It would be nice to know whether it is actually possible to achieve this with stunnel. If not, is there any other tool I could use or combine?

On Nov 13, 2017 08:58, "Igor Gatis" <igorgatis@gmail.com> wrote:
Yep, that's exactly what I'm seeking for help here.

If we can abstract the 2-way bit for a second, I'd call this a "certificate transcription" TLS tunnel.

On Thu, Nov 9, 2017 at 5:19 PM, Vincent Deschenes <vdeschenes@stelvio.com> wrote:

Ho,

But that does not account for the A ->[TLS] ->B part.

I believe that my sample will listen for unencrypted connection only.

 

 

From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Vincent Deschenes
Sent: Thursday, 9 November 2017 3:16 PM
To: Igor Gatis <igorgatis@gmail.com>; stunnel-users@stunnel.org
Subject: Re: [stunnel-users] TLS "translation" & 2-way auth

 

You need to have a section in your config file which listen for requests but also have the “client = yes” option with a cert and key like this:

 

[http_a_to_c]

client = yes

accept = port_number_to_listen_on_server_b

connect = server_c_address:443

cert = certificate.crt

key = private.key

 

 

cert and key are the certificate and private key server B uses to identify itself on server C.

You could also add more options to specify a trustore to specify which cert coming from server C server B will trust, otherwise server B will simply allow the connection.

 

Good Luck

 

 

From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Igor Gatis
Sent: Thursday, 9 November 2017 1:14 PM
To: stunnel-users@stunnel.org
Subject: [stunnel-users] TLS "translation" & 2-way auth

 

Consider scenario below:

 

Server A   ==TLS==> Server B  ==TLS+2WayAuth==> Server C

 

Server A needs to connect to Server C through Server B which runs Stunnel. Server C requires 2-way authentication. I have full control over Server A and Server B and Server C belongs to a third-party.

 

What does Stunnel config should look like?