The TCP handshake will tell if there is anything listening on the instance, maybe it's stunnel. That's useful, buf possibly not enough, your decision.
The next level will be doing a TLS handshake to the STunnel instance while e.g. trusting only that single CA that you expect to have issued the certificate, something equivalent to a openssl s_client -CAfile <yourca> -connect <stunnelinstance>:<port> and maybe more parameters to restrict ciphers or whatever your criteria are to consider this a fully working instance. That will tell you if there is stunnel or some other TLS-enabled service listening there, meeting your expectations regarding certificate, settings, etc. One level more is checking if there is something working behind that stunnel instance, but that is beyond the scope of stunnel. On 13.06.2023 20:20, clyde.cullhaj--- via stunnel-users wrote:
Hi folks, I am looking to set up load balancing in our STunnel instances, we have 8 STunnel instances, so looking to set up 2 VIP's. What would be the best way to set up health checks on the F5 side when it comes to checking if the service is running and ready to accept connections on the STunnel boxes? Would it be through setting up a test connection port to see if the TCP handshake is successful? Or is there a better way to do health checks on the STunnel? _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
