Installation and use of the Stunnel encryption package (1)

Stunnel is an open-source GNU project of small cross-platform Unix/Linux and Windows. It provides the following two main functions:

For clients and servers that cannot communicate with TLS or SSL, Stunnel can provide secure encrypted connections based on OpenSSL ).

For LAN with access restrictions, Stunnel provides encrypted SSL connections to remove firewall and proxy restrictions and directly connect to any network service theoretically on the remote server. We know that port 443 is usually open for encrypted HTTP connections in the LAN. We can use this to create an SSL connection with Stunnel and remote port 443, the firewall and proxy will think that this connection is a normal HTTPS connection and can pass through.

> Go to the treasure chest of network security tools and check out other security tools.

Install Stunnel

For the Windows version of Stunnel, click here to download it. We need to install the downloaded Stunnel program on both the server and client. The installation process is relatively simple. Just click Next. Suppose we have installed Stunnel in the default path C: \ Program Files \ stunnel. For detailed installation steps, see:

 

Access control and security certificate generation

Stunnel uses OpenSSL to provide security certificate-based access control. According to the SSL protocol, both the client and the server can require the other party to provide a security certificate to verify whether the other party is trusted. In most applications, only the server needs to verify the security certificate of the client to confirm that the connector can be trusted. Therefore, this article mainly describes the server verification settings. The setup method and steps for client verification are the opposite to those for the server.

Determine how to implement access control. In the next step, we need a security certificate. You can select the following methods to obtain the security certificate:

1. C: \ Program Files \ Stunnel \ stunnel. pem that comes with the stunnel installer)

2. Security Certificate generated by OpenSSL

3. Security Certificate purchased from CA

Generally, method 1 is not recommended because the universal Stunnel security certificate cannot provide any security guarantee because everyone can download and obtain it. The safest 3rd Methods cost a lot of money, so here we use Method 2: Get the best security without spending money. The OpenSSL program is not provided for the Windows version of Stunnel. To generate a security certificate, you must use the following methods.

1. Use web services to generate security certificates

With the Web Service http://www.stunnel.org/pem/ provided by Stunnel), enter all the relevant information and then the Stunnel server will generate the required security certificate, see: