[stunnel-users] Using stunnel to secure clients instead of servers
Ludolf Holzheid
lholzheid at bihl-wiedemann.de
Wed Jan 7 17:01:00 CET 2015
On Wed, 2015-01-07 10:11:39 -0500, Leon Smith wrote:
> Actually, that may be it, thank you. I definitely overlooked this
> option when I browsed the man page. I'll pass on this information to some
> interested parties and give them a chance to make it work. And I'll
> probably try this myself at some point soon.
>
> (Incidentally, it's an HTTP client that doesn't support HTTPS, even though
> the server does, so it appears I'll need protocol=connect and CAfile=...
> for certificate pinning as well.)
I don't know your setup, but if there is no proxy involved, you don't
need the 'protocol=...' option. For certificate pinning, you'll
certainly need 'CAfile=...' or 'CApath=...', and 'verify=LEVEL' with
LEVEL not below 2.
HTH,
Ludolf
--
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
Tel: +49 621 33996-0
Fax: +49 621 3392239
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796
More information about the stunnel-users
mailing list