stunnel-users

stunnel-users@stunnel.org

5 participants
3293 discussions

TLSV1.0
by Stefano Pelli 27 Oct '23

27 Oct '23

Dear all, as my first post, I am asking a confirmation: is TLS ver 1.0 still supported by stunnel (unfortunately, I need that deprecated version to access a server)? It all worked fine, then I upgraded to Kubuntu 22.04 and for some reason that broke the support of this protocol. I get the connection closed right after trying to open it. Before upgrading all was working without a hitch. Since then (1 year ago), I have been looking for solutions and trying all sorts of fixes by changing stunnel.conf, but with no success. Can you be so kind to give me some info about this and if possible a remedy until the server gets updated (not under my control)? Thank you in advance, Stefano

3 3

Re: TLSV1.0
by Stefano Pelli 26 Oct '23

26 Oct '23

At 04:26 AM 10/26/2023, Thomas Ward via stunnel-users wrote: >This is not an STunnel issue but an OpenSSL libraries/defaults issue. Thank you Thomas. After your input I made some more tests. Following advice founf in the net, I had already included: >[system_default_sect] >CipherString = DEFAULT@SECLEVEL=1 in openssl.cnf But still it would not work through stunnel. Today I tried a connection directly from openssl and I managed to succesfully initiate and conclude a proper POP3 dialog with the culprit server. Then, looking at the messages from openssl, I saw that the connection was established, as expected, by TLSV1 and AES256-SHA protocol. Therefore, I tried to force this in the relevant section of stunnel.conf: >ciphers = AES256-SHA But with the same result when trying to open the connection through stunnel (5.71) >telnet 127.0.1.1 110 >Trying 127.0.1.1... >Connected to 127.0.1.1. >Escape character is '^]'. >Connection closed by foreign host. With the other servers I can this way estblish a POP3 dialog, as I managed directly through openssl. What am I missing here? Thank you for any addition insights! Stefano

1 0

Silent installation is not working for Stunnel v5.71
by meta＠adaptiva.com 23 Oct '23

23 Oct '23

Hi Team, We are 3rd party patch provider like PatchMyPC or ManageEngine. We are providing similar services to our customers and willing to add Stunnel to our catalogue. https://adaptiva.com/products/autonomous-patch We have downloaded the binary from below URL – https://www.stunnel.org/downloads.html We are trying to install the application silently, we found -quiet as silent switch for this application. But that is not installing the application silently. Could you please help us to install the application silently.

2 1

Re: Silent installation is not working for, Stunnel v5.71
by Miroslav Geisselreiter 23 Oct '23

23 Oct '23

Hi, we use /S switch which works for us for a long time. Miroslav Geisselreiter > Message: 1 > Date: Mon, 23 Oct 2023 08:30:30 -0000 > From: meta(a)adaptiva.com > Subject: [stunnel-users] Silent installation is not working for > Stunnel v5.71 > To: stunnel-users(a)stunnel.org > Message-ID: <169804983049.1982.1603425052292506533(a)stunnel.org> > Content-Type: text/plain; charset="utf-8" > > Hi Team, > > We are 3rd party patch provider like PatchMyPC or ManageEngine. We are providing similar services to our customers and willing to add Stunnel to our catalogue. > https://adaptiva.com/products/autonomous-patch > > We have downloaded the binary from below URL – > https://www.stunnel.org/downloads.html > > We are trying to install the application silently, we found -quiet as silent switch for this application. But that is not installing the application silently. > Could you please help us to install the application silently. >

1 0

Re: How do I hide my browsing?
by Eberhard 21 Oct '23

21 Oct '23

Exactly! If people could get around the Forti products that easily they would not have the reputation they have! Eric VICS, LLC Eric S Eberhard 2933 W Middle Verde Rd Camp Verde, AZ 86322 928-567-3727 (land line) 928-301-7537 (cell phone) http://www.vicsmba.com <http://www.vicsmba.com/> https://www.facebook.com/groups/286143052248115 From: Thomas Ward via stunnel-users <stunnel-users(a)stunnel.org> Sent: Friday, October 20, 2023 6:11 AM To: Jason Long <hack3rcon(a)yahoo.com>; Stewart Anderson via Stunnel-users <stunnel-users(a)stunnel.org> Subject: [stunnel-users] Re: How do I hide my browsing? Stunnel is not a VPN, so no it can't "hide your browsing". Hiding your browsing needs more than just stunnel because of how DNS and other components for browsing work. Question 2 is beyond the scope of stunnel's list to answer. This said: If you have to ask how to hide your browsing that means you're violating your network's use policies, and with Fortinet and Fortigate in line it sounds like you're on a workplace network. Just don't use your workplace network for whatever shady stuff you're concerned about them finding you doing. Sent from my Galaxy -------- Original message -------- From: Jason Long via stunnel-users <stunnel-users(a)stunnel.org <mailto:stunnel-users@stunnel.org> > Date: 10/20/23 09:05 (GMT-05:00) To: Stewart Anderson via Stunnel-users <stunnel-users(a)stunnel.org <mailto:stunnel-users@stunnel.org> > Subject: [stunnel-users] How do I hide my browsing? Hello, In an internal network, they monitor web browsing through firewalls (Fortinet and FortiGate). I have two questions: 1- Can I use Stunnel to hide my browsing? 2- Can they capture usernames and passwords for email and other websites? Thank you.

3 4

How do I hide my browsing?
by Jason Long 20 Oct '23

20 Oct '23

Hello,In an internal network, they monitor web browsing through firewalls (Fortinet and FortiGate). I have two questions: 1- Can I use Stunnel to hide my browsing? 2- Can they capture usernames and passwords for email and other websites? Thank you.

3 2

stunnel cmvp number
by Seray Tokadli 09 Oct '23

09 Oct '23

Hi, for our company i need to find the cvmp number for stunnel however I am not able to find it. Is there anyone who can help me with that? https://csrc.nist.gov/projects/cryptographic-module-validation-program/vali… I could not find stunnel here. -- Seray TOKADLI KILIÇ +420778116052

2 1

Re: stunnel smtp tls frontend server/proxy for remote backend postfix
by James Thornton 09 Oct '23

09 Oct '23

The direction is mail sent from an external email address to stunnel (running on google cloud) for delivery to a postfix mailbox running on a local network. I posted this question on serverfault ( https://serverfault.com/questions/1145279/stunnel-smtp-tls-frontend-server-…), and someone said the problem may be either stunnel strips the ip and/or the the sender is trying to switch to TLS on postfix, not realizing the TLS connection has already been made by stunnel. On Sat, Oct 7, 2023 at 9:22 AM Stewart Anderson <stuson_2000(a)yahoo.co.uk> wrote: > Client and server will both negotiate SSL. Your server mode is presenting > a certificate. > > It's not clear from your config /text which direction your traffic is > going !! > > If it's incoming from Google to your postfix server then server mode is > correct. Stunnel will negotiate the SSL and then forward to postfix in > clear. If the handshake isn't happening, have you put Google's cert in > your CA certs somewhere? > > What confuses it for me is the Google internal IP reference. If you are > getting traffic from Google then stunnel would need to be accepting on the > host where stunnel is, so only a port is required in the accept. This can > be on a machine in your DMZ or behind a firewall, e.g. on or close to your > postfix server. > > Hope that helps. > > > > > Stewart > stuson_2000(a)yahoo.co.uk > > On 6 October 2023 05:51:14 "james(a)jamesthornton.com" < > james(a)jamesthornton.com> wrote: > > I'm running stunnel in server mode and listening on port 587 and trying to >> connect to a remote postfix server running on port 25. >> >> NB: the two servers are connected via zerortier, which may or may no be >> relevant to the issue. >> >> DEBUG = 7 >> >> [ssmtp] >> protocol = smtp >> accept = google_cloud_internal_ip:587 >> connect = remote_zerotier_postfix_ip:25 >> cert = /etc/stunnel/domain.pem >> >> I thought this would set up stunnel to handle the TLS handshake and >> terminate the TLS connection, while proxing to the backend postfix server >> without requiring postfix to worry about TLS. But I'm getting LOG3[0]: >> STARTTLS expected when stunnel tries to connect to postfix. If I put >> stunnel in client mode, then it doesn't negotiate the incoming TLS >> (right?). >> >> What am I missing? >> _______________________________________________ >> stunnel-users mailing list -- stunnel-users(a)stunnel.org >> To unsubscribe send an email to stunnel-users-leave(a)stunnel.org >> > > -- James Thornton, *http://electricspeed.com <http://electricspeed.com>*

2 1

stunnel smtp tls frontend server/proxy for remote backend postfix
by james＠jamesthornton.com 06 Oct '23

06 Oct '23

I'm running stunnel in server mode and listening on port 587 and trying to connect to a remote postfix server running on port 25. NB: the two servers are connected via zerortier, which may or may no be relevant to the issue. DEBUG = 7 [ssmtp] protocol = smtp accept = google_cloud_internal_ip:587 connect = remote_zerotier_postfix_ip:25 cert = /etc/stunnel/domain.pem I thought this would set up stunnel to handle the TLS handshake and terminate the TLS connection, while proxing to the backend postfix server without requiring postfix to worry about TLS. But I'm getting LOG3[0]: STARTTLS expected when stunnel tries to connect to postfix. If I put stunnel in client mode, then it doesn't negotiate the incoming TLS (right?). What am I missing?

1 0

stunnel events
by noel_melvin＠neimanmarcus.com 02 Oct '23

02 Oct '23

Whats the difference between Connection closed: : 2505 byte(s) sent to TLS, 59 byte(s) sent to socket and Connection closed: : 0 byte(s) sent to TLS, 0 byte(s) sent to socket we can see these kind of variations in the stunnel logs. if its 0 bytes doest it mean that client didnt send any data/packet to stunnel server? Need help

1 1

← Newer
1
...
6
7
8
9
10
11
12
...
330
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users