Pierre, Peter, Aron,
Thanks for all the responses.
I now
have a better understanding of the main usecase for stunnel. In our
particular case, We need the connection multiplexing since we cannot
maintain a persistent connection to the stunnel client and we cannot
afford to create a new SSL connection for every new connection to
stunnel client.
So, we will probably go with SSH tunneling.
-Dorai
PS: My emails to the mailing list get blocked by a spam blocker so you might not see this message in the mailing list archives.
On Mon, Mar 16, 2009 at 8:27 AM, Aron Griffis
<aron@hp.com> wrote:
Dorai Ashok wrote: [Fri Mar 13 2009, 04:28:56PM EDT]
>I was able to setup stunnel between two hosts successfully but
>the only problem I am facing is that, the SSL connection between
>the two hosts is not persistent. For every connection I make to
>the stunnel client, a new SSL connection is established by the
>stunnel client to the stunnel server.
>
>Is there a configuration variable in stunnel which can make the SSL
>connection between stunnel client and server persistent ?
stunnel always builds a new SSL connection for every connection
it accepts on the client side. This is normally the right thing
because the server might be an SSL application rather than
another instance of stunnel.
It would be possible for stunnel to build a persistent SSL
connection to the server if the server is known to be another
stunnel instance, in which case every connection accepted on the
client side would spawn a new "exec" or "connect" on the server,
and the connections would be multiplexed over the single SSL
connection. That would be a very nice feature to add to stunnel,
but AFAIK it's not there right now.
It is, however, in openssh. This is what ssh -L port:remote:port
does. That is probably where you need to look if you depend on
this feature.
Regards,
Aron