On Wed, Nov 15, 2017 at 08:57:10AM -0300, Igor Gatis wrote:
It would be nice to know whether it is actually possible to achieve this with stunnel. If not, is there any other tool I could use or combine?
It is possible to achieve this with stunnel running on server B with two service definitions: one that runs in server mode, accepts a TLS connection from server A, and forwards it to a local TCP port where the second stunnel service definition runs in client mode and establishes a TLS tunnel to server C. I can try to come up with some configuration examples later; right now I cannot really do any testing. Best regards, Peter
On Nov 13, 2017 08:58, "Igor Gatis" <igorgatis@gmail.com> wrote:
Yep, that's exactly what I'm seeking for help here.
If we can abstract the 2-way bit for a second, I'd call this a "certificate transcription" TLS tunnel.
On Thu, Nov 9, 2017 at 5:19 PM, Vincent Deschenes <vdeschenes@stelvio.com> wrote:
Ho,
But that does not account for the A ->[TLS] ->B part.
I believe that my sample will listen for unencrypted connection only.
*From:* stunnel-users [mailto:stunnel-users-bounces@stunnel.org] *On Behalf Of *Vincent Deschenes *Sent:* Thursday, 9 November 2017 3:16 PM *To:* Igor Gatis <igorgatis@gmail.com>; stunnel-users@stunnel.org *Subject:* Re: [stunnel-users] TLS "translation" & 2-way auth
You need to have a section in your config file which listen for requests but also have the “client = yes” option with a cert and key like this:
[http_a_to_c]
client = yes
accept = port_number_to_listen_on_server_b
connect = server_c_address:443
cert = certificate.crt
key = private.key
cert and key are the certificate and private key server B uses to identify itself on server C.
You could also add more options to specify a trustore to specify which cert coming from server C server B will trust, otherwise server B will simply allow the connection.
Good Luck
*From:* stunnel-users [mailto:stunnel-users-bounces@stunnel.org <stunnel-users-bounces@stunnel.org>] *On Behalf Of *Igor Gatis *Sent:* Thursday, 9 November 2017 1:14 PM *To:* stunnel-users@stunnel.org *Subject:* [stunnel-users] TLS "translation" & 2-way auth
Consider scenario below:
Server A ==TLS==> Server B ==TLS+2WayAuth==> Server C
Server A needs to connect to Server C through Server B which runs Stunnel. Server C requires 2-way authentication. I have full control over Server A and Server B and Server C belongs to a third-party.
What does Stunnel config should look like?
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13