• researchstunnel

    Stunnel allows a user to tunnel any TCP based application protocol through a connection secured by TLS/SSL.

    Proxy for Non-SSL Clients

    In order to set up stunnel as a proxy for clients that do not support SSL connections you need to specify listening port and the target website:port:

    stunnel -c -f -d 8080 -r

    Proxy for Non-SSL Servers

    Stunnel can provide transport encryption tunneling for servers that do not natively support SSL.

    First generate private and public keys and store them in the same file:

    openssl req -new -x509 -out server.pem -nodes -keyout server.pem -subj /CN=localhost

    Next run stunnel SSL proxy:

    stunnel -p server.pem -f -d 443 -r

    Encrypted remote shell

    An encrypted remote shell can be started using stunnel:

    stunnel -p privkey.pem -d 2222 -l /bin/sh

    Next we can connect to port 2222 using OpenSSL's s_client and issue shell commands:

    $ openssl s_client -connect localhost:2222 -quiet 2> /dev/null
    uid=0(root) gid=0(root) groups=0(root)

    External Links

    Published on April 13th, 2009 by iphelix



    OpenSSL is an open-source TLS/SSL toolkit implemented for a variety of platforms. In this article you will learn several openssl client and server commands useful in working with TLS/SSL protocol. Read more.

    tls/ssl protocol

    Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are two closely related protocols designed to protect confidentiality and integrity of data in transit between two hosts. Read more.

    tls and ssl cipher suites

    TLS/SSL protocols support a large number of cipher suites. A cipher suite is a collection of symmetric and asymmetric encryption algorithms used by hosts to establish a secure communication. Supported cipher suites can be classified based on encryption algorithm strength, key length, key exchange and authentication mechanisms. Some cipher suites offer better level of security than others (e.g. Several weak cipher suites were developed for export to comply with US export law). There are more than 200 known cipher suites. Read more.


    Size 58.8 KB
    DateJanuary 27th, 2010

    SSLMap is a lightweight TLS/SSL cipher suite scanner.

    • Uses custom TLS/SSL query engine for increased reliability/speed (No need for third-party libraries such as OpenSSL)
    • Tests for 200+ known cipher suites.
    • Capable of discovering undocumented cipher suites.
    • Advises on cipher suite security based on Protocol, Key Exchange, Authentication, Encryption algorithm, and other parameters.
    • Configurable handshake versions (e.g. TLSv1.1, SSLv2.0) Read more.


    All original content on this site is copyright protected and licensed under Creative Commons - Attribution, NonCommercial, ShareAlike 4.0 International.