Scribd Logo
Upload

Welcome to Scribd!

  • Upgrading To HTTPS With Stunnel

    Uploaded by

    Jox
    120 views5 pages
    Info

    Original Title

    Upgrading to HTTPS With Stunnel

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Info

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    120 views5 pages

    Upgrading To HTTPS With Stunnel

    Uploaded by

    Jox
    Info

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Upgrading to HTTPS with stunnel · ariya.io https://ariya.io/2017/08/upgrading-to-https-with-s...

    ariya.io (/) About (/about) Talks (/talks) Articles (/articles)

    Upgrading to HTTPS with stunnel


    Aug 31, 2017 (/2017/08/upgrading-to-https-with-stunnel) · 2 min read · #security (/tags
    /security/) #ssl (/tags/ssl/)

    If you are running an HTTP server and would like to enable SSL, an easy way to do that is to
    use a terminating proxy. Among others, stunnel (https://www.stunnel.org/) is relatively
    simple and very easy to use.

    Many Linux distributions, including Debian and Ubuntu, already made


    stunnel package (https://packages.debian.org
    /search?keywords=stunnel) available. Thus, installing it is as
    straightforward as:

    sudo apt-get install stunnel4

    To verify the installation:

    $ stunnel -version
    stunnel 5.30 on x86_64-pc-linux-gnu platform
    Compiled with OpenSSL 1.0.2e 3 Dec 2015
    Running with OpenSSL 1.0.2g 1 Mar 2016

    Note that stunnel is very capable, it can do more than just upgrading a web server from
    HTTP to HTTPS. For this blog post however, that will be the only thing we will cover.

    For testing purposes, it is su�cient to use a test certificate:

    sudo apt-get install -y ssl-cert


    make-ssl-cert /usr/share/ssl-cert/ssleay.cnf example.pem
    sudo chmod +r example.pem

    Various examples (https://www.stunnel.org/config_unix.html) of configuration are


    available. For this use case, we could create a simple configuration containing the
    following lines (note that the pid needs to be an absolute path):

    1 of 5 11/15/19, 2:02 PM
    Upgrading to HTTPS with stunnel · ariya.io https://ariya.io/2017/08/upgrading-to-https-with-s...

    pid = /home/ariya/stunnel.pid

    [https]
    accept = 8443
    connect = 8080
    cert = example.pem

    If we name it webserver.conf , then stunnel can be activated with it by running:

    stunnel webserver.conf

    Assuming there is a web server running on port 8080, the HTTPS version will be made
    available by stunnel on port 8443. To check that, simply open your favorite web browser
    and point it to localhost:8443 . Typically there will be a warning due to the above self-
    sign test certificate, but otherwise it should work just fine.

    Running CipherScan (https://github.com/jvehent/cipherscan) tool from Mozilla on the


    default stunnel configuration gives the following:

    2 of 5 11/15/19, 2:02 PM
    Upgrading to HTTPS with stunnel · ariya.io https://ariya.io/2017/08/upgrading-to-https-with-s...

    Of course, it is highly recommend to tweak the ciphers based on your requirements. Do


    not forget to refer to its excellent documentation (https://www.stunnel.org/static
    /stunnel.html).

    Now, you have less excuse not to enable HTTPS for everything (https://https.cio.gov
    /everything/)!

    Related posts:

    OpenVPN Server on A�ordable Linux Machine (/2018/10/openvpn-server-on-


    a�ordable-linux-machine)
    The Web Browser as the Ultimate Password Manager (/2018/03/the-web-browser-
    as-the-ultimate-password-manager)
    Terminating SSL with Hitch (/2016/08/terminating-ssl-with-hitch)

    3 of 5 11/15/19, 2:02 PM
    Upgrading to HTTPS with stunnel · ariya.io https://ariya.io/2017/08/upgrading-to-https-with-s...

    Always-on VPN on Your Phone (/2016/03/always-on-vpn-on-your-phone)


    Getting in Shape (/2013/11/getting-in-shape)

    ♡ this article? Explore more articles (/articles) and follow me Twitter (https://twitter.com
    /intent/follow?screen_name=AriyaHidayat).

    %20stunnel&url=https%3a%2f%2fariya.io%2f2017%2f08%2fupgrading-to-https-with-stunnel&via=AriyaHidayat)

    riya.io%2f2017%2f08%2fupgrading-to-https-with-stunnel)

    4 of 5 11/15/19, 2:02 PM
    Upgrading to HTTPS with stunnel · ariya.io https://ariya.io/2017/08/upgrading-to-https-with-s...

    1 Comment ariya.io 
    1 Login

     Recommend 2 t Tweet f Share Sort by Newest

    Join the discussion…

    LOG IN WITH OR SIGN UP WITH DISQUS ?

    Name

    BOB CAT • 2 years ago


    balik ke indonesia om , ajarin kami
    △ ▽ • Reply • Share ›

    ALSO ON ARIYA.IO

    Shrinking PNG Images with Static Site with Hugo and Firebase
    Quantization 12 comments • 2 years ago
    5 comments • 3 years ago Benjamin Waller — Hello for this
    Ariya Hidayat — Faster loading site => information Ariya,
    happy visitors :-) I'm fairly new to this and have a couple of

    Copyright © 2005-2019 Ariya Hidayat (/about) Subscribe via RSS (/index.xml)

    5 of 5 11/15/19, 2:02 PM

    You might also like