Is there any way to configure a Stunnel server so that it doesn’t require a
cert at all?
I implement peer authentication using other means; I just want session
encryption from Stunnel.
Ideally, I’d like keys to be generated on-the-fly for each new connection. I
don’t mind if this takes a few seconds…
Hi, Dave!
The encryption keys in SSL are dynamically negotiated by the two
endpoints at the start of the connection, after authentication has
concluded. Thus encryption by itself offers no security value in case of
man-in-the-middle or interception attack. This just means you are now
negotiating an encryption key with the attacker and directly sending
them your data. So the authentication is no less important than the
encryption.
If you do not want to use any certificates, you can configure
authentication with PSK (Pre-Shared Key). It provides both client and
server authentication. PSK authentication requires stunnel version 5.09
or higher and OpenSSL version at least 1.0.0.
Look here for a configuration example:
http://www.stunnel.org/auth.html
Regards.
---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie
antywirusowe Avast.
https://www.avast.com/antivirus
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
