Stunnel encryption channel Setup Guide

In normal mode, it is very simple. (You do not need to remotely Telnet)

First, use CCProxy to set up a local proxy. The Service Project and port can be set at will. Take HTTP and socks as an example to enable ports 8080 and 1080 respectively; the only note is that you must select "do not allow external LAN connection" to prevent bored people from guessing the password.
You can select the user/password authentication method in the user.

Then, I will omit the process of configuring Stunnel. Generate Stunnel. Pem, which is a self-verified encrypted file. Please refer to the OpenSSL documentation. Only the Stunnel. conf file needs to be modified.

CERT = Stunnel. pem; ciphertext
Key = Stunnel. pem; self-validation File
Taskbar = yes; Whether to display the icon in the system bar
Client = no; server/client Selection
[Http2ssl]; A service project starts
Accept = 8384; External Service port
Connect = 127.0.0.1: 8080; connect to the Service port locally, that is, the port opened by CCProxy.
[Socks2ssl]; another service project starts.
Accept = 9394
Connect = 127.0.0.1: 1080

In this way, the Stunnel of the client can be used for SSL encrypted communication.

Stunnel-install

You can install Stunnel in service mode.

To generate your own server certificate, download the OpenSSL package and refer to the following content:

Create a server certificate

The Stunnel client does not require a certificate. The Stunnel service method requires a certificate file.
Stunnel runs as a service on the ssl http Proxy Server. Therefore, you must have a certificate. Use openssl.exe to create a server certificate. The following is a translation of Stunnel about certificate creation:
"... Run the following command
OpenSSL req-New-X509-days 365-nodes-config OpenSSL. CNF-out Stunnel. pem-keyout Stunnel. pem
This will create a self-signed certificate. Parameter description:
-Days 365
Make the certificate valid for one year, and then it will not be available again.
-New
Create a new certificate
-X509
Create an X509 Certificate (self-signed)
-Nodes
This certificate has no password
-Config OpenSSL. CNF
Configuration file used by OpenSSL (the sections [ca_default] and [req_distinguished_name] may need to be modified)
-Out Stunnel. pem
Where to write the SSL Certificate
-Keyout Stunnel. pem
Put the SSL Certificate in this file

This command will ask you the following questions:
Demonstration of answers to questions
Country name PL, UK, US, CA
State or province name Illinois, Ontario
Locality Chicago, Toronto
Organization name Bill's meats, Acme anvils
Organizational unit name ecommerce Division
Common name (FQDN) www.example.com

Note: the common name (FQDN) should be the host name of the machine running Stunnel. If you can access this machine through different host names, some SSL customers will warn that the certificate on this host is faulty, so it is best to match it with the Host Name accessed by the user.

OpenSSL gendh 512> Stunnel. pem
This will generate the Diffie-Hellman part and append it to the PEM file. This is only required when you specify Stunnel to use DH, but it is not required by default. (It seems necessary. It may have been changed later. The translator)

OpenSSL X509-subject-dates-fingerprint-In Stunnel. pem
This command displays your certificate information on the screen.