On Wed, 2015-01-07 09:12:39 -0500, Leon Smith wrote:
Hi, this may be a slightly unusual request, but I was curious if stunnel could be used for securing clients that do not support TLS, to connect to services that optionally support TLS.
So, really, stunnel already does almost everything that would be needed; except that in this use case, it would be listening for incoming unencrypted connections, and then serve as a proxy to an encrypted connection to the actual service. While it might be nice to offer certificate-based authentication options in this scenario, it wouldn't be necessary for my intended use case, so stunnel wouldn't need access to any private certificates. However, certificate pinning would be pretty essential to what I have in mind.
Leon, I'm not sure I understood your request, but isn't 'client = yes' what you are looking for? Ludolf -- Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:lholzheid@bihl-wiedemann.de http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796