Re: [stunnel-users] TCP (Server / Client)

--===============0514576978==
Content-Type: multipart/alternative;
boundary="_ecd95981-ad96-4407-835a-98330d90a9fe_"

--_ecd95981-ad96-4407-835a-98330d90a9fe_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Hi,
I have a normal TCP server which listenning to 192.168.1.4:4433 address. th=
e client (192.168.1.5) will connect with the serveur via Port serie .I want=
to make a root certificate CA, which will generate 2 pairs ( key + certi=
ficate) one for the server and one for the client. 1-Root certificate : CA2=
-Key + certificate:for the Client 3-Key + certificate:for the Server I do n=
ot know how to configure the SSL elements in Stunnel, I am using Windows XP=
..
=20
=20
My config: Stunnel.config for the server:
; Some performance tuningssocket =3D l:TCP_NODELAY=3D1socket =3D r:TCP_NODE=
LAY=3D1
output =3D stunnel.log
; Authentication stuffverify =3D 1
; It's often easier to use CAfileCAfile =3D ca.pemcert =3D stunnel.pem debu=
g =3D 7;foreground=3Dyes client =3D no[server]accept =3D 4433 connect =3D =
192.168.1.4:4433
=20
=20
But doesn't work :(
=20
thanks,



KHALED Khaled
Ing=E9nieur de t=E9l=E9communications et informatique

=20
> Date: Tue, 8 Jan 2008 10:29:19 -0800> From: bri@stunnel.org> To: kkhaled@=
hotmail.fr> CC: stunnel-users@mirt.net; stunnel-users-owner@mirt.net> Subje=
ct: Re: [stunnel-users] TCP (Server / Client)> > Sometime near 2008-01-08 1=
0:30 +0100, khaled khaled harangued:> > > I am a new STUNNEL user,I will do=
2 secure sockets TCP (Server / Client). I > > would like to know how to se=
t 'stunnel.conf. I tried but it does not work.> > You need to be more clear=
about > > 1) what IP/Port you want to accept on> 2) if you're accepting cl=
eartext or ssl> > 3) what IP/Port you want to connect to (or prrogam to lau=
nch)> 4) if you're sending cleartext or ssl> (this should be the opposite o=
f #2 above)> > > cert =3D server.crt > > key =3D serverkey.key> > CAfile =
=3D ca.crt> > accept =3D 192.168.1.4:4433> > connect =3D 192.168.1.4:4433> =
> You have stunnel accepting connections and send them to itself.> While a =
recursive loop may be fun, I doubt it's what you> actually wanted.> > > -- =
> Brian Hatch Friends come and go,> Systems and but enemies accumulate.> Se=
curity Engineer> http://www.ifokr.org/bri/> > Every message PGP signed
__________________________________________________ _______________
Nouveau ! Cr=E9ez votre profil Messenger !
http://home.services.spaces.live.com/=

--_ecd95981-ad96-4407-835a-98330d90a9fe_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style>
..hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'>
Hi,<BR><BR>
<DIV id=3Dresult_box dir=3Dltr>I have a normal TCP server which listenning =
to 192.168.1.4:4433 address. the client (192.168.1.5) will connect with the=
serveur via Port serie .I&nbsp;want&nbsp;to make a root&nbsp; certificate =
CA, which will generate 2 pairs (&nbsp; key + certificate) one for the serv=
er and one for the client. <BR>1-Root certificate : CA<BR>2-Key + certifica=
te:for the&nbsp;Client <BR>3-Key + certificate:for the&nbsp;Server <BR>I do=
not know how to configure the SSL elements in Stunnel, <BR>I am using Wind=
ows XP.</DIV>
&nbsp;<BR>
&nbsp;<BR>
My config: Stunnel.config for the server:<BR>
; Some performance tunings<BR>socket =3D l:TCP_NODELAY=3D1<BR>socket =3D r:=
TCP_NODELAY=3D1<BR>
output =3D stunnel.log<BR>
; Authentication stuff<BR>verify =3D 1<BR>
; It's often easier to use CAfile<BR>CAfile =3D ca.pem<BR>cert =3D stunnel.=
pem <BR>debug =3D 7<BR>;foreground=3Dyes <BR>client =3D no<BR>[server]<BR>a=
ccept&nbsp; =3D 4433 <BR>connect =3D 192.168.1.4:4433<BR>
&nbsp;<BR>
&nbsp;<BR>
But doesn't work :(<BR>
&nbsp;<BR>
thanks,<BR><BR>
<DIV>
<P class=3DEC_MsoNormal><FONT face=3D"Times New Roman" size=3D3></FONT></P>
<DIV>
<P class=3DEC_MsoNormal><SPAN style=3D"FONT-SIZE: 7.5pt; COLOR: #0066cc; FO=
NT-FAMILY: Tahoma"><IMG height=3D2 src=3D"http://graphics.hotmail.com/greyp=
ixel.gif" width=3D"100%" vspace=3D9><STRONG>KHALED Khaled</STRONG></SPAN></=
P>
<P class=3DEC_MsoNormal><SPAN style=3D"FONT-SIZE: 7.5pt; COLOR: #0066cc; FO=
NT-FAMILY: Tahoma"><FONT face=3D"Lucida Handwriting, Cursive">Ing=E9nieur d=
e t=E9l=E9communications et informatique</FONT></SPAN></P>
<P class=3DEC_MsoNormal>
<P class=3DEC_MsoNormal><SPAN style=3D"FONT-SIZE: 7.5pt; COLOR: #0066cc; FO=
NT-FAMILY: Tahoma"><FONT face=3D"Times New Roman"></FONT></SPAN></P><SPAN s=
tyle=3D"FONT-SIZE: 7.5pt; COLOR: #0066cc; FONT-FAMILY: Tahoma"><IMG height=
=3D2 src=3D"http://graphics.hotmail.com/greypixel.gif" width=3D"100%" vspac=
e=3D9></SPAN>=20
<BR><SPAN style=3D"FONT-SIZE: 7.5pt; FONT-FAMILY: Tahoma"></SPAN></DIV></DI=
V><BR><BR>&gt; Date: Tue, 8 Jan 2008 10:29:19 -0800<BR>&gt; From: bri@stunn=
el.org<BR>&gt; To: kkhaled@hotmail.fr<BR>&gt; CC: stunnel-users@mirt.net; s=
tunnel-users-owner@mirt.net<BR>&gt; Subject: Re: [stunnel-users] TCP (Serve=
r / Client)<BR>&gt; <BR>&gt; Sometime near 2008-01-08 10:30 +0100, khaled k=
haled harangued:<BR>&gt; <BR>&gt; &gt; I am a new STUNNEL user,I will do 2 =
secure sockets TCP (Server / Client). I <BR>&gt; &gt; would like to know ho=
w to set 'stunnel.conf. I tried but it does not work.<BR>&gt; <BR>&gt; You =
need to be more clear about <BR>&gt; <BR>&gt; 1) what IP/Port you want to a=
ccept on<BR>&gt; 2) if you're accepting cleartext or ssl<BR>&gt; <BR>&gt; 3=
) what IP/Port you want to connect to (or prrogam to launch)<BR>&gt; 4) if =
you're sending cleartext or ssl<BR>&gt; (this should be the opposite of #2 =
above)<BR>&gt; <BR>&gt; &gt; cert =3D server.crt <BR>&gt; &gt; key =3D serv=
erkey.key<BR>&gt; &gt; CAfile =3D ca.crt<BR>&gt; &gt; accept =3D 192.168.1.=
4:4433<BR>&gt; &gt; connect =3D 192.168.1.4:4433<BR>&gt; <BR>&gt; You have =
stunnel accepting connections and send them to itself.<BR>&gt; While a recu=
rsive loop may be fun, I doubt it's what you<BR>&gt; actually wanted.<BR>&g=
t; <BR>&gt; <BR>&gt; -- <BR>&gt; Brian Hatch Friends come and go,<BR>&gt; S=
ystems and but enemies accumulate.<BR>&gt; Security Engineer<BR>&gt; http:/=
/www.ifokr.org/bri/<BR>&gt; <BR>&gt; Every message PGP signed<BR><br /><hr =
/>Windows Live Messenger 2008 vient de sortir, encore plus de fun ! <a hre=
f=3D'http://www.windowslive.fr/majmessenger.asp' target=3D'_new'>T=E9l=E9ch=
argez gratuitement Messenger 2008</a></body>
</html>=

--_ecd95981-ad96-4407-835a-98330d90a9fe_--

--===============0514576978==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

--===============0514576978==--