Encrypt and Tunnel Traffic with SSL

Use stunnel to add SSL encryption to any network service.

Stunnel (http://www.stunnel.org) is a powerful and flexible program that, using SSL, encrypts traffic to and from any TCP port in several different ways. It can tunnel connections, much like SSH can, by providing a local port to connect to. It will encrypt the traffic sent to this port, forward it to a remote system, decrypt the traffic, and finally forward it to a local port on that system. Stunnel can also provide transparent SSL support for inetd-compatible services.

To install stunnel, simply run ./configure from the directory that was created when you unpacked the archive file that you downloaded. Since stunnel requires OpenSSL (http://www.openssl.org), download and install that first if it is not already installed. If you would like to compile stunnel with TCP wrappers support or install OpenSSL in a nonstandard location, you’ll probably want to make use of the --with-tcp-wrappers or --with-ssl command-line options for configure.

For example, this will configure stunnel to include TCP wrapper support, using the OpenSSL installation under /opt/:

$ ./configure --with-tcp-wrappers --with-ssl=/opt/openssl

After the script runs, you’ll need to run make to actually compile stunnel. You will then be prompted for information to create a self-signed certificate. Not only will this certificate be self-signed, but it is valid for only one year. If this is not what you want, you should create ...

Get Network Security Hacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.