LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   what is difference major between stunnel & ssl configuration (https://www.linuxquestions.org/questions/linux-server-73/what-is-difference-major-between-stunnel-and-ssl-configuration-4175419999/)

sanjay87 08-02-2012 10:16 AM
what is difference major between stunnel & ssl configuration
 
Hi all
Today to try out something new i tried out stunnel.I had configured ssl configuration in apache & tomcat .But i could find what the major difference between ssl & stunnel.Both perform the same function they encrypt the data flow in internet .


i try out the link an configured stunnel but it deliever error while connecting the server using telnet

http://blog.thesysadmins.co.uk/using...nnections.html


cat /etc/stunnel/stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/stunnel.pem
;key = /etc/stunnel/mail.key

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
;CAfile = /usr/share/ssl/certs/ca-bundle.crt
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

[pop3s]
accept = 995
connect = 110

[imaps]
accept = 993
connect = 143

[ssmtp]
accept = 465
connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

[www]
accept = 80
connect = 10.200.2.36:8080

; vim:ft=dosini
[root@node01 ~]#



telnet 10.200.2.36:80
10.200.2.36:80/telnet: Name or service not known

acid_kewpie 08-03-2012 06:39 AM
what are you actually asking?

SSL is a mechanism for encrypting a data stream (or other forms of data)

stunnel is a tool which provide noddy proxying to encrypt and decrypt SSL.

stunnel is amazingly useful, but should not really be a long term solution to anything.

as for the telnet command, you need a space between the ip and port, not a colon.


All times are GMT -5. The time now is 06:32 PM.