Stunnel is a free and open source SSL encryption wrapper software download filed under servers and made available by Michal Trojnara for Windows.
The stunnel program is designed to work as SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers.The concept is that having non-SSL aware daemons running on your system you can easily set them up to communicate with clients over secure SSL channels. By default, stunnel uses /var/log/secure to log its output. To terminate stunnel, kill the process by running the following command as root: #.
The review for Stunnel has not been completed yet, but it was tested by an editor here on a PC and a list of features has been compiled; see below.
Adds a layer of SSL encryption between clients and local serversThe stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library.
Stunnel can benefit from FIPS 140-2 validation of the OpenSSL FIPS Object Module, as long as the building process meets its Security Policy. A scanned FIPS 140-2 Validation Certificate document is available for download on the NIST web page. The Windows binary installer is compiled with FIPS 140-2 support. The FIPS mode of operation is no longer enabled by default since stunnel 5.00.
Stunnel is a free software authored by Michal Trojnara. Although distributed under GNU GPL version 2 or later with OpenSSL exception, stunnel is not a community project.
Features and highlights
- Load sharing among multiple backend servers
- External session cache (for clusters)
- Compression (for limited bandwidth)
- Support for OpenSSL Security Features:
- Certificate-based access control
- CRL and OCSP certificate revocation
- SNI (Server Name Indication) support for name-based virtual servers
- PFS (Perfect Forward Secrecy) with DH and ECDH key agreement
Stunnel 5.59 on 32-bit and 64-bit PCs
This download is licensed as freeware for the Windows (32-bit and 64-bit) operating system on a laptop or desktop PC from servers without restrictions. Stunnel 5.59 is available to all software users as a free download for Windows. As an open source project, you are free to view the source code and distribute this software application freely.
Filed under:- Stunnel Download
- Freeware Servers
- Open source and GPL software
- SSL Encryption Wrapping Software
To implement encrypted communication between Redis masters and slaves, we recommend using stunnel. Stunnel works as TLS encryption wrapper between client and server.
This step-by-step tutorial will explain how to install and configure stunnel
proxies on FreeBSD client and server. Configuration procedures for other operating systems are very similar. For simplicity, this tutorial only covers replication to one client host as this configuration does not require individual preshared keys for each of the clients.
Assuming we have 3 Redis instances on both server
and client
, listening sockets on the server
(master side):
instance | Redis socket | stunnel socket |
---|---|---|
redis | localhost:6379 | - |
bayes | localhost:6378 | master.example.com:6478 |
fuzzy | localhost:6377 | master.example.com:6477 |
Stunnel Download
As the instance named redis
should not be mirrored, we will replicate fuzzy
and bayes
instances. So we need to setup 2 TLS tunnels.
Installation
First install the security/stunnel
package:
Create pid-file directory:
To enable stunnel
add the following lines to the /etc/rc.conf
:
Server configuration (master side)
/usr/local/etc/stunnel/stunnel.conf
:
Client configuration (slave side)
/usr/local/etc/stunnel/stunnel.conf
:
Preshared keys
Create /usr/local/etc/stunnel/psk.txt
. The psk.txt
file contains one line for each client:
test1:oaP4EishaeSaishei6rio6xeeph3az
Do not use example passwords.
As both bayes
and fuzzy
Redis instances located at the same host we can share the same key between them.
Since this file should be kept secret set secure permissions on it:
# chmod 600 /usr/local/etc/stunnel/psk.txt
Starting stunnel
# service stunnel start
Stunnel.org
Testing
From the client host use the redis-cli
utility to connect to the remote instances:
Stunnel Tlsv1
Given that it connected, you are clear to proceed with configuring replication between Redis instances.