[stunnel-users] Using stunnel to secure clients instead of servers

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Wed Jan 7 17:01:00 CET 2015


On Wed, 2015-01-07 10:11:39 -0500, Leon Smith wrote:
> Actually,  that may be it,  thank you.    I definitely overlooked this
> option when I browsed the man page.   I'll pass on this information to some
> interested parties and give them a chance to make it work.    And I'll
> probably try this myself at some point soon.
> 
> (Incidentally,  it's an HTTP client that doesn't support HTTPS, even though
> the server does,  so it appears I'll need protocol=connect and CAfile=...
> for certificate pinning as well.)

I don't know your setup, but if there is no proxy involved, you don't
need the 'protocol=...' option.  For certificate pinning, you'll
certainly need 'CAfile=...' or 'CApath=...', and 'verify=LEVEL' with
LEVEL not below 2.

HTH,

Ludolf

-- 

Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796


More information about the stunnel-users mailing list