[stunnel-users] persistent SSL connection
doraiashok at gmail.com
Mon Mar 16 18:18:04 CET 2009
Pierre, Peter, Aron,
Thanks for all the responses.
I now have a better understanding of the main usecase for stunnel. In our
particular case, We need the connection multiplexing since we cannot
maintain a persistent connection to the stunnel client and we cannot afford
to create a new SSL connection for every new connection to stunnel client.
So, we will probably go with SSH tunneling.
PS: My emails to the mailing list get blocked by a spam blocker so you might
not see this message in the mailing list archives.
On Mon, Mar 16, 2009 at 8:27 AM, Aron Griffis <aron at hp.com> wrote:
> Dorai Ashok wrote: [Fri Mar 13 2009, 04:28:56PM EDT]
> >I was able to setup stunnel between two hosts successfully but
> >the only problem I am facing is that, the SSL connection between
> >the two hosts is not persistent. For every connection I make to
> >the stunnel client, a new SSL connection is established by the
> >stunnel client to the stunnel server.
> >Is there a configuration variable in stunnel which can make the SSL
> >connection between stunnel client and server persistent ?
> stunnel always builds a new SSL connection for every connection
> it accepts on the client side. This is normally the right thing
> because the server might be an SSL application rather than
> another instance of stunnel.
> It would be possible for stunnel to build a persistent SSL
> connection to the server if the server is known to be another
> stunnel instance, in which case every connection accepted on the
> client side would spawn a new "exec" or "connect" on the server,
> and the connections would be multiplexed over the single SSL
> connection. That would be a very nice feature to add to stunnel,
> but AFAIK it's not there right now.
> It is, however, in openssh. This is what ssh -L port:remote:port
> does. That is probably where you need to look if you depend on
> this feature.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users