-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Hi Martin,

As far as I understood your description what you need is additional authentication of web application sessions, rather than authentication of individual TLS connections.

I guess you need a specialized reverse HTTP(S) proxy. Stunnel is a generic TCP/TLS proxy. It has no understanding of HTTP and web applications.

Best regards, Mike

On 29.10.2015 21:11, hamburg-barmbek@gmx.de wrote:

at the moment we’re using a https-Wrapper-Service in our firewall-appliance to manage restricted access to some of our websites. For two factor authentication we’re using privacyIDEA as radius server. Most of our users/employees are using for one time password generation the "Google Authenticator" App. Some are using "Feitian C-200" (but I do not like the C-200, because I do not know how to program a new seed by myself). Both generators are based on the quite simple TOTP Algorithm (https://tools.ietf.org/html/rfc6238). The https-password is a combination of a fixed password directly followed by the TOTP password.

Because we want to change the firewall-appliance, we have to find a new solution. Is it possible (or is it a planned feature for the near future) to handle authentication in stunnel with radius? Or even better/simpler, is TOTP supported by stunnel? I wasn't able to find anything like this in the documentation.

Regards, Martin

_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users