Why does TLS port accespt both TLS and plain TCP?

kenneho · 02-06-2009, 04:53 AM

Hi all.

I've set up stunnel (i.e. the universal TLS tunnel) listening on port X on a server. It seems to me like the port accepts both TLS connections as well as regular TCP connections (not running under TLS), and I'm not sure why this works.

Does anyone know why both TLS and normal TCP traffic is accepted at this port? I know that TLS is run over TCP in the first place, so I'm guessing it has something to do with this.

Greets,
kenneho

acid_kewpie · 02-06-2009, 05:12 AM

stunnel can be used in many many ways, can you show us how you're using it? AFAIR you can configure stunnel to allow plain connections on an ideally TLS encrypted connection is desired.

kenneho · 02-06-2009, 07:50 AM

I'm setting up rsyslog to tunnel syslog-messages via TLS to the loghost.
This is the config file I'm using - found it in the rsyslog documentation:

Code:

; Certificate/key is needed in server mode 
cert = /etc/stunnel/stunnel.pem 

; Some debugging stuff useful for troubleshooting 
debug = 7 
foreground=yes 

[ssyslog] 
accept  = 60514 
connect = 61514

Don't see anything about allowing plain TCP, so I'm guessing it it the default or something.

acid_kewpie · 02-06-2009, 09:52 AM

So how is this being used?? This is the server side? What is connecting to this?

kenneho · 02-08-2009, 07:30 AM

Ah, I think I've got this the wrong way.... The rsyslog server listens to both rsyslog traffic (TCP) and stunnel traffic, on separate ports naturally. In my tests I directed plain TCP traffic to the rsyslog TCP port, not the stunnel port. That explains why things seemed to work even when I thought I directed TCP traffic to the stunnel port. My bad.