stunnel-users

3306 discussions

Upcoming stunnel 5.27 release
by Michal Trojnara 01 Dec '15

01 Dec '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Guys, stunnel 5.27 will be made available on 3rd December. Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWXHz/AAoJEC78f/DUFuAUcxAQAK5PrsoU4i0n25IYfFnuGWm/ R9Y4BJKO6/4+VHjRN9Yi4gJb0t7QpVxYQH9RuQAYVWp5RYeYqnxyb55m5iZ5IYBl V5ke5+DjTtPpMuTDShLz9BkL01lyrw8c+mwLy1IZM4nUgAQHyWp4lgcKgKukoY6N DYxloE5GmWW3ylGLAJUFlcVZmNayo8pmmVeWLbhsCRt0OyFJbrS8XUcVviZVcxAD q3Lly63NFC0Nsl+5MGmKxO8sRCu3UW0WkT4P5MbJr2f5b9AuTlrBmBNZ/fmyPAV9 5/LvAc5vdh9DwJEgGF3yvFqdFghR8TNuGNqBJaDn5pk+6rmc0qNeQkFFsq0CRX34 jSwNCl0A0SuXp4YGPTOFK9rp8bKjxq5VDUAGa6OyEhd92H2pSLxDA/aJqlY6f1vs MZQb6az60lrUq1JNnoYeUfO9AFMCFpqyFV4kqmfUOlnJox99JbZ5/U38CeaO9n8P tIz7jgijYRDK6itaCuf1QaWJxCU5S7yCUL1dtyi2nTDTvrG8WmTr93SniyGXScix fXIIb4Aa7mg3/p9J9TFONzxw0CySj/32ZBIgiLAWcAaa1Gnuy3+ARSAu1U6t9to8 Unnzppd1B7qn0qk1QANtktz4JAu63FUg7RSPHFt8+nLcABtslkjHdcVvzGl3F02k zjYq9bMufBOqlCDctGQO =rtq3 -----END PGP SIGNATURE-----

2 1

Failover behavior with stunnel
by Thireus 30 Nov '15

30 Nov '15

Hi, I have a couple of questions regarding failover with stunnel: 1. I would like to know if there is a way to use failover with two servers with two different set of TLS cert/key. The following rule doesn't work, because the cert and key parameters are overwritten, but it shows what I would like to achieve: [failover] accept = 127.0.0.1:4441 <http://127.0.0.1:4441/> cert = cert_1.cert key = key_1.pem connect = server-1:1234 cert = cert_2.cert key = key_2.pem connect = server-2:1234 2. On the same topic, I would like to know if there is an option that could open the local port (accept) only when the connection (connect) is established? The problem I'm facing is that I use a PAC profile with failover on several stunnel entries: "return PROXY 127.0.0.1:4441 <http://127.0.0.1:4441/>; PROXY 127.0.0.1:4442 <http://127.0.0.1:4442/>; PROXY 127.0.0.1:4443 <http://127.0.0.1:4443/>;". However, when one of the remote server is down (i.e. server-1), it is not easily detected by web-browsers (Chrome does not seem to detect it well), and so instead of switching to the next PROXY, it simply dies on the first one. If the port 4441 relative to server-1 (which is unavailable) was closed, then the webrowser could easily detect it and switch to the second server with port 4442. 3. Is there another way to tweak stunnel behavior when a remote server is down? I'm thinking about a couple of things, like being able to switch to a different rule set: [failover1] accept = 127.0.0.1:4441 <http://127.0.0.1:4441/> cert = cert_1.cert key = key_1.pem connect = server-1:1234 connect = 127.0.0.1:4442 <http://127.0.0.1:4442/> ; This is failover2 [failover2] accept = 127.0.0.1:4442 <http://127.0.0.1:4442/> cert = cert_2.cert key = key_2.pem connect = server-2:1234 Or maybe there are some options that I'm not aware of to timeout connections more efficiently: so that Chrome (or other clients using HTTP proxies) will immediately know that stunnel cannot connect to the remote server and so that the proxy is down. Thank you for your help. Cheers, Thireus.

2 3

Where is stunnel.exe ?
by Manu Egen 25 Nov '15

25 Nov '15

Hello, Can you tell me from which stunnel version, the "bin" folder and the "config" folder appeared ? The change is between the version 4.53 and 5.26, but which one ? Thanks a lot for the answer Best regards, Manu

1 0

syslog communication using TLS with the help of stunnel
by Girish Kumar 24 Nov '15

24 Nov '15

Dear All, Currently we are using syslog communication without any security. That is using UDP protocol with the server listening on port number 514. This is unsecure. I want to use syslog over TLS that is over TCP . As of now in my project syslogd daemon is used. I am planning to use stunnel to achieve this. I have few questions. Please clarify * To support stunnel, syslogd should be on TCP and not on UDP? * Is stunnel is a daemon ? * My understanding is syslogd forwards messages to the stunnel local portal at port 61514. The local stunnel forwards data via the network to port 60514 to its remote peer. * I assume stunnel-5.26(stunnel-5.26.tar.gz) is the latest version and this can be used on linux Regards, Girish

2 1

A trivial patch for two minor typos in 5.26
by Peter Pentchev 19 Nov '15

19 Nov '15

Hi, Once again, thanks a lot for taking care of stunnel! Attached is a trivial patch for two minor typo fixes. Thanks in advance for looking over it :) G'luck, Peter -- Peter Pentchev roam(a)ringlet.net roam(a)FreeBSD.org pp(a)storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

1 0

OCSP stapling
by Joó Ádám 17 Nov '15

17 Nov '15

Hi, The website and the documentation does not indicate and a Google search does not give any relevant results, so I would like to ask if Stunnel supports OCSP stapling? Thank you, Ádám

2 1

STunnel 5.22
by Deepak Subbanarasimha 17 Nov '15

17 Nov '15

Is STunnel 5.22 supported on Windows 2003 server? Thanks, DEEPAK SUBBANARASIMHA Kewill DDI: +00 (1) 978 482 2625 Email: deepak.subbanarasimha(a)kewill.com<mailto:[email protected]> www.kewill.com<http://www.kewill.com/> Tel: +00 (1) 978 482 2500 | Fax: +00 (1) 978 482 2501 1 Executive Drive, Chelmsford, MA 01824, USA IMPORTANT NOTICE: This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone at (978) 482-2500 and return the original message to us at the listed email address. In accordance with Kewill policy, emails sent and received may be monitored. Kewill accepts no responsibility for any loss or damage should this email contain any virus, or similar destructive or mischievous code. Thank You. Copyright (c) 2013 by Kewill Inc IMPORTANT NOTICE: This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately return the original message to the sender at the listed email address. In accordance with Kewill policy, emails sent and received may be monitored. Although Kewill takes reasonable precautions to minimize the risk, Kewill accepts no responsibility for any loss or damage should this email contain any virus, or similar destructive or mischievous code.

1 0

Compilation issues - AIX 6.1 XLC and GXLC
by Rob Lockhart 16 Nov '15

16 Nov '15

On AIX 6.1 using IBM's XLC compiler, I do "configure" and that successfully completes. However, when I "make", it fails due to the parameters "-fstack-protector" and "-fPIE"... apparently it couldn't find the files "stack-protector" and "PIE" as "-f" specifies a file. However, gcc and perhaps many other cc variants, "-f" specifies a compile option. I was able to compile with XLC by ripping out the "stack-protector" and "PIE" sections of "configure" and running "make" but it would be best to use the stack protector mechanisms used for AIX's XLC: https://www.ibm.com/developerworks/mydeveloperworks/blogs/b10932b4-0edd-4e6… Has anyone compiled Stunnel 5.26 using IBM's XLC without removing the stack-protector and PIE sections in the configure file? The other option is to use gxlc instead of xlc to map the GNU C compiler options to XLC options. Would that be preferred (less modification of configure file)? I was able to get that working, but still an unusually high number of warnings. http://geco.mines.edu/files/manuals/xlc/mapping.pdf The article above (from IBM) has "-qstackprotect=size=N" - what suggestion parameter to use for "N"? To be nice to everyone's mailbox, I have posted the logs here: Stunnel 5.26 AIX XLC - fails http://pastebin.ca/3250237 Stunnel 5.26 AIX GXLC - passes http://pastebin.ca/3250242 Thanks, -Rob

3 5

Virtual Machine/Server
by Duane Moody - Global Data Specialists 13 Nov '15

13 Nov '15

We are currently using Stunnel on a stand-alone PC to link a 3rd party application that monitors a Graphical User Interface application for alarm notification. Stunnel is used to link this 3rd party alarm notification software to be able to send message to Amazon Web Services for email distribution to the users/operators that need this information. IT would like to investigate having all applications operate from a server possibly running 2012 OS, in a virtual environment. The GUI and 3rd party software will operate in this environment and I wanted to see if Stunnel would have any issues continuing to send messages out to Amazon. Thank you, Duane Moody Global Data Specialists 1815 W. 1st Ave, Suite 110 Mesa, AZ 85202 PH: 480-461-3401, Ext 223 Fax: 480-461-3411 Cell: 602-696-9457 www.gbl-data.com

2 1

stunnel 5.26 released
by Michal Trojnara 06 Nov '15

06 Nov '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Users, I have released version 5.26 of stunnel. The ChangeLog entry: Version 5.26, 2015.11.06, urgency: MEDIUM * Bugfixes - Compilation fixes for OSX, *BSD and Solaris. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 2c90d469011eed8dc94f003013e3c055de6fdb687ef1e71fa004281d7f7c2726 stunnel-5.26.tar.gz 797e89783bbab29d5eedbd3193da2cb2461bcf47d314a9ee671b228e207e2b15 stunnel-5.26-installer.exe cd62a3ed4818677e7eeab36017accbae697a67cfd85f58eae82d2ad2db781664 stunnel-5.26-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWPJBJAAoJEC78f/DUFuAUSWUQAKglnyE5OkITYqd7deO768mv AC7DvDrP+mwmICbl/ZQhVzuUB4E9WYUnbyrOduIbCoN3FrDr1hROcO6Tuf63DFXa 5Qal5tFFEgVm5LKi7MxPn022d5e8Q04RADtJ7DNzSrJNltyivHG3h6jAVlXcmlui BkFORjWbZAZ2AUvKBbUYYdjfR2rnpqlrUNIcZwMz0hR5e4JT5Yw5WHa3NfAcXknh XZ27+BoKg6jDyEx+mk2aXYFpeCvWPx5vaKmtAqbIkEaNKhmolpYxf02JespwmvpJ Y/rD0kko+r8zSwMQRZ8FSNncVbQ1Zir3rZM6IE78TkNeGnJKiq29H3dzrUuZP4uW Hv5qjAW7IaVMFUMUOsM/eyKTyh7ibgXLIshb7byn9zm5BHmlY4PgVUyeAXVVbYfK qgfMq43VjgXcyvFw4osQx5xYnA0P3edxFyx1v+GMeHssxh2CLv5MwrcmTcnf5SSm t2COdxi+4gA0mJwsSrdw8d7fuTLg/zhzWKSwB9XZqZ+xM+nTNVI3hzoQJ+Fhe/KP kfJ6qPrSHMj2WX740DDY/tGDTdxKnOEgJb0sJepEJyprIm8LFMSrBBt5fAdqgrPy a9znXn7RG+C71oxoaP/Q77fdAUQ9147SfGOO18ooYDzev5w5nHRg0kaPRrMDHxUg CyNsej8I/7CSXCH4PtjL =KQPP -----END PGP SIGNATURE-----

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users