Hi everybody,
Does anybody has already established a connection to AWS aurora postgreSQL with stunnel? I cant establish a connection and it may be an issue with channel binding.
My config looks like this:
; Sample stunnel configuration file for Win64 by Michal Trojnara 1998-2025
; Some options used here may be inadequate for your particular configuration
; This sample file does *not* represent stunnel.conf defaults
; Please consult the manual for detailed description of available options
; **************************************************************************
; * Global options *
; **************************************************************************
; Debugging stuff (may be useful for troubleshooting)
debug = 7
output = stunnel.log
; Enable FIPS 140-2 mode if needed for compliance
fips = yes
; The CNG engine allows to integrate stunnel with the Windows Cryptography API:
; Next Generation (CNG) for authentication with private keys stored in the
; Windows certificate store. It serves as a drop-in replacement for the legacy
; OpenSSL Cryptography API (CAPI) engine.
; https://www.stunnel.org/cng-engine.html
; Each section using this feature also needs the "engineId = cng" option
engine = cng
; The pkcs11 engine allows for authentication with cryptographic
; keys isolated in a hardware or software token
; MODULE_PATH specifies the path to the pkcs11 module shared library,
; such as softhsm2-x64.dll or opensc-pkcs11.dll
; IMPORTANT: A 64-bit stunnel requires 64-bit PKCS#11 modules
; Each section using this feature also needs the "engineId = pkcs11" option
;engine = pkcs11
;engineCtrl = MODULE_PATH:softhsm2-x64.dll
;engineCtrl = PIN:1234
; **************************************************************************
; * Service defaults may also be specified in individual service sections *
; **************************************************************************
; Enable support for the insecure SSLv3 protocol
;options = -NO_SSLv3
; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE
; **************************************************************************
; * Include all configuration file fragments from the specified folder *
; **************************************************************************
;include = conf.d
; **************************************************************************
; * Service definitions (at least one service has to be defined) *
; **************************************************************************
[postgreSQL_TLS]
client = yes
;engineId = cng
accept = 5433
connect = xxx.rds.amazonaws.com:5432
protocol = pgsql
CAfile = C:\cert\xxx-bundle.pem
verifyChain = yes
checkHost = xxx.rds.amazonaws.com
Thanks for any recommendations.
Best regards
Rolf Grube, MBA
Senior Manager
https://www.credly.com/badges/443267d6-0d25-4fc3-9eee-f9654f6f3ee1/public_u rl
Oberender AG
Elsenheimerstraße 59 | 80687 München
t: +49 89 8207516-0 | m: +49 173 2035 133
mailto:rolf.grube@oberender.com rolf.grube@oberender.com
http://www.oberender.com/ www.oberender.com
Vorsitzender des Aufsichtsrats: Dipl.-Volkswirtin Irmtraut Gürkan
Vorstand: Jan Hacker (Vorsitzender), Jochen Baierlein
Handelsregister: Amtsgericht Bayreuth, HRB 4267
Sitz der Gesellschaft: Bayreuth
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.
