> > *From:* stunnel-users [mailto:[email protected] > <[email protected]>] *On Behalf Of *Rob Lockhart > > *Sent:* Wednesday, April 08, 2015 4:28 PM > *To:* [email protected] > *Subject:* Re: [stunnel-users] openvms and stunnel > > > > On Wed, Apr 8, 2015 at 4:10 PM, Coviello, Paul <[email protected]> > wrote: > > Ok thanks here is the 1st version of the file... > > All I want to do is create a telnet session from a windows terminal > emulator to my VMS server. > > also someone thinks that this version may not play well with SSL 1.4 that > I have on VMS as mentioned this is 4.20 > > Can anyone confirm this ? > > Thanks > Paul > > STUNNEL_SERVER.CONF;1 > ; Sample stunnel configuration file by Michal Trojnara 2002-2006 > ; Some options used here may not be adequate for your particular > configuration > > > > It's been more than 20 years since I used HP VMS (VAX), but can you do > something like this: > stunnel /version > > or if that doesn't work: > > stunnel version > > or > > stunnel -version > > see the output and verify what you have. For my Cygwin x64 environment, it > says this (stock configuration): > > > > $ stunnel -version > > stunnel 5.09 on x86_64-unknown-cygwin platform > > Compiled/running with OpenSSL 1.0.1k 8 Jan 2015 > > Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP > > > > Global options: > > debug = daemon.notice > > RNDbytes = 64 > > RNDfile = /dev/urandom > > RNDoverwrite = yes > > > > Service-level options: > > ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 > > curve = prime256v1 > > options = NO_SSLv2 > > options = NO_SSLv3 > > sessionCacheSize = 1000 > > sessionCacheTimeout = 300 seconds > > stack = 65536 bytes > > TIMEOUTbusy = 300 seconds > > TIMEOUTclose = 60 seconds > > TIMEOUTconnect = 10 seconds > > TIMEOUTidle = 43200 seconds > > verify = none > > > > > > What I would do is to dumb this down and first see if you can get a > stunnel client/server communication on the same box (using localhost or > 127.0.0.1). I would use iperf to just send dummy data (iperf client and > iperf server). Once that works, then move it up to using your network. If > you need some example config files, I can provide that. What I did is to > use iperf client connect to port 5000, then stunnel client listening on > port 5000 and connect to port 6000, then stunnel server listening on port > 6000 and connect to port 7000, and iperf server listening on port 7000. > Since they're non-privileged ports, you don't need admin access. > > > > Are you using certificates? I think you need to generate the stunnel.pem > file, and I did it (using cygwin/MinGW/Linux) using these commands below. > Information stolen/modified from here: > https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu > > > > Create a self-signed key as follows: > > In MinGW: > > cd /c/STUNNEL5 > > openssl genrsa -out key.pem 2048 > > openssl req -new -x509 -key key.pem -out cert.pem -days 1095 > > > > now put in the info pertinent to your organization. > > > > then run this command: > > cat key.pem cert.pem >> stunnel.pem > > > > I don't know if you can do that with VMS, some parameters may have to be > tweaked and changed to forward-slashes (as typical in VMS). I also saw the > logging statement commented out, have you tried uncommenting those two > lines (logging verbosity and log file)? > > > > Regards, > > -Rob > > > On Wed, Apr 8, 2015 at 4:36 PM, Coviello, Paul <[email protected]> wrote:
> > > No stunnel command is available... > > > > This is the doc I followed/following and currently on step 3 > > > > http://h71000.www7.hp.com/opensource/stunnel_readme_axp_i64.txt > > That looks to be for Stunnel 3, which is no longer maintained. Please see this message on the main website: The obsolete 3.x branch is no longer maintained. Use stunnel3 <https://www.stunnel.org/downloads/stunnel3> perl script as a drop-in replacement for backward compatibility. https://www.stunnel.org/downloads/stunnel3 If you have perl installed in VMS, you should be able to use that perl script to emulate stunnel 4. I don't know if Stunnel 3 and Stunnel 4 are interoperable, perhaps not?
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
