
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
143
Chapter 5
CHAPTER 5
OpenSSL and Stunnel
This chapter falls both technologically and literally between the behind-the-scenes
and the service-intensive parts of the book: it’s about OpenSSL, which provides
encryption and authentication mechanisms to many of the tools covered herein.
OpenSSH, Apache, OpenLDAP, BIND, Postfix, and Cyrus IMAP are just a few of the
applications that depend on OpenSSL.
OpenSSL, however, is an extremely complicated technology, and to do it full justice
would require a dedicated book (one such book is Network Security With OpenSSL
(O’Reilly)). My approach with this chapter, therefore, is to show how to use
OpenSSL in a particular context: wrapping otherwise unencrypted TCP services in
encrypted SSL “tunnels” via the popular tool Stunnel.
As it happens, setting up Stunnel requires you to use OpenSSL for a number of tasks
common to most of the other OpenSSL-dependent applications you’re likely to
encounter in your bastion-server activities. Therefore, even if you don’t end up need-
ing Stunnel yourself, I think you’ll still find this chapter useful for figuring out how
to generate server certificates, administer your own Certificate Authority, and so
forth.
Stunnel and OpenSSL: Concepts
At its simplest, tunneling is wrapping data or packets of one protocol inside ...