<div class="im">Pierre, Peter, Aron,<br><br>Thanks for all the responses.<br><br></div>I now
have a better understanding of the main usecase for stunnel. In our
particular case, We need the connection multiplexing since we cannot
maintain a persistent connection to the stunnel client and we cannot
afford to create a new SSL connection for every new connection to
stunnel client.<br>
<br>So, we will probably go with SSH tunneling.<br><font color="#888888"><br>-Dorai</font><br><br>PS: My emails to the mailing list get blocked by a spam blocker so you might not see this message in the mailing list archives.<br>
<br><div class="gmail_quote">On Mon, Mar 16, 2009 at 8:27 AM, Aron Griffis <span dir="ltr"><<a href="mailto:aron@hp.com">aron@hp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Dorai Ashok wrote: �[Fri Mar 13 2009, 04:28:56PM EDT]<br>
<div><div></div><div class="h5">>I was able to setup stunnel between two hosts successfully but<br>
>the only problem I am facing is that, the SSL connection between<br>
>the two hosts is not persistent. For every connection I make to<br>
>the stunnel client, a new SSL connection is established by the<br>
>stunnel client to the stunnel server.<br>
><br>
>Is there a configuration variable in stunnel which can make the SSL<br>
>connection between stunnel client and server persistent ?<br>
<br>
</div></div>stunnel always builds a new SSL connection for every connection<br>
it accepts on the client side. �This is normally the right thing<br>
because the server might be an SSL application rather than<br>
another instance of stunnel.<br>
<br>
It would be possible for stunnel to build a persistent SSL<br>
connection to the server if the server is known to be another<br>
stunnel instance, in which case every connection accepted on the<br>
client side would spawn a new "exec" or "connect" on the server,<br>
and the connections would be multiplexed over the single SSL<br>
connection. �That would be a very nice feature to add to stunnel,<br>
but AFAIK it's not there right now.<br>
<br>
It is, however, in openssh. �This is what ssh -L port:remote:port<br>
does. �That is probably where you need to look if you depend on<br>
this feature.<br>
<br>
Regards,<br>
<font color="#888888">Aron<br>
</font></blockquote></div><br>