<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Looks like the problem I'm seeing is it doesn't like the PSK
protocol for some reason and TLS1.3 breaks this because of how PSK
is now in TLS1.3. Doing more testing...<br>
</p>
<div class="moz-cite-prefix">On 6/15/19 3:48 PM, Brent Kimberley
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2007947515.1455862.1560628106955@mail.yahoo.com">
<blockquote type="cite">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap=""> Is there something missing ?
</pre>
</blockquote>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Can you please elaborate? <a class="moz-txt-link-freetext" href="https://www.stunnel.org/auth.html">https://www.stunnel.org/auth.html</a>
Subject: Using STunnel4 with both SSL/TLS proxy AND PSK authentication
Hi, all.
We've got a specific use case where we need to implement an stunnel4
'tunnel' in the following format:
Client <---> client-side stunnel4 <---> server-side stunnel4 <---> server
The specific case for this is because of a server that does NOT support
SSL on the remote side nor client side, and we need to use two stunnel4
instances to establish the "secure" tunnel.
We can get it working with straight SSL/TLS certificates for a secure
connection between the two but can't seem to add authentication to this,
we want to get the stunnel4 on the client side and the stunnel4 on the
server side to have to have some kind of authentication/exchange between
them.
Whenever we add the PSK options or client certs to the thing, we
immediately get SSL/TLS problems, as it doesn't seem to support SSL/TLS
handshakes properly at that point.
Is there something I'm missing within the STunnel4 documentation about
establishing the SSL/TLS tunnel AND adding an authentication component,
or is this not possible?? It doesn't currently seem possible based on my
testing...
Thomas
</pre>
</blockquote>
</body>
</html>