here is the hp webpage…

http://h71000.www7.hp.com/opensource/opensource.html#stunnel

Stunnel

Stunnel allows you to encrypt arbitrary TCP/IP connections inside an SSL (Secure Sockets Layer) connection from your OpenVMS system to another machine. Stunnel allows you to secure non-SSL aware applications (such as Telnet, IMAP, RCP, and FTP authentication) by having Stunnel provide the encryption, so you do not have to change the original application. Both images and source code are provided. For more information about Stunnel, see http://www.stunnel.org.

The Stunnel kit is a compressed, self-extracting EXE file. To expand the Stunnel source kit, enter one of the following commands:

$ RUN STUNNEL-4_20_AXP.EXE ! for Alpha (Updated September 2007)
$ RUN STUNNEL-4_20_I64.EXE ! for Integrity servers (Updated September 2007)
$ RUN STUNNEL-3_26_VAX.EXE ! for VAX

At the Decompress into (file specification): prompt, press return. The system expands the file and names the decompressed file STUNNEL-4_20.BCK or STUNNEL-3_26.BCK.

See STUNNEL_README_AXP_I64.TXT (for Alpha and Integrity servers) or
STUNNEL_README_VAX.TXT (for VAX) for information about Stunnel on OpenVMS.

Download Stunnel for Alpha › (September 2007)
Download Stunnel for Integrity servers › (September 2007)
Download Stunnel for VAX › (November 2002)

 

 

From: stunnel-users [mailto:[email protected]] On Behalf Of Rob Lockhart
Sent: Wednesday, April 08, 2015 4:44 PM
To: [email protected]
Subject: Re: [stunnel-users] openvms and stunnel

 

From: stunnel-users [mailto:[email protected]] On Behalf Of Rob Lockhart

Sent: Wednesday, April 08, 2015 4:28 PM
To: [email protected]
Subject: Re: [stunnel-users] openvms and stunnel

 

On Wed, Apr 8, 2015 at 4:10 PM, Coviello, Paul <[email protected]> wrote:

Ok thanks here is the 1st version of the file...

All I want to do is create a telnet session from a windows terminal emulator to my VMS server.

also someone thinks that this version may not play well with SSL 1.4 that I have on VMS  as mentioned this is 4.20

Can anyone confirm this ?

Thanks
Paul

STUNNEL_SERVER.CONF;1
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration

 

It's been more than 20 years since I used HP VMS (VAX), but can you do something like this:
stunnel /version

or if that doesn't work:

stunnel version

or

stunnel -version

see the output and verify what you have. For my Cygwin x64 environment, it says this (stock configuration):

 

$ stunnel -version

stunnel 5.09 on x86_64-unknown-cygwin platform

Compiled/running with OpenSSL 1.0.1k 8 Jan 2015

Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP

 

Global options:

debug                  = daemon.notice

RNDbytes               = 64

RNDfile                = /dev/urandom

RNDoverwrite           = yes

 

Service-level options:

ciphers                = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2

curve                  = prime256v1

options                = NO_SSLv2

options                = NO_SSLv3

sessionCacheSize       = 1000

sessionCacheTimeout    = 300 seconds

stack                  = 65536 bytes

TIMEOUTbusy            = 300 seconds

TIMEOUTclose           = 60 seconds

TIMEOUTconnect         = 10 seconds

TIMEOUTidle            = 43200 seconds

verify                 = none

 

 

What I would do is to dumb this down and first see if you can get a stunnel client/server communication on the same box (using localhost or 127.0.0.1). I would use iperf to just send dummy data (iperf client and iperf server). Once that works, then move it up to using your network. If you need some example config files, I can provide that. What I did is to use iperf client connect to port 5000, then stunnel client listening on port 5000 and connect to port 6000, then stunnel server listening on port 6000 and connect to port 7000, and iperf server listening on port 7000. Since they're non-privileged ports, you don't need admin access.

 

Are you using certificates? I think you need to generate the stunnel.pem file, and I did it (using cygwin/MinGW/Linux) using these commands below. Information stolen/modified from here: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu

 

Create a self-signed key as follows:

In MinGW:

cd /c/STUNNEL5

openssl genrsa -out key.pem 2048

openssl req -new -x509 -key key.pem -out cert.pem -days 1095

 

now put in the info pertinent to your organization.

 

then run this command:

cat key.pem cert.pem >> stunnel.pem

 

I don't know if you can do that with VMS, some parameters may have to be tweaked and changed to forward-slashes (as typical in VMS). I also saw the logging statement commented out, have you tried uncommenting those two lines (logging verbosity and log file)?

 

Regards,

  -Rob

 

 

On Wed, Apr 8, 2015 at 4:36 PM, Coviello, Paul <[email protected]> wrote:

 

No stunnel command is available…

 

This is the doc I followed/following and currently on step 3

 

http://h71000.www7.hp.com/opensource/stunnel_readme_axp_i64.txt

 

 

That looks to be for Stunnel 3, which is no longer maintained. Please see this message on the main website:

 

The obsolete 3.x branch is no longer maintained. Use stunnel3 perl script as a drop-in replacement for backward compatibility.

 

https://www.stunnel.org/downloads/stunnel3

 

If you have perl installed in VMS, you should be able to use that perl script to emulate stunnel 4. I don't know if Stunnel 3 and Stunnel 4 are interoperable, perhaps not?