[stunnel-users] PSK, verifying the client

Mike the.lists at mgm51.com
Wed Apr 5 16:49:11 CEST 2017

Is it possible to verify the client using PSK?

On the stunnel server I specify a PSKsecrets file with two lines in it,
one for client01 and one for client02.  The secret is about 36
characters long.

On a client, I have a similar PSKsecrets file, but only containing the
client01 line.

Now, if I try to connect with, say, a client03, i.e., any client that
does not have a matching line in the server's PSKsecrets file, how can I
assure that the client connection will be rejected?

What I'd like to see would be the following: any client that tries to
connect, and does not present a PSK that is present in the server's
PSKsecrets file, then that client's connection request is rejected, with
an appropriate message logged.

Can I do that with the current stunnel?


More information about the stunnel-users mailing list