SysChat is a free online computer support community. Ask questions, share resources, contribute knowledge and discuss technology. Join our growing community to access all features. Register Now!

SysChat » Tutorials » Networking » Stunnel, a free multi-platform computer program, used to provide universal TLS/SSL

Networking

Guides and tutorials on networking, LAN, Wireless

Comment
 
LinkBack Tutorial Tools
Stunnel, a free multi-platform computer program, used to provide universal TLS/SSL

Stunnel, a free multi-platform computer program, used to provide universal TLS/SSL

Published by metal333
04-27-2010

Default Stunnel, a free multi-platform computer program, used to provide universal TLS/SSL

Stunnel is a free multi-platform computer program, used to provide universal TLS/SSL tunnelling service. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL. This is mainly used for tunneling connections on a network. It is available for both windows and linux.

In order to compile, it requires a functioning SSL library such as OpenSSL or SSLeay. Stunnel gives you the functionality of to secure non-SSL aware demons and protocols(like POP, IMAP) by having stunnel providing the encryption, requiring no change in daemon’s code. Stunnel does not contain any cryptographic code inside it. For that it relies on the external SSL Libraries. Stunnel uses Public-key cryptography with X.509 digital certificates to secure the SSL connection. Clients can optionally be authenticated via a certificate too.

Stunnel has support for:
– Being an SSL client / server
– Server and client side certificate verification
– Protect interception of data
– Prevent manipulation of data
– Defend against IP source routing (one host sending packets as if they came from somewhere else)
– DNS spoofing (an attacker forging name server records)

Configuring stunnel for Windows:
1. Download the .exe from Stunnel.org
2. Install the .exe file on both server and client side.
3. Generate the certificate for the server side from Stunnel.org

Server Side Configuration
1. Put the generated certificate file stunnel.pem in the installed folder
2. Edit .conf file according to the required services for stunnel.
For eg:
Let us consider that the proxy server has IP:Port 172.31.1.4:8080. The protocol used is http/https and the connection for the same are accepted at server side on port 80.
So for the following setting the server side configuration file will have

;Service-level configuration
[http]
accept = 80
connect = 172.31.1.4:8080

[https]
accept = 80
connect = 172.31.1.4:8080
TIMEOUTclose = 0

Client Side Configuration
1. Install Stunnel.
2. Edit .conf file.
Here is the sample of configuration file assuming for the previous example.
;Use it for the client mode
client = yes

;Service-level configuration

[http]
accept = 127.0.0.1:443
connect = 172.16.4.29:80

[https]
accept = 127.0.0.1:444
connect = 172.16.4.29:80
TIMEOUTclose = 0


Here the connections are accepted on localhost and the packets for the same are tunneled to another machine over the network which has the internet connectivity. Here 172.16.4.29 is the IP of the machine on network which has stunnel server running on it. For using the internet connection, you should configure your browsers in the proxy section by selecting the option of “Manual Proxy Configuration” and put the IP address of the server i.e. 172.16.4.29 and the port as specified; in this case its 80.
After the connection is established between server and the client we can see the log on both sides showing the transferring of packets and if the connection isn’t proper than it will show the error.

Through this process you can also open blocked sites on one system by tunneling the packets from another system. So stunnel is a powerful tool and with great power comes great responsibility so use it well and for good of mankind.


Comment





Similar Threads
Tutorial Tutorial Starter Category Comments Last Post
Troubleshooting Computer after Dusting Sami Articles 0 05-17-2007 12:36 AM
Computer Safety for Kids Sami Security 0 11-22-2006 02:29 AM
Broken Computer - Fix or Fling? Sami Articles 0 10-22-2006 12:26 AM
Buying the Perfect Computer - The FIRST Time Sami Articles 0 04-17-2006 02:00 AM
5 Simple Ways To Increase Your Computer Speed Sami Articles 2 03-17-2006 06:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are on



» Ads



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54