[stunnel-users] HTTPS support for the webserver using STUNNEL

Leandro Avila leandro.avila at ymail.com
Tue Jan 13 15:33:24 CET 2015


Hello,

Looks like you got the hard part done (cross compiling etc)

1. You don't need to run stunnel on the client machine. You will use your web browser and your browser will handle the TLS connection
2. In your case you only need a stunnel instance running as a server on the linux device.
Your stunnel.conf will look something like

[https]
client = no

accept = 443
connect = 127.0.0.1:80


The above configures stunel as a server, listening for connections on all interfaces port 443 and connecting to
localhost port 80


3. I'm not sure what you mean by "the device and the machine can have any random IP and port"
- You mean if both devices get a dhcp assigned ip? In that case the above config should work, because it listens in all
available IPs
- The port portion there are defined ports for http (port 80) and https (port 443) that should be it for the server
unless your application is different. On the client side you don't need to worry about the port

4. Stunnel will provide the SSL/TLS encapsulation to your http connection. So in that regard is a solution.
Other times people might opt for using a http server that supports SSL/TLS natively, but you are working on embedded systems
so there are contraints there.

This is an alternative for instance.

http://acme.com/software/mini_httpd/

Hope this helps, feel free to ask more questions

----------------- 

Leandro Avila

On Tuesday, January 13, 2015 6:57 AM, Siva Kumar <sivakumar.s.k.k at gmail.com> wrote:


>
>
>Hi All,
>
>
>I am fairly new to stunnel and also to the networking concepts.
>
>
>Currently we are working on a surveillance device running on monta vista linux on the ARM11 architecture. We have crossed compiled and deployed a THTTPD server which is working fine. Once you connect to the device using any of the web client (from a windows PC), it will take you to a web page where you can select and stream live video's from all the camera's connected to the device. So far everything is working fine now..
>
>
>Now the real problem is that we need to support https as well along with http. Since THTTPD web server doesn't support secure connection we thought we would accomplish that using the stunnel application. We were able to download and cross compile the stunnel application for the device. 
>
>
>Now the doubts I have here is:-
>
>
>1) Do we need a stunnel server application running on the windows PC from where we will be using the web browser to connect to the client?
>
>
>2) Where should be the stunnel server and stunnel client be running. I mean should the linux device be running the stunnel client and the windows PC be running the stunnel server? In that case what should be the correct accept and connect parameters in the stunnel.conf file in both the device and the windows PC?
>
>
>3) Since the device and the machine can have any random IP and port, so is it feasible to dynamically set the accept and connect parameters in the stunnel.conf file?
>
>
>4) Can the stunnel be considered as a solution to the problem which I have reported here. The point 3 above makes me thing otherwise.
>
>
>I have tried all combinations mentioned in the point 1 and 2 without success. In none of the case my web browser was able to talk to the device using HTTPS (ie https://my_device_ip). I could see a "client hello" request from the browser to which the client sends an ACK and RST. In some combination an HTTPS request from the browser only triggered a TCP connection request for which the client responded with ACK and RST.
>
>
>Sorry for the long mail. Any inputs would be deeply appreciated.
>
>
>
>Regards,
>Siva 
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at stunnel.org
>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>


More information about the stunnel-users mailing list