[stunnel-users] Stunnel connection from A to B but direction from B to A?

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Wed Apr 14 09:15:19 CEST 2010

On Tue, 2010-04-13 22:51:46 +0200, Michal Trojnara wrote:
> Carsten Krüger wrote:
>> is it possible with stunnel to connect from host A to host B but to
>> have the port redirection the other way?
> SSL provides a 1:1 cryptographic protection of a TCP connection.  For  
> additional services (e.g. multiple data streams) you either need a  
> different protocol (e.g. http://www.ietf.org/rfc/rfc4251.txt), or an  
> additional proprietary protocol encapsulated within the standard SSL (so 
> called "SSL VPNs" take this approach).  Please bear in mind such "SSL 
> VPN" is no longer just SSL encryption, as it needs this proprietary 
> protocol implemented on both ends.  Stunnel does not break SSL this way.


I'm not sure this is what Carsten is looking for.

My understanding is, he needs an SSL-encrypted connection from A to B,
and simultaneously an unencrypted, but also redirected connection from
B to A. All connections HTTP with destination port 80:

 browser on A -> stunnel A->B -> HTTP server on B -> e.g. redir B->A -> HTTP server on A

If this is the case, it should be feasible by binding the stunnel
server on A to and the HTTP server (also on A) to the
external IP address only (and likewise for the unencrypted tunnel in
the other direction).

Or the tunnel endpoints listen on a port different from 80.




Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany

More information about the stunnel-users mailing list