[stunnel-users] protocols options clarification
Brian Wilkins
bwilkins at gmail.com
Wed Dec 5 22:27:27 CET 2012
>From protocol.c in the stunnel source:
static const struct {
char *name;
struct {
PROTOCOL_PHASE type;
FUNCTION func;
} handlers[2];
} protocols[]={
{"proxy", {{PROTOCOL_PRE_SSL, proxy_server},
{PROTOCOL_PRE_SSL, NULL}}},
{"cifs", {{PROTOCOL_PRE_CONNECT, cifs_server},
{PROTOCOL_PRE_SSL, cifs_client}}},
{"pgsql", {{PROTOCOL_PRE_CONNECT, pgsql_server},
{PROTOCOL_PRE_SSL, pgsql_client}}},
{"smtp", {{PROTOCOL_PRE_SSL, smtp_server},
{PROTOCOL_PRE_SSL, smtp_client}}},
{"pop3", {{PROTOCOL_PRE_SSL, pop3_server},
{PROTOCOL_PRE_SSL, pop3_client}}},
{"imap", {{PROTOCOL_PRE_SSL, imap_server},
{PROTOCOL_PRE_SSL, imap_client}}},
{"nntp", {{PROTOCOL_NONE, NULL},
{PROTOCOL_PRE_SSL, nntp_client}}},
{"connect", {{PROTOCOL_PRE_CONNECT, connect_server},
{PROTOCOL_PRE_SSL, connect_client}}},
{NULL, {{PROTOCOL_NONE, NULL},
{PROTOCOL_NONE, NULL}}}
};
*STARTTLS* is an extension to plain text communication protocols, which
offers a way to upgrade a plain text connection to an encrypted
(TLS<http://en.wikipedia.org/wiki/Transport_Layer_Security>or
SSL <http://en.wikipedia.org/wiki/Secure_Socket_Layer>) connection instead
of using a separate port for encrypted communication.
stunnel will use one port to communicate the encrypted information. That's
what it is telling you. No need to initiate a separate port when STARTTLS
is sent.
On Wed, Dec 5, 2012 at 1:27 PM, John A. Wallace <jw72253 at verizon.net> wrote:
> **
>
> The Service Level Options of the manual includes the following points:
>
> *******protocol = proto*
>
> application protocol to negotiate SSL (e.g.***** starttls* or***** stls
> *)
>
> *****protocol* option should not be used with SSL encryption on a
> separate port.
>
> Currently supported protocols:
>
> *CIFS*
>
> *Connect*
>
> *Etc..***
>
> However, in the listed protocols supported neither “starttls” or “stls”appears,
> even though they appear to be options as far as I can see from the above
> explanation. Am I missing something here, or should they be among those
> in the list, and can one use this setting:
>
> Protocol=starttls
>
> Also, I don’t really understand what this statement is telling me: “*****
> protocol* option should not be used with SSL encryption on a separate
> port.”
>
> John A. Wallace
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121205/c5ddf895/attachment.html>
More information about the stunnel-users
mailing list