what is difference major between stunnel & ssl configuration
Hi all
Today to try out something new i tried out stunnel.I had configured ssl configuration in apache & tomcat .But i could find what the major difference between ssl & stunnel.Both perform the same function they encrypt the data flow in internet . i try out the link an configured stunnel but it deliever error while connecting the server using telnet http://blog.thesysadmins.co.uk/using...nnections.html cat /etc/stunnel/stunnel.conf ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of chroot jail) ; Certificate/key is needed in server mode and optional in client mode cert = /etc/stunnel/stunnel.pem ;key = /etc/stunnel/mail.key ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/run/stunnel/ setuid = nobody setgid = nobody ; PID is created inside chroot jail pid = /stunnel.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = rle ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /etc/stunnel/certs.pem ;CAfile = /usr/share/ssl/certs/ca-bundle.crt ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /etc/stunnel/crls.pem ; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.log ; Use it for client mode client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 [www] accept = 80 connect = 10.200.2.36:8080 ; vim:ft=dosini [root@node01 ~]# telnet 10.200.2.36:80 10.200.2.36:80/telnet: Name or service not known |
what are you actually asking?
SSL is a mechanism for encrypting a data stream (or other forms of data) stunnel is a tool which provide noddy proxying to encrypt and decrypt SSL. stunnel is amazingly useful, but should not really be a long term solution to anything. as for the telnet command, you need a space between the ip and port, not a colon. |
All times are GMT -5. The time now is 06:32 PM. |