[stunnel-users] Stunnel and configuration

Jan Meijer jan.meijer at surfnet.nl
Tue Feb 22 17:09:09 CET 2005 

On Tue, 22 Feb 2005, Bohdan Linda wrote:

>> I use the CApath = directory directive for my client certificates.  The 
>> client certificates are pointed to by hashed symlinks.  Also makes it a lot 
>> easier to remove a client certificate if you want to revoke access to your 
>> stunnel for that particular certificate.
>
> In other words, is it safe to use together:
> CAfile=/path/to/my/cacert.pem
> CApath=/path/to/only/clientcerts

Yep; except that I only have the CA-certificate chain in cacert.pem.

> Does not one override other? Do you have your cacert.pem symlinked in your 
> CApath? And lastly as CApath is within chroot, what is the impact if 
> certificates stored in are "stolen" by successfull break-in?

Q: Does not one override other?
A: not that I know of

Q: Do you have your cacert.pem symlinked in your CApath?
A: no

Q: And lastly as CApath is within chroot, what is the impact if
    certificates stored in are "stolen" by successfull break-in?
A: The certificates are *public*.  So a hacker could allow your clients

    access to a client-certificate authenticated service of his/hers own.
    Far more dangerous would be if your server.pem including its
    private key would be stolen.  An attacker could then impersonate your
    service thereby sniffing whatever traffic passes his stunnel.  There
    are a number of ways to take care of this risk:

    -encrypt the private key of your server.pem; without the passphrase
     the key is useless to an attacker.  There are two disadvantages to
     this approach:
     1. no unattended reboots can be done; no automatic startup of your
        stunnel service *and* you have to type in the passphrase each time
        you (re)start the stunnel daemon.  I've done this for about a year
        with an apache+ssl server and got tired of it;
     2. if your chroot is compromised it would not be unlikely the attacker
        installs a sniffer thus voiding the passphrase if you're unlucky
    -buy an HSM module; they're not that expensive anymore and openssl
     should interface with them
    -try to use an USB-PKI token; they're not expensive at all compared to
     the HSM module and it should be possible to get it working; the
     private key will be safely stored in there; an attacker can't just
     copy it; then again; a USB key is more easily removed by a careless
     person.....
    -make sure you will *detect* any breakin in a timely fashion and then
     assume your private key has been compromised;

Jan

-- 
http://www.surfnet.nl/organisatie/jame

More information about the stunnel-users mailing list