[stunnel-users] How to forward client's IP address with stunnel on Windows

Henrik Riomar henrik.riomar at gmail.com
Mon Oct 8 20:23:37 CEST 2012

On 10/08/2012 07:22 PM, Emmanuel Egensperger wrote:
> Is there any solution to my problem ? Have I done something wrong ?

I use a small patch for this, it also passes some more "nice to know" 
stuff to the application running "behind" stunnel. I agree that this 
patch might be shooting a bit over your target, but anyhow that is how I 
do it myself.

Patch description;
Allows passing of crypto parameters for the current client to the
server "behind" stunnel. This allows the application in the server
to take the crypto level and client-ip:port into account when
offering a service (or not).

The client info is passed as the *first* line before the normal
unencryped data stream from the client.

Example ";ECDHE-RSA-RC4-SHA"

The crypto level is nice to know as stunnel can be configured to allow 
weaker cryptos (for backwards compatibility with older browsers). When 
the application sees a week crypto it can require a one-time password as 
authentication, instead of normal username:static-password. As this info 
is passed as a first line, the application need written to take this 
into account.

Mike: I have been using this patch for some time without any issues, if 
you like to include it in stunnel it is under public domain.The patch is 
re-based on top of 4.54b8. Is is enabled with a new option 
"send_client_info = yes", without this it does nothing.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121008/7023e561/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-adds-send_client_info-option.patch
Type: text/x-patch
Size: 3597 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121008/7023e561/attachment.bin>

More information about the stunnel-users mailing list