Hi, all.
We've got a specific use case where we need to implement an stunnel4 'tunnel' in the following format:
Client <---> client-side stunnel4 <---> server-side stunnel4 <---> server
The specific case for this is because of a server that does NOT support SSL on the remote side nor client side, and we need to use two stunnel4 instances to establish the "secure" tunnel.
We can get it working with straight SSL/TLS certificates for a secure connection between the two but can't seem to add authentication to this, we want to get the stunnel4 on the client side and the stunnel4 on the server side to have to have some kind of authentication/exchange between them.
Whenever we add the PSK options or client certs to the thing, we immediately get SSL/TLS problems, as it doesn't seem to support SSL/TLS handshakes properly at that point.
Is there something I'm missing within the STunnel4 documentation about establishing the SSL/TLS tunnel AND adding an authentication component, or is this not possible? It doesn't currently seem possible based on my testing...
Thomas
-
Thomas Ward