[stunnel-users] protocols options clarification

Brian Wilkins bwilkins at gmail.com
Wed Dec 5 22:27:27 CET 2012 

>From protocol.c in the stunnel source:

static const struct {
    char *name;
    struct {
        PROTOCOL_PHASE type;
        FUNCTION func;
    } handlers[2];
} protocols[]={
    {"proxy",   {{PROTOCOL_PRE_SSL,     proxy_server},
{PROTOCOL_PRE_SSL, NULL}}},
    {"cifs",    {{PROTOCOL_PRE_CONNECT, cifs_server},
{PROTOCOL_PRE_SSL, cifs_client}}},
    {"pgsql",   {{PROTOCOL_PRE_CONNECT, pgsql_server},
{PROTOCOL_PRE_SSL, pgsql_client}}},
    {"smtp",    {{PROTOCOL_PRE_SSL,     smtp_server},
{PROTOCOL_PRE_SSL, smtp_client}}},
    {"pop3",    {{PROTOCOL_PRE_SSL,     pop3_server},
{PROTOCOL_PRE_SSL, pop3_client}}},
    {"imap",    {{PROTOCOL_PRE_SSL,     imap_server},
{PROTOCOL_PRE_SSL, imap_client}}},
    {"nntp",    {{PROTOCOL_NONE,        NULL},
{PROTOCOL_PRE_SSL, nntp_client}}},
    {"connect", {{PROTOCOL_PRE_CONNECT, connect_server},
{PROTOCOL_PRE_SSL, connect_client}}},
    {NULL,      {{PROTOCOL_NONE,        NULL},
{PROTOCOL_NONE,    NULL}}}
};

*STARTTLS* is an extension to plain text communication protocols, which
offers a way to upgrade a plain text connection to an encrypted
(TLS<http://en.wikipedia.org/wiki/Transport_Layer_Security>or
SSL <http://en.wikipedia.org/wiki/Secure_Socket_Layer>) connection instead
of using a separate port for encrypted communication.

stunnel will use one port to communicate the encrypted information. That's
what it is telling you. No need to initiate a separate port when STARTTLS
is sent.



On Wed, Dec 5, 2012 at 1:27 PM, John A. Wallace <jw72253 at verizon.net> wrote:

> **
>
> The Service Level Options of the manual includes the following points:
>
> *******protocol = proto*
>
>    application protocol to negotiate SSL (e.g.***** starttls* or***** stls
>       *)
>
>       *****protocol* option should not be used with SSL encryption on a
>       separate port.
>
>       Currently supported protocols:
>
> *CIFS*
>
> *Connect*
>
> *Etc..***
>
>  However, in the listed protocols supported neither “starttls” or “stls”appears,
> even though they appear to be options as far as I can see from the above
> explanation.  Am I missing something here, or should they be among those
> in the list, and can one use this setting:
>
> Protocol=starttls
>
> Also, I don’t really understand what this statement is telling me: “*****
> protocol* option should not be used with SSL encryption on a separate
> port.”
>
>  John A. Wallace
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121205/c5ddf895/attachment.html>

More information about the stunnel-users mailing list