[stunnel-users] Stunnel 4.53 for win32 - without config file

Steve Marvin smarvin at pobox.com
Thu Jun 14 22:01:41 CEST 2012

On Thu, 14 Jun 2012 15:56:37 -0400, Brian Wilkins wrote:

>So why not autogenerate it ? What does a key have to do with configurations
>? Just use stunnel for your purpose, scrub, and then regenerate every time.
>Or point the configuration to an encrypted volume ? I am confused.

The key has to reside in a .pem file on disk. .pem files are not encrypted.

Before starting stunnel, I create the .pem from a cert and private key in
the windows store. After stunnel is finished starting all of the services
in the .conf file I scrub the .pem files.

My reply was to "security reasons"...hmm...just bad excuse. In my case
it was the only way I am allowed to use stunnel in the project - otherwise
I would have to write a tls wrapper myself.


>On Thu, Jun 14, 2012 at 2:51 PM, Steve Marvin <smarvin at pobox.com> wrote:

>> On Thu, 14 Jun 2012 20:40:12 +0200, Pierre DELAAGE wrote:
>> >putting config file in a folder properly protected by permissions set is
>> >the best way to do that.
>> >I always wonder why some people want to use stunnel without leaving any
>> >trace on their (?) server machine:
>> >many of those are just trying to open backdoors on systems...
>> >"security reasons"...hmm...just bad excuse.
>> Some people have a requirement not to have the private key in an
>> unencrypted file on disk. At least my project does.
>> -----------------
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users

More information about the stunnel-users mailing list