
	Where results make sense

Topic: Stunnel

Related Topics

RC4 (cipher)

Export of cryptography

Advanced Encryption Standard

International Data Encryption Algorithm

Ivanovo

OFX

NKC

Ibaloi

Scat singing

Emily Cox

Secure Sockets Layer

In the News (Tue 15 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Stunnel: Format String Bug update
		Stunnel versions prior to 3.15 did not contain any smtp client negotiation code, only server code which is not vulnerable.
		Mitigating factors: If you start Stunnel as root but have it change userid to some other user using the '-s username' option, the Stunnel process will be running as 'username' instead of root when this bug is triggered.
		I succeeded to crash stunnel with the following setup: Acting as a mail server: $ netcat -p 252525 -l Acting as a mail client: $ stunnel -c -n smtp -r localhost:252525 When the connection is established, I send a string like "%s%s%s%s%s%s%s%s%s%s%s%s" from the netcat to the stunnel.
	lwn.net /2002/0110/a/stunnelupdate.php3 (586 words)

	Secure Communication with Stunnel LG #107
		Stunnel is an SSL encryption wrapper that allows what are normally plain text and insecure communications to be encrypted during transmission.
		Stunnel is generally included as a precompiled package with most common distributions and is possibly already installed on your system.
		Once Stunnel is installed and you have generated a certificate-key pair, you are only a simple configuration file away from using Stunnel to encrypt your communications.
	linuxgazette.net /107/odonovan.html (1259 words)

	freshmeat.net: Tutorials - SSL Encrypting Syslog with Stunnel
		Stunnel is Open Source and is available both for Unix/Linux and Windows.
		Stunnel, in turn, takes the data received from the client, encrypts it via SSL, and sends it to the remote tunnel portal, and that remote portal sends it to the recipient process on the remote machine.
		The "accept" directive binds stunnel only to the local host, so it is protected from receiving messages from the network (somebody might fake being the local sender).
	freshmeat.net /articles/view/1781 (2208 words)

	Paranoid Penguin - Rehabilitating Clear-Text Network Applications with Stunnel (Site not responding. Last check: 2007-11-06)
		Stunnel does not unless you configure it to, but setting Common Name to your FQDN is a good habit to get into nonetheless.
		If Stunnel is to listen on any TCP ports lower than 1025 it must be started as root, but it demotes itself after reading its configuration file, reading its server certificate and binding to the privileged port.
		On both Stunnel clients and servers, the default IP for accept statements is any (all local interfaces), and the default IP for connect statements is 127.0.0.1 (localhost).
	www.linuxjournal.com /node/7628/print (3227 words)

	stunnel.8
		The stunnel program is designed to work as SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers.
		stunnel cannot be used for the FTP daemon because of the nature of the FTP protocol which utilizes multiple ports for data transfers.
		The most common use of stunnel is to listen on a network port and establish communication with either a new port via the connect option, or a new program via the exec option.
	stunnel.mirt.net /static/stunnel.html (1743 words)

	Encrypting with Stunnel
		Stunnel is a program that allows both programmers and system administrators to easily add encryption to arbitrary TCP sessions.
		A Stunnel server primarily performs two functions: First, it takes unencrypted traffic, SSL-encrypts it, and then sends it over the network; second, it takes SSL-encrypted traffic, unencrypts it, then passes it over the network to another program (usually that program resides on the same machine, so as to avoid snooping attacks on the local network).
		Nonetheless, Stunnel is a highly useful utility that should be included in the repertoire of programmers and system administrators alike.
	www-128.ibm.com /developerworks/library/s-stun.html (2148 words)

	Stunnel and AT&T Worldnet Service
		Stunnel lets you use a non-ssl client to get e-mail and news over a secure connection.
		The nice thing about the stunnel program is that it also allows those of us running alternative operating systems to get e-mail and news through the secure connection required to access some ATandT Worldnet services from another ISP.
		Both openssl and Stunnel may be available as a package or add-on for your Linux distribution package.
	www.wurd.com /cl_ssl_stunnel.php (1288 words)

	Stunnel.org
		Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows.
		The Stunnel source code is available under the GNU General Public License, meaning it is free to use in both commercial and non commercial applications as you see fit, as long as you provide source code (and any modifications) with the software.
		Your compiled Stunnel binary is 'restricted' by whatever license your chosen SSL library is under, however both OpenSSL and SSLeay are open source and similarly liberal in their licensing.
	www.stunnel.org (462 words)

	Stunnel at Arda.Homeunix.Net
		On Callisto, Stunnel is configured to accept connections from the network on port 465 and to forward these connections to localhost port 25.
		On Callisto, Stunnel is running in daemon mode which is to say that on Callisto, Stunnel is acting as the server side of a client-server connection.
		Stunnel uses this to prove to a server that requires client certificates that it really is Io that the server is talking with.
	www.arda.homeunix.net /stunnelsetup.html (2758 words)

	stunnel - multiplatform SSL tunneling proxy
		The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server.
		Stunnel uses OpenSSL or SSLeay libraries for cryptography, so it supports whatever cryptographic algorithms you compiled into your library.
		Stunnel is written by Michal Trojnara and distributed as a free software under the GNU GPL license.
	stunnel.mirt.net (103 words)

	Case Study: Secure Telnet Using C-Kermit 7.1 With Stunnel
		Stunnel can be run as a stand-alone daemon or it can be run from inetd.conf.
		The stunnel server has the side effect of hiding the IP address and/or hostname of the client machine from the daemon that receives the unencrypted TCP stream.
		Note that stunnel does have a parameter -T that allows it to run in transparent proxy mode, whereby it is able to pass the client IP address/hostname to the receiving daemon, but this was written specifically for use with Linux kernels on the server.
	www.columbia.edu /kermit/case21.html (3233 words)

	Remote Desktop Management Solution for Microsoft
		Stunnel - The main purpose of the Stunnel utility is to create SSL tunnels that can be used to transmit other, often non-encrypted protocols in a secure manner.
		Thanks to the Stunnel, it will be possible to assure not only confidentiality and integrity of the transmitted data, but also to authenticate VNC clients and servers by certificates.
		Generally, the configuration process of the Stunnel utility installed on the VNC client host is very similar to the one, described in the previous step.
	www.securityfocus.com /infocus/1677 (2598 words)

	SSL Encrypting syslog with stunnel :: syslogd supporting MySQL and TCP :: rsyslog
		It is also a good idea to check if there are updates for either stunnel or openssl (which stunnel uses) - there are often security fixes available and often the latest fixes are not included in the default package.
		Now you have stunnel running, but it obviously unable to talk to rsyslog - because it is not yet running.
		The accept directive binds stunnel only to the local host, so that it is protected from receiving messages from the network (somebody might fake to be the local sender).
	www.rsyslog.com /rsyslog_stunnel.html (1876 words)

	LINUX SECURITY - Stunnel 4.00 Builds on Prior Success
		Stunnel encapsulates cleartext protocols within strong SSL encryption and can be used to protect pretty much any standard[2] TCP connection, from your mail protocol (POP, IMAP, SMTP) to your own customized application.
		Stunnel will accept the cleartext IMAP connection on this port, SSL encrypt it, and send it to port 993 on the mail server.
		On Unix, Stunnel would need to be run by root to bind this port, on Windows this is not required.
	open.itworld.com /nl/lnx_sec/09102002 (860 words)

	Testing client certificates with IBM Rational Robot's VU language
		Stunnel, which can be used on both Windows and Unix machines, is designed to work as an SSL encryption wrapper between remote clients and local or remote servers.
		Download these Stunnel files and then copy libssl.dll and libeay32.dll to the Windows\system directory of the machine(s) where the stunnel process will execute.
		Stunnel Version 4 differs from Stunnel Version 3 in that it uses a configuration file rather than command line options to specify ports to listen on and forward to.
	www-128.ibm.com /developerworks/rational/library/04/r-3238 (2471 words)

	Rsync + Stunnel 4.x
		Stunnel is not quite as fun to setup, especially since the documentation on the stunnel page still shows a lot of examples using the old stunnel 3 syntax.
		The stunnel daemon should be running at all times on both the client and the server and started at system boot.
		Stunnel is running locally on the client computer, just waiting for a connection which it will then forward to the server.
	www.netbits.us /docs/stunnel_rsync.html (3789 words)

	stunnel(8): universal SSL tunnel - Linux man page
		This is the directory in which stunnel will look for certificates when using the verify.
		Note that if you wish to run stunnel in inetd mode (where it is provided a network socket by a server such as inetd, xinetd, or tcpserver) then you should read the section entitled
		Note that this option will not combine with proxy mode (connect) unless the client's default route to the target machine lies through the host running stunnel, which cannot be localhost.
	www.die.net /doc/linux/man/man8/stunnel.8.html (1456 words)

	Secure Remote Logging with syslog-ng and stunnel
		The use of stunnel creates a ssl encrypted tunnel over which the log files pass between the log host and the client.
		Stunnel can encrypt any connection between two machines that are transferred using TCP.
		The version of stunnel for this particular installation was stunnel-3.22.
	www.zerrtech.com /Projects/secure-remote-logging.html (768 words)

	FreshPorts -- security/stunnel
		Update to stunnel 4.15, which has the major new feature of almost all connection options being configurable per connection, not global anymore.
		Update stunnel to 4.07, which incorporates most of our fixes to 4.06 and also fixes a crash if a client connection is closed too early.
		Add a new knob, PEM_DIR, to specify the path to install the certificate generated during the stunnel build, and later, the one generated using the 'cert' target of the port Makefile.
	www.freshports.org /security/stunnel (1339 words)

	Stunnel
		September 2000: Stunnel now supports SAMBA over SSL, as SSLProxy did before, using the new "-n smb" option.
		For each remote destination site you need a separately running stunnel process, all of them may run on the same computer, but for each your local gateway computer needs a seperate IP adress.
		Stunnel is very similar to SSLProxy, but I think it's much better, and most importantly it's more actively maintained than SSLProxy was in the past.
	www.kuix.de /ssl (672 words)

	The FreeBSD Diary -- stunnel - another way to avoid plain text passwords
		I'm going to create an SSL certificate to be used by stunnel when incoming connections come in.
		stunnel can run as a daemon, redirecting incoming connections to a server running under stunnel.
		Now any connections coming in on port 110 of localhost will be redirected to mail.monkeysinc.org on port 995 with stunnel doing all the talking on both ends, keeping the conversation secure.
	www.freebsddiary.org /stunnel.php (931 words)

	ATT Worldnet SSL stunnel
		Netscape is told to communicate with stunnel, and stunnel is told to communicate with the ATT mail servers.
		The stunnel arguments used are: -c, client mode, which expects the "other end" to speak SSL; -d [port], run in daemon mode listening on port [port] on all IP addresses; -r [host:port], connect to remote service/port.
		Stunnel docs say that stunnel, in daemon mode, will accept TERM, QUIT and INT commands to shut it down, but I don't know how to do this with stunnel as I am running it.
	obri.net /tech/attssl.html (1106 words)

	Stunnel - Wikipedia, the free encyclopedia
		Stunnel is a free multi-platform computer program, used to provide universal TLS/SSL service.
		Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.
		Stunnel is maintained by Michal Trojnara and Brian Hatch.
	en.wikipedia.org /wiki/Stunnel (135 words)

	SSL connections with MUSHclient
		This page describes using MUSHclient to connect to a MUD that uses SSL (Secure Sockets Layer) by using "stunnel" to establish a secure connection.
		The advantage of this is that what you type cannot be read by "packet sniffers" on the local network, or indeed anywhere on the Internet between your PC and the MUD.
		Stunnel is released under the GNU General Public License.
	www.gammon.com.au /mushclient/stunnel.htm (440 words)

	ISS X-Force Database: stunnel-file-descriptor-hijack(13097): Stunnel file descriptor leak could allow an attacker to ... (Site not responding. Last check: 2007-11-06)
		Michael Trojnara's Stunnel is an SSL encryption program that allows a user to encrypt arbitrary TCP connections inside SSL.
		Stunnel versions 3.24 and earlier and version 4.0 leaks file descriptors to child processes.
		CVE-2003-0740: Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
	xforce.iss.net /xforce/xfdb/13097 (498 words)

	Securing Demarc with Stunnel
		Note that stunnel likes to have the private key and certificate in the same file.
		As with the server’s stunnel private key, the key you have in newreq.pem is encrypted.
		Interestingly, when you bind stunnel to a localhost port, it won’t allow anyone else to connect to this port remotely.
	www.mindspring.com /~joelmoses/demarc_stunnel.html (1697 words)

	SSL Encrypting Syslog via Stunnel
		In this paper, I will describe how it is done with stunnel (another alternative would be IPSec, for example).
		As a side-note, you can also encrypt a plain-text RFC 3195 session via stunnel, though this definitely is not what the protocol designers had on their mind ;)
		Then, start stunnel via "stunnel4 /etc/stunnel/syslog-client.conf". Now you should see some startup messages.
	librenix.com /?inode=7126 (1874 words)

	Installation of stunnel and Configuration of tcp3270 Client for SIS \| ITS
		To get the tcp3270 client to work properly you must first install stunnel which is an application that allows the tcp3270 to work securely.
		It is important to note that whenever you want to run SIS you must make sure you are connected to stunnel and you should always open stunnel before you open SIS.
		Again you will know you are running stunnel by the small stunnel icon at the bottom right of your machine.
	www.colorado.edu /its/docs/sis/windows.html (511 words)

	Wrapping POP/IMAP/SMTP with stunnel
		This was written using stunnel 3.8 as a reference.
		However, this cannot be used with stunnel in its current form because it is protected by a passphrase.
		The two ways for stunnel to wrap a given service are for stunnel to launch the daemon it's wrapping, or proxy to the port the unencrypted service is running on (if at all).
	www.octaldream.com /~scottm/talks/ssl/stunnel.html (414 words)

	The FreeBSD Diary -- Upgrading to stunnel 4
		I use it to hide various traffic, including the cvsup I run to update this website and the zone files on my DNS servers.
		See stunnel - another way to avoid plain text passwords and stunnel - encryption and security for my previous articles.
		Note that I've had success in mixing v3 and v4 of stunnel.
	www.freebsddiary.org /stunnel-v3-to-v4.php (412 words)

Try your search on: Qwika (all wikis)