[stunnel-users] Simple Stunnel Question

mdpeters michael.peters at lazarusalliance.com
Wed Mar 28 02:11:46 CEST 2007

My goal is to have a web server transfer MySQL data via an AES tunnel to 
a MySQL database server with an added encryption card. Both systems have 
the same SSL and Stunnel software installed. My web servers database 
seems to be functioning as normal.

I would like to verify that what I have is complete and effective. It is 
not apparent to me if I have finished construction or how to verify this 
works like I want it to.

I'm not sure how I would verify that Stunnel is being used?

Do I need to run Stunnel as a background service full time?

Is there something I am missing here?

Comments and advice is appreciated!


# /usr/local/sbin/stunnel -version
stunnel 4.20 on sparc-sun-solaris2.10 with OpenSSL 0.9.8e 23 Feb 2007

Global options
debug           = 5
pid             = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:+RC4:@STRENGTH
key             = /usr/local/etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

# gcc -v
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.10/3.3.2/specs
Configured with: ../configure --with-as=/usr/ccs/bin/as 
--with-ld=/usr/ccs/bin/ld --disable-nls
Thread model: posix
gcc version 3.3.2

# uname -a
SunOS slinky 5.10 Generic_118833-17 sun4u sparc SUNW,Ultra-80

# /usr/local/sbin/stunnel -sockets
Socket option defaults:
     Option          Accept    Local     Remote    OS default
     SO_DEBUG            --        --        --             0
     SO_DONTROUTE        --        --        --             0
     SO_KEEPALIVE        --        --        --             0
     SO_LINGER           --        --        --    0:0
     SO_OOBINLINE        --        --        --             0
     SO_RCVBUF           --        --        --         65535
     SO_SNDBUF           --        --        --         65535
     SO_RCVLOWAT         --        --        --        --
     SO_SNDLOWAT         --        --        --        --
     SO_RCVTIMEO         --        --        --        --
     SO_SNDTIMEO         --        --        --        --
     SO_REUSEADDR             1    --        --             0
     IP_TOS              --        --        --             0
     IP_TTL              --        --        --            64
     TCP_NODELAY         --        --        --             0

# openssl ciphers -v
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 
EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 
EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5 
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5 
EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5 
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5 


More information about the stunnel-users mailing list