-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Martin, As far as I understood your description what you need is additional authentication of web application sessions, rather than authentication of individual TLS connections. I guess you need a specialized reverse HTTP(S) proxy. Stunnel is a generic TCP/TLS proxy. It has no understanding of HTTP and web applications. Best regards, Mike On 29.10.2015 21:11, hamburg-barmbek@gmx.de wrote:

at the moment we’re using a https-Wrapper-Service in our firewall-appliance to manage restricted access to some of our websites. For two factor authentication we’re using privacyIDEA as radius server. Most of our users/employees are using for one time password generation the "Google Authenticator" App. Some are using "Feitian C-200" (but I do not like the C-200, because I do not know how to program a new seed by myself). Both generators are based on the quite simple TOTP Algorithm (https://tools.ietf.org/html/rfc6238). The https-password is a combination of a fixed password directly followed by the TOTP password.

Because we want to change the firewall-appliance, we have to find a new solution. Is it possible (or is it a planned feature for the near future) to handle authentication in stunnel with radius? Or even better/simpler, is TOTP supported by stunnel? I wasn't able to find anything like this in the documentation.

Regards, Martin

_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJWM/8xAAoJEC78f/DUFuAUuLAQAKiUHGo3l+FZi8xcEm/8Il1A Ht9CLNXlrKRRtrbRPNK3GloTaMtcPWvYl18UXvk3X0wBIC9ADLUU0RsBCxwJpqNC uaxoBS8mlxVz7vuSygKuSIIajQElY/zQD8r5LecOCxlM1sQqflplMwu7by1X3nK5 1kxoy9wbt/JARFLcZG3tBd2m3nJEBh6VBD4q4L9yYwU92LrpoDlP47TZg+clMz/w 8sNgQj6TG3srhF1k6kHM7Ggi3/y4oJIcyF1PhDFROKLN6Sx1LukqcO3JDLTqfiF7 6OBQPCsOE4iXN0Urt0ldnOKivdikLHYUPCdAM/YUhafCagD4Lq6XDqIjZFcfxCNo TYayROXZJPQPOvDvsLF9tM//luQrEV36UHjqWAvSl9l3cyZj3TqqSvyl+dh1VMke 0ru8vcaFsnoYDufGFOJG1byVj2jsnjTuYmD7Dwr+pocfjwIvbRXuh5+ayOZaUHGt iEbreZar+x4Ok/yDY9DRCSjYgBIu5dcQNTSr7TvD/PcngdPV2QIAI1IwnuJzKPGx zQBm1BoghDN0EWvDRXA6HbsyuiB0ecTIRAuHA8acM0kYQyXLoan7wpwAL7bhNyoR 3vj6pc1lypMdkgv5ke9aRIsQxxIX6PVJq7j66Z77sM2I6CnuoW4YXH9tqGIvawBx WSOxj81HY+x6+bwLYVtf =KtpX -----END PGP SIGNATURE-----