It is quite understood that the security of the data and the application over the cloud is a reliable SSL which communicates between the clients and the services in the encrypted manner. If I have to share about a reliable tunnel, I would rather talk on STUNNEL which is a “Secure Tunnel between TCP applications.”

An Overview

STUNNEL, the Secure tunnel between TCP applications is an open source program and runs on variety of operating system . It is designed to communicate between the clients and servers over secure encrypted connections like TLS/SSL without any changes in the programs code.

Advantages of Stunnel 

  • This is an easy to use programme which is supported by large community.
  • It enables the secure SSL Connection to an existing non-SSL connection.
  • Proves to be highly reliable by enabling the mutual authentication between the two services.
  • Shows its popularity as it is available on most of the standard operating system.
  • Stunnel has an external session cache for cluster.
  • Supports secure communication in various scenarios like IMAP,POP3, SMTP etc.
  • Supports large deployments of instances.
  • Stunnel runs on both the remote and local mode.
  • In situations of authentication failure redirection options are available.
  • Adds the availability of error logging support.

 Compatible Operating System

A quick view on the compatibility of OS, Stunnel is available for most popular operating systems like

  • Linux
  • Microsoft Windows
  • Solaris
  • Mac OS X
  • IBM AIX
  • OS/2

In order to view on the updated list, you could gain an insight in this link https://www.stunnel.org/ports.html

Stunnel With SSL

At the outset and primarily, we have to install the stunnel on both the client and server. Sometimes it will be on same system. Now we have to create the SSL certificate based on public-key cryptography (X.509 digital certificates) for both client and server. Stunnel uses the OpenSSL library for creating a SSL certificate and ‘.pem’ is the standard format of OpenSSL and other library. Now stunnel service running on client and server system. Both will communicate with secure SSL connections between two SSL-unaware applications.

Non-Stunnel Scenario

Stunnel 1

Stunnel Conversations

Stunnel 2

Sample Execution

cert=/path/stunnel.pem

options = ALL

accept = [IP ADDRESS]:443

connect = 127.0.0.1:22

For this configuration, stunnel listen for connections to accept the packets on port 443. After received packets, stunnel encrypt that with TLS/SSL encryption and forward the encrypted packets to the destination IP address with port (127.0.0.1:22).

Go ahead explore in these Websites: Stunnel – https://www.stunnel.org ; OpenSSL – https://www.openssl.org/