O'Reilly logo

Network Security Hacks by Andrew Lockhart

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Encrypt and Tunnel Traffic with SSL

Use stunnel to add SSL encryption to any network service.

Stunnel (http://www.stunnel.org) is a powerful and flexible program that, using SSL, encrypts traffic to and from any TCP port in several different ways. It can tunnel connections, much like SSH can, by providing a local port to connect to. It will encrypt the traffic sent to this port, forward it to a remote system, decrypt the traffic, and finally forward it to a local port on that system. Stunnel can also provide transparent SSL support for inetd-compatible services.

To install stunnel, simply run ./configure from the directory that was created when you unpacked the archive file that you downloaded. Since stunnel requires OpenSSL (http://www.openssl.org), download and install that first if it is not already installed. If you would like to compile stunnel with TCP wrappers support or install OpenSSL in a nonstandard location, you’ll probably want to make use of the --with-tcp-wrappers or --with-ssl command-line options for configure.

For example, this will configure stunnel to include TCP wrapper support, using the OpenSSL installation under /opt/:

$ ./configure --with-tcp-wrappers --with-ssl=/opt/openssl

After the script runs, you’ll need to run make to actually compile stunnel. You will then be prompted for information to create a self-signed certificate. Not only will this certificate be self-signed, but it is valid for only one year. If this is not what you want, you should create ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required