Michal Trojnara mentioned:
On 2004-11-02, at 02:02, Red Phoenix wrote:
Establishing a SSL connection over UDP would be pretty tough, but has anyone thought about the possibility of allowing the 'listen' and 'destination' points to be UDP ports, with the main comms routed over TCP? This would effectively accomplish what most UDP requestors need.
It's not as easy as you think. SSL requires a stream of data as a transport. It's much more than a simple UDP forwarder.
Perhaps I wasn't quite as clear as I intended.. :) I'm not suggesting that SSL over UDP should be done.. I'm suggesting that stunnel could potentially act as a UDP-over-encrypted-TCP gateway.
For example: (For the moment, lets focus on syslog data):
Pre-stunnel: Server 1 Sends syslog messages to UDP port 514 on Server 2.
Server1 and Server2 both then install stunnel: Server1: Syslog messages are redirected to localhost UDP port 514 (rather than Server2 UDP port 514). Server1: Stunnel listens on UDP port 514, and sends encrypted data to Server2 on TCP port 12345 Server2: Stunnel listens on TCP port 12345, decrypts the data, and sends to localhost UDP port 514.
This way, stunnel acts as the UDP to TCP (encrypted) to UDP gateway - in a similar way that it can currently act as a pure TCP -> TCP (encrypted) -> TCP gateway.
Regards,
Leigh.