[stunnel-users] Connecting stunnels

Carter Browne cbcs at comcast.net
Thu Mar 31 17:44:25 CEST 2016

On 3/31/2016 11:21 AM, Ludolf Holzheid wrote:
> On Thu, 2016-03-31 10:39:03 -0400, Carter Browne wrote:
>> [..]
>> I didn't ask the reason why in this case - I have had instances where I
>> wanted the communication to be encrypted, but I count not go directly
>> from Host1 to Host3.  If he can go directly from Host1 to Host3, then
>> your configuration is correct.  However, in these days of firewalls,
>> network segmentation, etc. the direct path may not be available or
>> desired.
> Carter,
> I was wondering if there is a reason for the two separately encrypted
> connections.  I had the impression, an end-to-end-encryption and a
> port forwarder on Host2 was easier to set up (and more resource
> conserving), but this may be a matter of taste ...
> Ludolf

You are correct, a simple port forwarder would work just as well. In my 
case, I have stunnel running for other reasons, so it was easier to use 
it rather than install another package to do the port forwarding.  Using 
stunnel can provide more security by validating the individual 
point-to-point connects with the cost of the additional overhead of 
decrypting and re-encrypting the data.


Carter Browne
cbrowne at cbcs-usa.com

More information about the stunnel-users mailing list