[stunnel-users] Distinguished Name (DN) is a cleartext network communication?

Michael Renner michael.renner at gmx.de
Wed Jan 7 20:19:30 CET 2009


Moin,

I am confused. Trying to use the DN as a kind of password replacement I saw 
that the DN goes unencrypted through the network, while the traffic itself is 
encrypted of cause. Analysing the network packages with wireshark I get this:


100104083828Z0..1.0...U....DE1.0...U....Germany1.0
..U....Munich1.0...U.
..vbox4php1.0...U....stunnel1.0...U....mars.mtr.mynet1$0"..*.H..

.....michael.renner at gmx.de0.."0

This is, more or less, the content of the DN. Is there a chance to encrypt 
this?
My setup should work, no matter if a client certificate exists or not (also 
independent of the DN's content) . But the appliation behind stunnel (started 
by stunnel using the 'exec' statement) may behave dependent on the DN!

Any chance?

Thanks
-- 
|Michael Renner      E-mail: michael.renner at gmx.de  |
|D-81541 Munich      Germany        ICQ: #112280325 |
|Germany             Don't drink as root!      ESC:wq



More information about the stunnel-users mailing list