Hi,

I'm trying to use stunnel to provide encryption for my application to server communication. Server is already ssl aware. I configured my app to talk to localhost:xyz, and configured stunnel in client mode to relay traffic from localhost:<xyz> to actual service.  The stunnel to service ssl protocol would use the server certificate, as server is already ssl aware.

For any reason if stunnel is not running it would become possible for a non-elevated attacker/malware to spin up a tcp server listening to xyz, essentially taking advantage of my re-configuration of app to talk to localhost:xyz, and spoof the actual server.

Even if my app to server protocol had some anti-spoofing mechanism say e.g., reverse CHAP, the malware can easily relay the challenge and response by using the actual service.

In my case the actual app is iscsi initiator software that is not in my control and cant be modified, while the server is an iscsi tcp server which I am free to modify.

Are there any guidance/best practices around preventing this attack with stunnel?

Thanks

Abhinav