[stunnel-users] How to forward client's IP address with stunnel on Windows
Henrik Riomar
henrik.riomar at gmail.com
Mon Oct 8 20:23:37 CEST 2012
On 10/08/2012 07:22 PM, Emmanuel Egensperger wrote:
>
>
> Is there any solution to my problem ? Have I done something wrong ?
>
I use a small patch for this, it also passes some more "nice to know"
stuff to the application running "behind" stunnel. I agree that this
patch might be shooting a bit over your target, but anyhow that is how I
do it myself.
Patch description;
-----------------------------------------------------------------------
Allows passing of crypto parameters for the current client to the
server "behind" stunnel. This allows the application in the server
to take the crypto level and client-ip:port into account when
offering a service (or not).
The client info is passed as the *first* line before the normal
unencryped data stream from the client.
Example "192.168.10.53:53353;ECDHE-RSA-RC4-SHA"
-----------------------------------------------------------------------
The crypto level is nice to know as stunnel can be configured to allow
weaker cryptos (for backwards compatibility with older browsers). When
the application sees a week crypto it can require a one-time password as
authentication, instead of normal username:static-password. As this info
is passed as a first line, the application need written to take this
into account.
Mike: I have been using this patch for some time without any issues, if
you like to include it in stunnel it is under public domain.The patch is
re-based on top of 4.54b8. Is is enabled with a new option
"send_client_info = yes", without this it does nothing.
Regards,
Henrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121008/7023e561/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-adds-send_client_info-option.patch
Type: text/x-patch
Size: 3597 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121008/7023e561/attachment.bin>
More information about the stunnel-users
mailing list