SSL Tunneling with Stunnel


If you want to send a protected message across a computer network, to be sure that in the event your message is intercepted by an unwanted recipient that it cannot be read or tampered with, then you need to add network encryption. SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols that function at the Application Layer of the TCP/IP Model, above the Transport Layer and provides security certificates, public and private key exchange (asymmetric cryptography), and encryption.


Stunnel is a program that can wrap unencrypted traffic in SSL/TLS encryption and forward it to a specified service or port. Stunnel can be configured to accept packets on an incoming port, encrypt that traffic with SSL or TLS encryption, and then forward the encrypted packets to another specified destination IP address and port. Stunnel uses OpenSSL to encrypt network traffic.

Lab Demo

In this demo, I will use Stunnel to send a secure communication between two clients, both running Stunnel. Client A will run Stunnel in client mode and Client B will be running Stunnel in server mode (see below).



Video Tutorials

In the video tutorials below, I demonstrate step-by-step, the entire process of getting Stunnel to work between a Backtrack Linux client and a Windows XP Pro client.




Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published.