssl/bin/openssl /usr/src/openssl-1.1.1k/openssl.pc ]# I have download and prepared Stunnel version 5.59 from https://www.stunnel.org/ I am using the following configuration: ##> ./configure --with-ssl=/opt/openssl --enable-static When I compile Stunnel I get the following error message when we run Make install make[2]: Nothing to be done for `install-exec-am'. /bin/mkdir -p '/usr/local/share/doc/stunnel' /bin/install -c -m 644 README.md TODO.md COPYING.md AUTHORS.md NEWS.md PORTS.md BUGS.md COPYRIGHT.md CREDITS.md INSTALL.W32.md INSTALL.WCE.md INSTALL.FIPS.md '/usr/local/share/doc/stunnel' make install-data-hook make[3]: Entering directory `/usr/src/stunnel-5.59' ********************************************************* * Type 'make cert' to also install a sample certificate * ********************************************************* make[3]: Leaving directory `/usr/src/stunnel-5.59' make[2]: Leaving directory `/usr/src/stunnel-5.59' make[1]: Leaving directory `/usr/src/stunnel-5.59' [root@tvdcltmp001 stunnel-5.59]# Looks like Stunnel cannot link (probably because it can’t find the library) Does anyone know what the error might be? What changes do I need to make to configure for compilation.

1 0

5.59 on win64
by Joe Phillips 29 Apr '21

29 Apr '21

I'm running win64 version 5.59. Installed service and it is started and running (set to automatic). But when I try to open the stunnel allUsers I get the error : stunnel server is down sue to an error, you need to exit and correct the problem. Click ok to see the error log. Shouldn't I be able to open the log window if the service is running? Also when the service is running there is no stunnel icon in the system tray. Please advise. Thanks [cid:[email protected]]

1 0

Load Balancing
by Ramin Malekgahsemi 28 Apr '21

28 Apr '21

Hi Dear friend If have one stunnel client and have three Stunnel server My question IS How by RR user three server For client ? Forward and handle connection on three server (Client and access Port is once) thanks

1 0

Stunnel static compile error while running Make command
by snainwar＠rediffmail.com 28 Apr '21

28 Apr '21

We are trying to static compile stunnel 5.59 with open ssl 1.1.1 on RHEl 6 and RHEL7 we are getting below error running command Make on the server /stunnel-5.59/src/cron.c:239: undefined reference to `BN_GENCB_new' /stunnel-5.59/src/cron.c:244: undefined reference to `BN_GENCB_set' stunnel-cron.o: In function `cron_dh_param': /stunnel-5.59/src/cron.c:219: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/cron.c:222: undefined reference to `CRYPTO_THREAD_unlock' /stunnel-5.59/src/cron.c:225: undefined reference to `CRYPTO_THREAD_read_lock' /stunnel-5.59/src/cron.c:229: undefined reference to `CRYPTO_THREAD_unlock' stunnel-cron.o: In function `cron_init': /stunnel-5.59/src/cron.c:78: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/cron.c:81: undefined reference to `CRYPTO_THREAD_unlock' stunnel-stunnel.o: In function `main_cleanup': /stunnel-5.59/src/stunnel.c:249: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/stunnel.c:263: undefined reference to `CRYPTO_THREAD_unlock' stunnel-stunnel.o: In function `process_connections': /stunnel-5.59/src/stunnel.c:889: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/stunnel.c:898: undefined reference to `CRYPTO_THREAD_unlock' stunnel-stunnel.o: In function `stunnel_info': /stunnel-5.59/src/stunnel.c:1034: undefined reference to `OpenSSL_version' /stunnel-5.59/src/stunnel.c:1036: undefined reference to `OpenSSL_version' /stunnel-5.59/src/stunnel.c:1041: undefined reference to `OpenSSL_version_num' collect2: error: ld returned 1 exit status make[2]: *** [stunnel] Error 1 make[2]: Leaving directory `/stunnel-5.59/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/stunnel-5.59/src' make: *** [all-recursive] Error 1 [root@tvdcltmp001 stunnel-5.59]#

1 0

Stunnel static compile error while running Make command
by snainwar＠rediffmail.com 28 Apr '21

28 Apr '21

We are trying to static compile stunnel 5.59 with open ssl 1.1.1 on RHEl 6 and RHEL7 we are getting below error running command Make on the server /stunnel-5.59/src/cron.c:239: undefined reference to `BN_GENCB_new' /stunnel-5.59/src/cron.c:244: undefined reference to `BN_GENCB_set' stunnel-cron.o: In function `cron_dh_param': /stunnel-5.59/src/cron.c:219: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/cron.c:222: undefined reference to `CRYPTO_THREAD_unlock' /stunnel-5.59/src/cron.c:225: undefined reference to `CRYPTO_THREAD_read_lock' /stunnel-5.59/src/cron.c:229: undefined reference to `CRYPTO_THREAD_unlock' stunnel-cron.o: In function `cron_init': /stunnel-5.59/src/cron.c:78: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/cron.c:81: undefined reference to `CRYPTO_THREAD_unlock' stunnel-stunnel.o: In function `main_cleanup': /stunnel-5.59/src/stunnel.c:249: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/stunnel.c:263: undefined reference to `CRYPTO_THREAD_unlock' stunnel-stunnel.o: In function `process_connections': /stunnel-5.59/src/stunnel.c:889: undefined reference to `CRYPTO_THREAD_write_lock' /stunnel-5.59/src/stunnel.c:898: undefined reference to `CRYPTO_THREAD_unlock' stunnel-stunnel.o: In function `stunnel_info': /stunnel-5.59/src/stunnel.c:1034: undefined reference to `OpenSSL_version' /stunnel-5.59/src/stunnel.c:1036: undefined reference to `OpenSSL_version' /stunnel-5.59/src/stunnel.c:1041: undefined reference to `OpenSSL_version_num' collect2: error: ld returned 1 exit status make[2]: *** [stunnel] Error 1 make[2]: Leaving directory `/stunnel-5.59/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/stunnel-5.59/src' make: *** [all-recursive] Error 1 [root@tvdcltmp001 stunnel-5.59]#

1 0

Unable to reload Stunnel in Linux
by gorf＠hyperfunk.club 27 Apr '21

27 Apr '21

Hi, Normally, I would call "kill -HUP" with Stunnel's process ID to make it reload the configuration in Linux. I was very surprised when I tried that and the process stopped. Why would HUP cause it to exit, rather than reload the config? It doesn't do that on every machine. Thanks.

2 4

Questions about two host connection using stunnel
by yfmao＠seas.upenn.edu 24 Apr '21

24 Apr '21

I am using stunnel4 to build a secure connection between two ubuntu hosts. One of the hosts (sender) will send "hello world" to another host (receiver). When I am using tcpdump in receiver to capture the packets sending from sender, I find out that one of the packets contains "hello world" in plaintext. From my understanding, stunnel will encrypt the content of "hello world" if everything is correct, so I shouldn't be able to see "hello world" in plaintext among any incoming packets. Any ideas about what is going wrong here? Here I will put my stunnel.config for your reference: cert = /home/ubuntu/client_server/stunnel.pem key = /home/ubuntu/client_server/stunnel.key debug = 7 output = /home/ubuntu/client_server/stunnel.log socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 options = ALL [services] accept = 6667 connect = some_ip_address:6666 TIMEOUTclose = 0

4 6

Paid work
by David Rose (dsr) 24 Apr '21

24 Apr '21

I need an Stunnel config that will allow my Windows app that only can send SMTP without any authentication or encryption to be able to send email via Gmail or Office 365. Is this something that someone would be able to write for me and if so, what would you charge ? Thanks David --

3 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users April 2021