It would be nice to know whether it is actually possible to achieve this with stunnel. If not, is there any other tool I could use or combine?
On Nov 13, 2017 08:58, "Igor Gatis" <[email protected]> wrote: Yep, that's exactly what I'm seeking for help here. If we can abstract the 2-way bit for a second, I'd call this a "certificate transcription" TLS tunnel. On Thu, Nov 9, 2017 at 5:19 PM, Vincent Deschenes <[email protected]> wrote: > Ho, > > But that does not account for the A ->[TLS] ->B part. > > I believe that my sample will listen for unencrypted connection only. > > > > > > *From:* stunnel-users [mailto:[email protected]] *On > Behalf Of *Vincent Deschenes > *Sent:* Thursday, 9 November 2017 3:16 PM > *To:* Igor Gatis <[email protected]>; [email protected] > *Subject:* Re: [stunnel-users] TLS "translation" & 2-way auth > > > > You need to have a section in your config file which listen for requests > but also have the “client = yes” option with a cert and key like this: > > > > [http_a_to_c] > > client = yes > > accept = port_number_to_listen_on_server_b > > connect = server_c_address:443 > > cert = certificate.crt > > key = private.key > > > > > > cert and key are the certificate and private key server B uses to identify > itself on server C. > > You could also add more options to specify a trustore to specify which > cert coming from server C server B will trust, otherwise server B will > simply allow the connection. > > > > Good Luck > > > > > > *From:* stunnel-users [mailto:[email protected] > <[email protected]>] *On Behalf Of *Igor Gatis > *Sent:* Thursday, 9 November 2017 1:14 PM > *To:* [email protected] > *Subject:* [stunnel-users] TLS "translation" & 2-way auth > > > > Consider scenario below: > > > > Server A ==TLS==> Server B ==TLS+2WayAuth==> Server C > > > > Server A needs to connect to Server C through Server B which runs Stunnel. > Server C requires 2-way authentication. I have full control over Server A > and Server B and Server C belongs to a third-party. > > > > What does Stunnel config should look like? > > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
