[stunnel-users] persistent SSL connection

Aron Griffis aron at hp.com
Mon Mar 16 16:27:48 CET 2009

Dorai Ashok wrote:  [Fri Mar 13 2009, 04:28:56PM EDT]
>I was able to setup stunnel between two hosts successfully but
>the only problem I am facing is that, the SSL connection between
>the two hosts is not persistent. For every connection I make to
>the stunnel client, a new SSL connection is established by the
>stunnel client to the stunnel server.
>Is there a configuration variable in stunnel which can make the SSL
>connection between stunnel client and server persistent ?

stunnel always builds a new SSL connection for every connection
it accepts on the client side.  This is normally the right thing
because the server might be an SSL application rather than
another instance of stunnel.

It would be possible for stunnel to build a persistent SSL
connection to the server if the server is known to be another
stunnel instance, in which case every connection accepted on the
client side would spawn a new "exec" or "connect" on the server,
and the connections would be multiplexed over the single SSL
connection.  That would be a very nice feature to add to stunnel,
but AFAIK it's not there right now.

It is, however, in openssh.  This is what ssh -L port:remote:port
does.  That is probably where you need to look if you depend on
this feature.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090316/4f69b8af/attachment.sig>

More information about the stunnel-users mailing list