Ludolf Holzheid wrote:
Sunil Karumuri wrote:
Can we configure Stunnel to have only ONE SSL connection (or a pool of connections) between box A and B and have Stunnel use the open
connection
for all traffic from various clients ?
You may also be looking for a VPN solution.
... or just use SSH tunnels instead of SSL encapsulation.
It's not really the matter of specific software (e.g. stunnel), but the SSL protocol itself. SSL/TLS is based on 1:1 encapsulation of a data stream in an SSL connection. In most cases it's a good idea, e.g. traffic shapers (in OS kernels or network devices) can see separate data streams preventing starvation of low-throughput interactive connections.
It's possible to add a multiplexing layer between data streams and SSL. That's what so-called "SSL VPNs" do. Please note such an extension would be proprietary and thus incompatible with any other product. IMHO interoperability is a huge advantage of stunnel over various proprietary products.
Mike