[stunnel-users] stunnel-users Digest, Vol 179, Issue 5
Brent Kimberley
brent_kimberley at rogers.com
Sun Jun 16 23:17:14 CEST 2019
Please let me know what you discover. The code base looks faily accessible. :-)
https://github.com/mtrojnar/stunnel/tree/stunnel-5.55/src
On Saturday, June 15, 2019, 10:29:25 p.m. EDT, Thomas Ward <teward at thomas-ward.net> wrote:
Looks like the problem I'm seeing is it doesn't like the PSK protocol for some reason and TLS1.3 breaks this because of how PSK is now in TLS1.3. Doing more testing...
On 6/15/19 3:48 PM, Brent Kimberley wrote:
>
>>
>>> Is there something missing ?
>>>
>>
> Can you please elaborate? https://www.stunnel.org/auth.html
>
>
> Subject: Using STunnel4 with both SSL/TLS proxy AND PSK authentication
>
> Hi, all.
>
> We've got a specific use case where we need to implement an stunnel4
> 'tunnel' in the following format:
>
> Client <---> client-side stunnel4 <---> server-side stunnel4 <---> server
>
> The specific case for this is because of a server that does NOT support
> SSL on the remote side nor client side, and we need to use two stunnel4
> instances to establish the "secure" tunnel.
>
> We can get it working with straight SSL/TLS certificates for a secure
> connection between the two but can't seem to add authentication to this,
> we want to get the stunnel4 on the client side and the stunnel4 on the
> server side to have to have some kind of authentication/exchange between
> them.
>
> Whenever we add the PSK options or client certs to the thing, we
> immediately get SSL/TLS problems, as it doesn't seem to support SSL/TLS
> handshakes properly at that point.
>
> Is there something I'm missing within the STunnel4 documentation about
> establishing the SSL/TLS tunnel AND adding an authentication component,
> or is this not possible?? It doesn't currently seem possible based on my
> testing...
>
>
> Thomas
>
>
More information about the stunnel-users
mailing list