On Tue, 05 Mar 2013 09:04:41 +0200 "jmwb@webmail.co.za" jmwb@webmail.co.za wrote:

Thank you for your response Javier.

I now understand how to phrase what I am looking for. What I am looking for is effectively an SSL Man-in-The-Middle (but please be assured that I am not looking to build malware). However, I am still not certain from your response that Stunnel can do this. Can the client-side handle SSL or does it only support clear-text on the client side?

jmwb

Hi, in the example I gave to you is like this. Hope this can help you to understand how stunnel works in such scenario.

1. Web browser without SSL support. 2. It sends clear text to the IP:port where stunnel client is listening. 3. Stunnel in the client machine send ciphered text to the machine with Stunnel acting as server. 4. Stunnel in the server machine sends clear text to the web server. 5. The web server hasn't SSL support. 6. The communication is reversed to reply to the client side.

With a diagram.

Browser <> clear text <> stunnel<> ciphered <> stunnel <> clear text <> web server

Of course, it is possible to make a MiTM attack between browser and stunnel and stunnel and web server at both sides, but not in between. To accomplish such attack you'll first need to access one of the machines and find such scenario. If both sides support SSL you don't need stunnel (unless one of the sides doesn't support SSL) and, therefore, all communications are ciphered P2P. No clear text. Except keyboard/mouse loggers in the client side.

As said, is a secure tunnel, an SSL proxy. As you wish.

Regards.