[stunnel-users] Mixed cert/PSKsecrets & TLS/SSL before proxy
Varda Zklir
v20z at yahoo.com
Thu Feb 2 13:16:40 CET 2017
Hello Gentlemen.
Needs help in configuration or negative clarifications on two issues.
1) First question whether is mixed use of cert/PSKsecrets auth possible?
The same method (ether cert or PSKsecrets explicitly) serverside trough the parent [TLS] and inherited services works properly. But mixed cert/PSKsecrets like in config snippet below doesn't work.
[TLS]
client = no
accept = 0.0.0.0:https
connect = localhost:http
cert = /etc/opt/stunnel/stunnel.pem
[ssh]
client = no
sni = TLS:ssh
connect = localhost:ssh
[socks]
client = no
sni = TLS:socks
protocol = socks
PSKsecrets = /etc/opt/stunnel/auth/passwd
The idea is to pass insensibly all incorrect or non-SNI aware requests to main http server and hide other multiplexed services. And at the same time to establish encryption and password access control to [socks] service.
2) And the second question is it possible proxy CONNECT after establishing SSL/TLS encryption?
The configuration section:
[ssh]
accept = 22222
protocol = connect
protocolHost = server.tld:443
protocolUsername = usernamehere
protocolPassword = passwordhere
connect = proxy.tld:8080
Say to establish unencrypted connection with proxy, pass username and password, tell proxy to establish CONNECT to target 443 and then transmit SSL/TLS to it.
Goal is if I have SSL/TLS termination server/proxy on port 443 so we at first speak SSL/TLS with proxy and only then proceed to proxy requests phase.
Thanks for future explanations.
More information about the stunnel-users
mailing list