Does stunnel prevent non ssl traffic to "the" specified port?

Posted by user432024 on Server Fault See other posts from Server Fault or by user432024
Published on 2014-08-21T01:54:00Z Indexed on 2014/08/21 4:22 UTC
Read the original article Hit count: 430

Filed under:

ssl

|

stunnel

So say I have an arbitrary tcp port 12345 and it's non ssl and I want to put stunnel to secure traffic to it.

When stunnel is in front of it does it mean that this port is now tls/ssl only? Or can you still connect to it unencrypted?

Basically I want to make sure that this port can only be accessed through ssl/tls and stunel and no other way.

Clarification I want to make sure only stunnel port is open. Which is answered in the comments that the unsecured port should be fire-walled but preferably bound to localhost.

© Server Fault or respective owner

Related posts about ssl

Plesk SSL Certificate (Default cert when SSL enabled, CORRECT cert when SSL is disabled)

as seen on Server Fault - Search for 'Server Fault'
I'm running Plesk 8.6.0: I have an SSL cert installed through Plesk's admin interface. But I have a bit of an issue: When I enabled SSL for the site, and selected my cert, then restart httpd, Plesk defaults to using my self-signed default certificate. Conversely, when I disable SSL support for the… >>> More
apache renew ssl not working [on hold]

as seen on Server Fault - Search for 'Server Fault'
Downloaded a new ssl cert from go daddy and installed the cert on apache2 server put the cert in /etc/ssl/certs/ folder put the gd_bundle.crt in the /etc/ssl/ folder private key is in /etc/ssl/private/private.key I just replaced the original files with the new files, did not replace the private… >>> More
Cant connect to mysql using self signed SSL certificate

as seen on Server Fault - Search for 'Server Fault'
After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled) I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25).. ~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client… >>> More
How to log invalid client SSL certificate in SSL

as seen on Server Fault - Search for 'Server Fault'
I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to… >>> More
Mixing SSL and non-SSL content in an Apache2 virtual host

as seen on Server Fault - Search for 'Server Fault'
I have a (hopefully) common scenario for one of my sites that I just can't seem to figure out how to deploy correctly. I have the following site and directories for example.com: These need to require SSL: /var/www/example.com/admin /var/www/example.com/order These need to be non-SSL: /var/www/example… >>> More

Related posts about stunnel

stunnel not working - stunnel.pem: No such file or directory

as seen on Server Fault - Search for 'Server Fault'
I am trying to install stunnel on an amazon LINUX machine. (i want to configure postfix so that it sends its emails through amazon ses) I first tried to install from the tar.gz package download from http://www.stunnel.org and installed with the commands: ./configure make make install but than… >>> More
Can't connect to STunnel when it's running as a service

as seen on Server Fault - Search for 'Server Fault'
I've got STunnel configured to proxy non SSL POP3 requests to GMail on port 111. This is working fine when STunnel is running as a desktop app, but when I run the STunnel service, I can't connect to port 111 on the machine (using Outlook Express for example). The Stunnel log file shows the port binding… >>> More
Can't connect to STunnel when it's running as a service

as seen on Server Fault - Search for 'Server Fault'
I've got STunnel configured to proxy non SSL POP3 requests to GMail on port 111. This is working fine when STunnel is running as a desktop app, but when I run the STunnel service, I can't connect to port 111 on the machine (using Outlook Express for example). The Stunnel log file shows the port binding… >>> More
Unknown protocol when trying to connect to remote host wit stunnel

as seen on Server Fault - Search for 'Server Fault'
I'm trying to set up a stunnel for WebDav on Windows. I want to connect 80 port on my local interface to 443 on another machine in my network. I can ping the machine remote machine. However when I use the tunnel, I'm getting this error all the time SSL state (accept): before/accept initialization SSL_accept:… >>> More
stunnel crashing

as seen on Server Fault - Search for 'Server Fault'
I'm trying to use stunnel to secure a legacy application's communications. I can't seem to get it setup and working. Can anyone provide any hints where I'm going wrong? Here's what I'm trying to accomplish: A windows service on a client machine connects to a server on port 7000 using TCP. I'd like… >>> More