Questions tagged [stunnel]

Stunnel is a small tool that can wrap the connection of other protocols with SSL/TLS.

Stunnel is a free software based on OpenSSL providing a SSL/TLS encryption wrapper between remote clients and a local or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library.

For more information, see the homepage of the project at stunnel.org.

155 questions
1
vote
2 answers

Stunnel Error binding pop3s to 0.0.0.0:110

I'm setting up stunnel so a non SSL enabled app can access a Gmail / Google Apps account. Here's the config I'm using: CLIENT=YES [pop3s] accept = 110 connect = pop.gmail.com:995 [imaps] accept = 143 connect = imap.gmail.com:993 [ssmtp] accept =…
Tom
  • 766
  • 3
  • 9
  • 24
1
vote
1 answer

Unreasonably slow stunnel

I setup stunnel on OSX to tunnel traffic to my Django dev server because Facebook needs HTTPS these days but I noticed it's being absurdly slow. It seems like it can only handle a single connection at a time and even the connection is slow when I'm…
Kit Sunde
  • 946
  • 3
  • 12
  • 33
1
vote
0 answers

Switch stunnel from self-signed cert to signed by CA cert

We use stunnel configured to provide SSL-tunnel between SERVER A (where we have stunnel configured as client) and many SERVERS B (where we deployed stunnel configured to work in server mode). We use self-signed certs on both client stunnel and…
sha
  • 111
  • 4
1
vote
3 answers

OpenSource (Layer 4) Load Balancer that can pass through original client IP?

I am setting up a web application which uses SSL for all requests. It needs to have room for scaling and also be highly available. It seems that the "recommended" way to handle this is to setup a pair of Layer 4 load balancers for HA, which pass…
phylae
  • 327
  • 4
  • 10
1
vote
2 answers

stunnel+HAProxy+Apache question, multiple site certificates

currently I'm using the following scheme to serve both static y and dynamic content. I have compiled stunnel with X-Forwarded-For support patch. Internet(http) -> haproxy (frontend1) -> Apache Farm Internet(https) -> stunnel -> haproxy (frontend2)…
AndresVia
  • 253
  • 2
  • 9
1
vote
1 answer

Using virtual IP with stunnel and haproxy

We have a load-balancer setup, in which an HTTPS Request flows through the following steps:- Client -> DNS -> stunnel on Load-Balancer -> HAProxy on LB -> Web-Server This setup works perfectly when stunnel is listening to the local IP of the…
isNaN1247
  • 1,675
  • 3
  • 15
  • 20
1
vote
1 answer

Stunnel, limits.conf

After reading the fine advice and accepted answer at Stunnel too many clients , I'm finding that this looks like our problem, but I'm having trouble applying the solution. First of all, ulimit is a shell thing that impacts processes spawned from…
Kyle
  • 1,859
  • 2
  • 17
  • 23
1
vote
1 answer

Securing stunnel.pem on Windows

How can I prevent reading of the stunnel.pem file by any user other than the service user running Stunnel? How can I permit access to this directory (C:\Program Files\stunnel) in Windows XP to only the Stunnel service?
Engineer2021
  • 601
  • 8
  • 25
1
vote
2 answers

Can't connect to STunnel when it's running as a service

I've got STunnel configured to proxy non SSL POP3 requests to GMail on port 111. This is working fine when STunnel is running as a desktop app, but when I run the STunnel service, I can't connect to port 111 on the machine (using Outlook Express for…
John Francis
  • 133
  • 1
  • 6
1
vote
0 answers

how can i reroute incoming connection without passing it from my server

here is whats happening i ran a openvpn server on a server outside my coutry and tunneled it using stunnel from a server inside country(because of vpn restrictions i cant connect to it directly) but it seems like goverment or somebody else dicovered…
IMIEEET
  • 11
  • 2
1
vote
1 answer

stunnel + squid = 1 request for 5minutes (rest connection reset by peer)

tl;dr; Configuration with stunnel on client which connect to squid proxy with x509 certificate authentication work only for one request per 5minutes. Scenario: Squid and stunnel configured and started wget configured to use localhost as proxy…
Mithrand1r
  • 11
  • 5
1
vote
1 answer

Nginx reverse proxy failing with Stunnel and Mirth FHIR client

I have an application behind a Nginx reverse proxy that I am trying to access from an external client. Both the client and the application only support http. Therefore I am using Stunnel on the client side to map http to https and nginix on the…
skyman
  • 156
  • 4
1
vote
0 answers

IP Camera with PTZ through stunnel

Looking around at first it was suggest to use a reverse proxy to wrap https around and IP camera and then someone mentioned you don't get sound that way so they said use stunnel. I'm looking at stunnel and I'm not sure how to connect to the camera…
Reg
  • 11
  • 2
1
vote
1 answer

HTTPS stunnel error:1408F09B:SSL routines:ssl3_get_record:https proxy request

I am configuring the HTTPS proxy with stunnel and squid. But, I received the Mozilla error page "Secure Connection Failed", in case I am making browser requests through port 44444(stunnel). What I am missing? In case I am making a direct browser…
Awesome Man
  • 111
  • 4
0
votes
0 answers

Error Web Service Stunnel

In Stunnel,I have this configuration: [ws] client = yes accept = 127.0.0.1:80 connect = webservice.it:443 I make a http request to 127.0.0.1:80 and I want that stunnel redirect to webservice.it:443. But it doesn't work. In the log I have this…