Jump to content

Stunnel: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
AnomieBOT (talk | contribs)
Bots
6,569,186 edits
m Dating maintenance tags: {{Cn}}
Removed unsourced promotion of different software.
Line 22: Line 22:
If [[Linker (computing)|linked]] against [[TCP Wrapper|libwrap]], it can be configured to act as a [[proxy server|proxy]]–[[firewall (networking)|firewall]] service as well.
If [[Linker (computing)|linked]] against [[TCP Wrapper|libwrap]], it can be configured to act as a [[proxy server|proxy]]–[[firewall (networking)|firewall]] service as well.


Stunnel is maintained by Michał Trojnara and released under the terms of the [[GNU General Public License]] (GPL) with [[OpenSSL]] exception. In 2015, Square released [https://github.com/square/ghostunnel Ghostunnel], a replacement for Stunnel with better security properties.
Stunnel is maintained by Michał Trojnara and released under the terms of the [[GNU General Public License]] (GPL) with [[OpenSSL]] exception.


==Example scenario==
==Example scenario==

Revision as of 14:38, 27 February 2020

stunnel
Developer(s)Michał Trojnara
Initial release10 December 1998; 26 years ago (1998-12-10)[citation needed]
Stable release
5.55 / 10 June 2019; 5 years ago (2019-06-10)[1]
Repositorywww.stunnel.org/downloads.html
Written inC++[citation needed]
Operating systemMulti-platform
TypeProxy, Encryption
LicenseGNU General Public License
Websitewww.stunnel.org Edit this at Wikidata

Stunnel is an open-source multi-platform application used to provide a universal TLS/SSL tunneling service.

Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.[2] It runs on a variety of operating systems,[3] including most Unix-like operating systems and Windows. Stunnel relies on the OpenSSL library to implement the underlying TLS or SSL protocol.

Stunnel uses public-key cryptography with X.509 digital certificates to secure the SSL connection, and clients can optionally be authenticated via a certificate.[4]

If linked against libwrap, it can be configured to act as a proxyfirewall service as well.

Stunnel is maintained by Michał Trojnara and released under the terms of the GNU General Public License (GPL) with OpenSSL exception.

Example scenario

For example, one could use stunnel to provide a secure SSL connection to an existing non-SSL-aware SMTP mail server. Assuming the SMTP server expects TCP connections on port 25, one would configure stunnel to map the SSL port 465 to non-SSL port 25. A mail client connects via SSL to port 465. Network traffic from the client initially passes over SSL to the stunnel application, which transparently encrypts/decrypts traffic and forwards unsecured traffic to port 25 locally. The mail server sees a non-SSL mail client.[citation needed]

The stunnel process could be running on the same or a different server from the unsecured mail application; however, both machines would typically be behind a firewall on a secure internal network (so that an intruder could not make its own unsecured connection directly to port 25).

References

  1. ^ Trojnara, Michał. "Downloads". Stunnel. Retrieved 6 July 2019.
  2. ^ O'Donovan, Barry (October 2004). "Secure Communication with Stunnel". Linux Gazette, Issue 107.
  3. ^ "stunnel: Ports"
  4. ^ "stunnel(8) manual"
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Stunnel&oldid=942891717"