[stunnel-users] Connecting stunnels

• Previous message (by thread): [stunnel-users] Connecting stunnels
• Next message (by thread): [stunnel-users] Memory Leak in stunnel 5.31
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/31/2016 11:21 AM, Ludolf Holzheid wrote:
> On Thu, 2016-03-31 10:39:03 -0400, Carter Browne wrote:
>> [..]
>>
>> I didn't ask the reason why in this case - I have had instances where I
>> wanted the communication to be encrypted, but I count not go directly
>> from Host1 to Host3.  If he can go directly from Host1 to Host3, then
>> your configuration is correct.  However, in these days of firewalls,
>> network segmentation, etc. the direct path may not be available or
>> desired.
> Carter,
>
> I was wondering if there is a reason for the two separately encrypted
> connections.  I had the impression, an end-to-end-encryption and a
> port forwarder on Host2 was easier to set up (and more resource
> conserving), but this may be a matter of taste ...
>
> Ludolf
>
Ludolf,

You are correct, a simple port forwarder would work just as well. In my 
case, I have stunnel running for other reasons, so it was easier to use 
it rather than install another package to do the port forwarding.  Using 
stunnel can provide more security by validating the individual 
point-to-point connects with the cost of the additional overhead of 
decrypting and re-encrypting the data.

Carter

-- 
Carter Browne
cbrowne at cbcs-usa.com

• Previous message (by thread): [stunnel-users] Connecting stunnels
• Next message (by thread): [stunnel-users] Memory Leak in stunnel 5.31
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]