Hi everybody, Does anybody has already established a connection to AWS aurora postgreSQL with stunnel? I cant establish a connection and it may be an issue with channel binding. My config looks like this: ; Sample stunnel configuration file for Win64 by Michal Trojnara 1998-2025 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options ; ************************************************************************** ; * Global options * ; ************************************************************************** ; Debugging stuff (may be useful for troubleshooting) debug = 7 output = stunnel.log ; Enable FIPS 140-2 mode if needed for compliance fips = yes ; The CNG engine allows to integrate stunnel with the Windows Cryptography API: ; Next Generation (CNG) for authentication with private keys stored in the ; Windows certificate store. It serves as a drop-in replacement for the legacy ; OpenSSL Cryptography API (CAPI) engine. ; https://www.stunnel.org/cng-engine.html ; Each section using this feature also needs the "engineId = cng" option engine = cng ; The pkcs11 engine allows for authentication with cryptographic ; keys isolated in a hardware or software token ; MODULE_PATH specifies the path to the pkcs11 module shared library, ; such as softhsm2-x64.dll or opensc-pkcs11.dll ; IMPORTANT: A 64-bit stunnel requires 64-bit PKCS#11 modules ; Each section using this feature also needs the "engineId = pkcs11" option ;engine = pkcs11 ;engineCtrl = MODULE_PATH:softhsm2-x64.dll ;engineCtrl = PIN:1234 ; ************************************************************************** ; * Service defaults may also be specified in individual service sections * ; ************************************************************************** ; Enable support for the insecure SSLv3 protocol ;options = -NO_SSLv3 ; These options provide additional security at some performance degradation ;options = SINGLE_ECDH_USE ;options = SINGLE_DH_USE ; ************************************************************************** ; * Include all configuration file fragments from the specified folder * ; ************************************************************************** ;include = conf.d ; ************************************************************************** ; * Service definitions (at least one service has to be defined) * ; ************************************************************************** [postgreSQL_TLS] client = yes ;engineId = cng accept = 5433 connect = xxx.rds.amazonaws.com:5432 protocol = pgsql CAfile = C:\cert\xxx-bundle.pem verifyChain = yes checkHost = xxx.rds.amazonaws.com Thanks for any recommendations. Best regards Rolf Grube, MBA Senior Manager <https://www.credly.com/badges/443267d6-0d25-4fc3-9eee-f9654f6f3ee1/public_u rl> Oberender AG Elsenheimerstraße 59 | 80687 München t: +49 89 8207516-0 | m: +49 173 2035 133 <mailto:rolf.grube@oberender.com> rolf.grube@oberender.com <http://www.oberender.com/> www.oberender.com Vorsitzender des Aufsichtsrats: Dipl.-Volkswirtin Irmtraut Gürkan Vorstand: Jan Hacker (Vorsitzender), Jochen Baierlein Handelsregister: Amtsgericht Bayreuth, HRB 4267 Sitz der Gesellschaft: Bayreuth Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.
