[stunnel-users] Stunnel 4.53 for win32 - without config file
Steve Marvin
smarvin at pobox.com
Thu Jun 14 22:01:41 CEST 2012
On Thu, 14 Jun 2012 15:56:37 -0400, Brian Wilkins wrote:
>So why not autogenerate it ? What does a key have to do with configurations
>? Just use stunnel for your purpose, scrub, and then regenerate every time.
>Or point the configuration to an encrypted volume ? I am confused.
The key has to reside in a .pem file on disk. .pem files are not encrypted.
Before starting stunnel, I create the .pem from a cert and private key in
the windows store. After stunnel is finished starting all of the services
in the .conf file I scrub the .pem files.
My reply was to "security reasons"...hmm...just bad excuse. In my case
it was the only way I am allowed to use stunnel in the project - otherwise
I would have to write a tls wrapper myself.
>Brian
>On Thu, Jun 14, 2012 at 2:51 PM, Steve Marvin <smarvin at pobox.com> wrote:
>> On Thu, 14 Jun 2012 20:40:12 +0200, Pierre DELAAGE wrote:
>>
>> >putting config file in a folder properly protected by permissions set is
>> >the best way to do that.
>> >I always wonder why some people want to use stunnel without leaving any
>> >trace on their (?) server machine:
>> >many of those are just trying to open backdoors on systems...
>>
>> >"security reasons"...hmm...just bad excuse.
>>
>>
>> Some people have a requirement not to have the private key in an
>> unencrypted file on disk. At least my project does.
>>
>> -----------------
>>
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>
More information about the stunnel-users
mailing list