[stunnel-users] Windows Server 2003 issues with stunnel, TLS 1.2 on website(s)

Javier jamilist.stn at gmx.es
Thu Feb 27 00:12:28 CET 2020


Hi,

You just need to forget about IIS secure port as it won't be used
anymore and it will be managed by Stunnel and redirect to port 80.

Or you can go the other way around; setup a second IP to the network
device and NAT to it (I'm guessing is what you are doing through a
router) instead the IP that IIS serves on and re-route it from
Stunnel to the other IP at port 80.

Both scenarios are valid. The second slightly going in circles...

Told the other way, or...

Public IP:443 > Stunnel listen on (10.0.1.11)443 and redirect traffic
to ISS(10.0.1.11):80
or
Public IP:443 > Stunnel keep listening on (ie: 10.0.1.110)442
(NAPTed) and redirecto to ISS(10.0.1.11):80

Note that I'm just giving options. The idea you should get is that
IIS will stop to manage the secure connection, so 443 listening is
not needed anymore, and will be managed by Stunnel. IIS will only act
as a plain text server (80).

Unless IIS needs to manage, or setup, a secure setting for some
reason, as I don't know how it works (should be as any other HTTP
server) that is what you should do.

Regards.


More information about the stunnel-users mailing list