[stunnel-users] Client Authentication and CRL Verification

Michal Trojnara Michal.Trojnara at mirt.net
Wed Dec 2 15:33:59 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02.12.2015 15:16, Mehdi B. wrote:
> It's my mistake. When I configured the server/client, I think :
> "Connection will open and die"
> 
> In reality, connection still opened, but the certificate is
> denied, when we use it.

SSH tunnelling (as in OpenSSH) opens one persistent connection and
multiplexes tunnelled TCP sessions inside it.

TLS tunnelling (as in stunnel) does not keep any persistent
connection.  It uses separate TCP connections created on demand for
individual tunnelled TCP sessions.  This is a better approach for many
reasons, including reliability, bandwidth management, and power
consumption (no keepalives are needed on battery powered devices to
survive timeouts on NATs and stateful firewalls).

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWXwFXAAoJEC78f/DUFuAU4qkQAKb/iWeG5h9rtcmDt+j3imGa
uZeB6kxeK9HuCgV7CMg9WK3oQzi+2D2CZ9X92Pzb+EgL+Z+ExpobM3eeBliSmUax
NFka0gTnNuWI1oDm+X9nUkexZldGCTexb/Jun4zdqKRi9ewQSAqwgNt0Dy6wZv2e
IjHyiHpjHXMrfb1gWoLk8Ip8K4ErbcAfBR5Wj+yT+4zJ/VdWZ+xt/kYRuJBYzkv7
IjzfcgabwNdCJYm+lRy9b95mg+Tc045W9AUo/k85W5ebOG/f70BMdf7h+2/W9zBq
3XmujOEbjov2PD04rojSBmGIW2I9D/oe3aoZNRwvpI0Ri4WN73miVdgiB1YHkojJ
Dqummf0407AYjYB+Fbu9/kkNXXKos9CvquhvFizi8nuTM9kjkEeydIX1Y+j/CYw3
1nw/t+Bt9fdZEpx9BO/Y+NjT7FL+IusCYUQT2SJtCWHzw42vmHdhxX2N1vBAqbgM
bPILPwsOtC9P2kRi70EWwvE4g1aIjL8pebcyIrZGWvUF+sUhzcVt4EQTdGjjQXgJ
EXT+9KsWXRgnNDkdYz4NGMxHWN7NkR2oSKWBYQ+gWdhrg58YaKDLI/3fJRNJ6RZx
DJA/CMkK7/PaX8PNWANjMPg01LvEMkCgwGZPQ4AxlRMLdysoUqyDrDIkrKJFnJtS
HBjLHanEeoVoHjKlDYgX
=LubY
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list