[stunnel-users] stunnel-users Digest, Vol 179, Issue 5

Thomas Ward teward at thomas-ward.net
Sun Jun 16 04:29:23 CEST 2019

Looks like the problem I'm seeing is it doesn't like the PSK protocol
for some reason and TLS1.3 breaks this because of how PSK is now in
TLS1.3.  Doing more testing...

On 6/15/19 3:48 PM, Brent Kimberley wrote:
>>>  Is there something missing ?
> Can you please elaborate?  https://www.stunnel.org/auth.html
> Subject: Using STunnel4 with both SSL/TLS proxy AND PSK authentication
> Hi, all.
> We've got a specific use case where we need to implement an stunnel4
> 'tunnel' in the following format:
> Client <---> client-side stunnel4 <---> server-side stunnel4 <---> server
> The specific case for this is because of a server that does NOT support
> SSL on the remote side nor client side, and we need to use two stunnel4
> instances to establish the "secure" tunnel.
> We can get it working with straight SSL/TLS certificates for a secure
> connection between the two but can't seem to add authentication to this,
> we want to get the stunnel4 on the client side and the stunnel4 on the
> server side to have to have some kind of authentication/exchange between
> them.
> Whenever we add the PSK options or client certs to the thing, we
> immediately get SSL/TLS problems, as it doesn't seem to support SSL/TLS
> handshakes properly at that point.
> Is there something I'm missing within the STunnel4 documentation about
> establishing the SSL/TLS tunnel AND adding an authentication component,
> or is this not possible?? It doesn't currently seem possible based on my
> testing...
> Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190615/9b3a2e7c/attachment.htm>

More information about the stunnel-users mailing list