<HTML xmlns:o = "urn:schemas-microsoft-com:office:office"><HEAD>
<META charset=US-ASCII http-equiv=Content-Type content="text/html; charset=US-ASCII">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR></HEAD>
<BODY style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; BACKGROUND-COLOR: #ffffff">
<DIV>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">Dear patient users,</P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="mso-tab-count: 1"> </SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="mso-tab-count: 1"> </SPAN>It seems that stunnel does not encrypt outward traffic from my pc. I was able to get stunnel to work in the first place by having different proxies for each protocol. However, to test if my 8196 bit + x509 certificate keys actually encrypted my traffic I decided to do a test. I had sniffed my own computer using Cain and Able while logging in to my home router. To my disappointment, the sniffer picked up my username and password in plain text through HTTP protocol several times. Either that or Able can crack 256bit level encryption (256 x 32 = 8196) rather quickly. </P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">My stunnel.conf file:</P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Sample stunnel configuration file by Michal Trojnara 2002-2005<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Some options used here may not be adequate for your particular configuration<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Certificate/key is needed in server mode and optional in client mode<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">cert = C:\Program Files\stunnel\stunnel.pem<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">key = C:\Program Files\stunnel\stunnel.pem<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Some performance tunings<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">socket = l:TCP_NODELAY=1<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">socket = r:TCP_NODELAY=1<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Workaround for Eudora bug<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">options = DONT_INSERT_EMPTY_FRAGMENTS<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Authentication stuff<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;verify = 2<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Don't forget to c_rehash CApath;<SPAN style="mso-spacerun: yes"> </SPAN>CApath is located inside chroot jail:<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;CApath = certs<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; It's often easier to use CAfile:<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;CAfile = certs.pem<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Don't forget to c_rehash CRLpath;<SPAN style="mso-spacerun: yes"> </SPAN>CRLpath is located inside chroot jail:<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;CRLpath = crls<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Alternatively you can use CRLfile:<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;CRLfile = crls.pem<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Some debugging stuff useful for troubleshooting<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;debug = 7<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;dutput = C:\Program Files\stunnel\stunnel.log<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Use it for client mode<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">client = yes<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; Service-level configuration<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">client = yes<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">verify = 0<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;[pop3s]<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;accept<SPAN style="mso-spacerun: yes"> </SPAN>= 995<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;connect = 110<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;[imaps]<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;accept<SPAN style="mso-spacerun: yes"> </SPAN>= 993<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">;connect = 143</P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"> </P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">[ssmtp]<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">accept<SPAN style="mso-spacerun: yes"> </SPAN>= 127.0.0.1:465<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">connect = httpsupportingproxy4:3124<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">TIMEOUTclose = 0<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">[http]<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">accept<SPAN style="mso-spacerun: yes"> </SPAN>= 127.0.0.1:444<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">connect = httpsupportingproxy3:6588<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">TIMEOUTclose = 0<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">[https]<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">accept<SPAN style="mso-spacerun: yes"> </SPAN>= 127.0.0.1:443<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">connect = httpsupportingproxy2:6588<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">TIMEOUTclose = 0<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">[ftps]<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">accept<SPAN style="mso-spacerun: yes"> </SPAN>= 127.0.0.1:21<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">connect = httpsupportingproxy1:6588<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">TIMEOUTclose = 0<o:p></o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">; vim:ft=dosini</P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt">And my bat file used to generate keys:</P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p> </o:p></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">openssl req -new -x509 -days 365 -nodes -config C:\OpenSSL\bin\openssl.cnf -out stunnel.pem -keyout stunnel.pem<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier"><o:p> </o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;requirements:<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;OpensSSL.exe in C:\windows directory<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;Installation of Win32OpenSSL-v0.9.8.mis to C:\<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;Edit C:\OpenSSL\bin\openssl.cnf strings<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;[ req ]<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;default_bits<SPAN style="mso-tab-count: 2"> </SPAN>= 8196<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;default_keyfile <SPAN style="mso-tab-count: 1"> </SPAN>= stunnel.pem<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;distinguished_name<SPAN style="mso-tab-count: 1"> </SPAN>= req_distinguished_name<o:p></o:p></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;attributes<SPAN style="mso-tab-count: 2"> </SPAN>= req_attributes<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">;x509_extensions<SPAN style="mso-tab-count: 1"> </SPAN>= v3_ca<SPAN style="mso-tab-count: 1"> </SPAN># The extentions to add to the self signed cert<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier"><o:p> </o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">Cain Log:<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier"><o:p> </o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">==================================================================<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">= Cain's MAC Scanner/Promiscuous-mode Detector<SPAN style="mso-spacerun: yes"> </SPAN>=<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">==================================================================<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">IP Address: (Router)<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">MAC Address: (RouterMAC)<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">OUI Fingerprint: Cisco-Linksys, LLC<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">Hostname: <o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">ARP Test (Broadcast 31-bit): *<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">ARP Test (Broadcast 16-bit): *<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">ARP Test (Broadcast 8-bit): *<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">ARP Test (Group bit): *<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">ARP Test (Multicast group 0): *<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">ARP Test (Multicast group 1): *<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">ARP Test (Multicast group 3): *<o:p></o:p></SPAN></P>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><o:p></o:p> </P><o:p>
<P class=NormalArial style="MARGIN: 0in 0in 0pt"><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Courier; mso-bidi-font-family: Courier">Am I doing something wrong here?</SPAN></P></o:p></DIV></BODY></HTML>