With connect the target for the related unsecured connection is specified, where host name/IP address and port number are separated by a colon (:). With accept the port number for accepting TLS connections is configured, MT9750 uses as default port 994. If with extensive usage against expectation problems occur, which indicate a too small stack area, one can increase this option tentatively. The commented out stack option shows the default value for a run time system parameter, which should normally be sufficient. The default of this option is notice, for other option values see the further reading. When experiencing problems the highest possible log level should be activated by removing the semicolon ( ) before the debug option. options can also be used service-specificly. With output the log file is specified, with pid the file containg the TSN of the stunnel job (which is used by the procedures for addressing the stunnel program).īecause due to security shortcomings TLS 1.0 should not be used anymore, if possible, this is globally deactivated with options = NO_TLSv1, so that only TLS versions from TLS 1.1 upwards are used.
With service speciifc definitions are introduced the service name helps to assign the log file entries to the respective service. The file starts with the global, not service-specific, defintions. Uncomment the following line if you need more log informationĮmpty lines and lines starting with a semicolon ( ) are ignored. The thereby created initial stunnel configuration file .CONF has following content: CALL-PROCEDURE FROM-FILE=*LIBRARY-ELEMENT(LIBRARY=$,ELEMENT=STUNNEL.INSTALL) For this the procedure STUNNEL.INSTALL in the LMS library is called: for supporting additional services.īecause the operation works for different reasons only with TSOS privileges, the installation should also be done under TSOS. This procedure causes stunnel to reload the (meanwhile modified) configuration file, e.g. This procedure leads to dumping data regarding the currently existing connections into the log file, mainly for diagnostic purposes. With that the previous log file can be viewed. This procedure allows it to switch to a new log file, whose name is the originally one suffixed with date/time of the switch moment. One can't view the current log file, while the stunnel program is running. This procedure stops the stunnel program. This procedure starts with the help of the SYSENT file created by STUNNEL.INSTALL an ENTER job, which executes the stunnel program.
As this file is not created individually, it is not good for fending off "Man in the Middle (MITM)" attacks and should therefore never be used in production, only for test purposes the generation of a productively usable alternative is described further down. In addition a service for using with MT9750 is already configured more details of the configuration file follow in a subsequent section.įor being able to trying stunnel as quick and simple as possible also the file .PEM is generated, which contains a self-signed X.509 certificate and the related private RSA key. With the latter amongst others the log file and the file with the TSN of the stunnel task, needed for the further procedures, are configured. This procedure creates an ENTER-JOB file, which is used later for starting stunnel, and an initial configuration file .CONF. There are several procedures for configuration and usage in, which are subsequently explained: Stunnel is realized as a stand-alone program, which is contained in. A transcending usage with other TCP based protocols is possible in principle, but is up to now neither tested nor guaranteed, The following description limits itself to topics important in conjunction with MT9750, for information beyond that see the further reading. From this stunnel instance a second, unsecured, but local connection leads e.g. The stunnel instance on the respective target BS2000 system is then the other endpoint of the TLS connection. The target direction of the present porting is the usage in conjunction with an MT9750 terminal emulation supporting TLS secured connections. īasically stunnel is intended to link applications with TLS support with services without such or vice versa. The home page with further readings regarding the project led by Michał Trojnara can be found under. This chapter describes the configuration and usage of the BS2000 porting of the Open Source TLS proxy stunnel, released under the GP license.
0 kommentar(er)
