[Open Source Project 5] Stunnel - General SSL Encrypted Program Stunnel is a program that can be encrypted with any TCP using SSL. It can run above a variety of UNIX and Windows operating systems. In this way, it solves the problem of data encryption that SSL cannot transmit to existing applications, that is, before Stunnel appears, the security data transmission can only rely on the application. Add SSL code to improve security, but now, you can do this, Strunnel solves many questions for you. Stunnel is based on OpenSSL, so it requires OpenSSL that has been installed and the correct configuration is performed. It can add SSL to server-side software that does not enable SSL. For example, Stunnel can be used to protect POP3, SMTP, and IMAP servers. The only place that is not very satisfactory is to use the security version of these servers, the client must be able to identify SSL. For the STUNEL project, it is open source. Of course, its source code is not a complete product because it is based on OpenSSL, compiling and runs it, you need to have an SSL library such as OpenSSL or SSLEAY. That is to say that Stunnel supports all (but only) SSL libraries, without changing the STUNNEL source code. The Source code of StuUnel is valid under GNU license. That is to say that it can be freely used and modified in business and non-commercial applications, as long as you provide source code and all modifications and software. You have to compile the Stunnel library is limited by your license, but OpenSSL and SSLEAY are open source and are the same generosity in the license. Unfortunately, Stunnel has some limitations. At the server side, it is currently only transparently proxy. Linux client. In the client, it is not easy to perform a full certificate verification. Even so, Stunnel is still a practical utility with a practical value, should be a programmer, and it is also the security magic weapon of the system administrator. If you are developing your own software, you should easily integrate Stunnel into your own program. Friends interested in network security and SSL can go to the Stunnel official website: http://www.stunnel.org Download the latest Stunnel source code and help documents and examples. With the previous narrative, you have a certain understanding of Stunnel, next to explain an example of a STUNNEL encryption mysql (this is provided by the Stunnel official website, I only do translation :)).
Using Stunnel3.24 encrypted mysql connection: Since I see a lot of request information is about connecting my mysql connection, all I think I should open my encrypted solution to those who are interested in Stunnel. I successfully compiled Stunnel 3.14 on the basis of OpenSSL0.9.6 and used it to encrypt the MySQL 3.22.32. All operations here are on Red Hat 6.2. My MySQL client includes mysql client applications and DBISH applications and Perl DBI modules. In order to encrypt the mysql client and server-side connections, you need to run two Stunnel instances, one on the client, and on the server. I will call them to Client and Server. Customer Stunnel receives MySQL queries from the MySQL client application, encrypts these queries, and then send the encrypted information to the Server 3307 port. On the other hand, the Stunnel listener 3307 port on the Server, decrypts the encrypted query request and returns the default connection port (Translator's Note) to the 3306 port-Mysql standard (Translator's note) is: ./stunnel -p / TMP / -C -D 3306 -R Server: 3307, running stunnel on Server: ./stunnel -p / tmp / -p stunnel.pem -d 3307 -r localhost: 3306 Here I assume two machines STUNNEL is a compiled binary code and Stunel's certificate file is also in the current directory of two machines. However, some need to pay attention is that you should save the Stunnel.pem file. So it is best to run Stunnel to be a special non-landing user and make the owner UID of Stunnel.pem is 0400. Now, from the client, you can access your MySQL database and enjoy the benefits of SSL encryption, through the following command: mysql -h client -u yourDbuser -p This command always executes the command before using Stunnel, but pay attention to you Specified with the -h option is the machine running the Stunnel customer's background program is not that the machine running the MySQL server rear program. James Walden | "Fall Leaves BLANKET GROUNDSR Internet Software Engineer | Redmond Dreams Darkly, BEWAREIMS, JFT-104, B-7 | Winter Brings Penguins" (503) 712-2241 | - Kevin Hackman
At Stunnel's hometown, there are many Stunnel encrypted Examples, such as how to provide SSL support for the IMAP server via Stunnel. The Stunnel's land FAQ also provides a number of help from compiling to usage. It is a pity that there is currently no well-known business organization to support Stunnel. If you want to know what, you can access its website or contact: FAQ Maintainer. However, there is a lot of available help, including: Stunnel-Announce Mailing List Stunnel-announce-subscribe@mirt.net stunnel-users mailing list stunnel-users-subscribe@mirt.net You only need to send empty emails to the above mailing list You can get the more step-by-step service and guidance for Stunnel to provide you. There are no known commercial organizations that support stunnel If you know any, contact the FAQ maintainer However there is a great deal of help available from the following two resources reference:.. Stunnel official website: http://www.stunnel.org
