On Wed, May 16, 2018 at 04:54:05AM +0000, Alex Birchall wrote:
According to the documentation, "client" mode can be "yes" or "no". Default is "no" - server mode.
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Alex Birchall Sent: 16 May 2018 05:50 To: stunnel-users@stunnel.org Subject: [stunnel-users] Stunnel running as service on Windows Server 2008 R2 but Stunnel All Users shortcut on the desktop reports that it server is down?
Hello,
I have Stunnel running as a service on a Windows Server 2008 R2. But the shortcut on the desktop "Stunnel All Users", when launched, informs me that the server is down due to an "invalid configuration file".
In the config file, if Stunnel is being run as a service, should it be "client = no" or "server = yes"?
The "client" setting does not depend on whether you run stunnel as a service or not; the only thing it depends on is what role you want stunnel to play in the TLS tunnel. When stunnel runs in client mode, it accepts unencrypted connections from other programs (e.g. an e-mail client) and establishes a secure tunnel to a TLS server to send the data encrypted over the network. When stunnel runs in server mode, it accepts encrypted connections over the network, decrypts the data, and sends it to a server that does not know how to or does not want to handle the TLS encryption by itself.
If you know that you want to run stunnel in server mode (let it accept TLS connections, decrypt the data and hand it off to some server-like application to process it), then it is "client = no".
G'luck, Peter