[stunnel-users] UDP End-points
intersect at gmail.com
Wed Nov 3 00:21:48 CET 2004
Michal Trojnara mentioned:
> On 2004-11-02, at 02:02, Red Phoenix wrote:
> > Establishing a SSL connection over UDP would be pretty tough, but has
> > anyone thought about the possibility of allowing the 'listen' and
> > 'destination' points to be UDP ports, with the main comms routed over
> > TCP? This would effectively accomplish what most UDP requestors need.
> It's not as easy as you think. SSL requires a stream of data as a
> transport. It's much more than a simple UDP forwarder.
Perhaps I wasn't quite as clear as I intended.. :)
I'm not suggesting that SSL over UDP should be done.. I'm suggesting
that stunnel could potentially act as a UDP-over-encrypted-TCP
For example: (For the moment, lets focus on syslog data):
Server 1 Sends syslog messages to UDP port 514 on Server 2.
Server1 and Server2 both then install stunnel:
Server1: Syslog messages are redirected to localhost UDP port 514
(rather than Server2 UDP port 514).
Server1: Stunnel listens on UDP port 514, and sends encrypted data to
Server2 on TCP port 12345
Server2: Stunnel listens on TCP port 12345, decrypts the data, and
sends to localhost UDP port 514.
This way, stunnel acts as the UDP to TCP (encrypted) to UDP gateway -
in a similar way that it can currently act as a pure TCP -> TCP
(encrypted) -> TCP gateway.
More information about the stunnel-users