我一直在使用stunnel以前的版本.它在SSL服务器模式下显然没有证书的功能.这对我们没有必要,因为我们只是运行一个localhost服务器来隧道到远程服务器.
无论如何,我已经阅读了FAQ教程和与此相关的内容,并尝试了一切.无论我如何处理证书或密钥设置,它仍然会给出同样的错误,这是完整的输出….
No limit detected for the number of clients stunnel 4.53 on x86-pc-mingw32-gnu platform Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012 Threading:WIN32 SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6 Reading configuration from file stunnel.conf FIPS mode is enabled Compression not enabled Snagged 64 random bytes from C:/.rnd Wrote 0 new random bytes to C:/.rnd PRNG seeded successfully Initializing service section [FIX] Section FIX: SSL server needs a certificate Server is down
; Certificate/key is needed in server mode and optional in client mode cert = stunnel.pem ;key = stunnel.pem ; Disable support for insecure SSLv2 protocol options = NO_SSLv2 [FIX] accept = 127.0.0.1:5679 connect = 216.52.236.112:5680 TIMEOUTconnect = 5 [FIXLIVE] accept = 127.0.0.1:5680 connect = 216.52.236.185:51581 TIMEOUTconnect = 5
请注意,stunnel安装了stunnel.pem文件.我试着取消注释密钥的配置行.还使用openssh按指令重新生成密钥.
没有任何区别.这是stunnel的缺陷吗?或者我做错了什么?
为每个服务添加client = yes以修复该错误消息.
您还需要设置选项以设置正确的SSL安全性;见下文.
# Enable proper SSL security. Without this,you are completely insecure! verify = 2 CAfile = /etc/ssl/certs/ca-certificates.crt options = NO_SSLv2 [FIX] client = yes accept = 127.0.0.1:5679 connect = 216.52.236.112:5680 TIMEOUTconnect = 5 [FIXLIVE] client = yes accept = 127.0.0.1:5680 connect = 216.52.236.185:51581 TIMEOUTconnect = 5