I'm specifically looking for how to configure stunnel to point at a pkcs12 key. Some other configuration settings required: chroot /var/run/stunnel setuid stunnel setgid stunnel pid /stunnel. PSK authentication requires stunnel version 5.09 or higher.
CONFIGURING NGINX TO WORK WITH STUNNEL INSTALL
PSK is also the fastest TLS authentication. Install it open configuration file nf from installation pathstunnelconfig directory At the end of the file put the next part of the code.
It provides both client and server authentication. Click it to indicate that you can access the private key. The Dockerfile for the stunnel container is rather simple. As shown in the animated screenshot below, a check box replaces the Download Key Pair button. I achieved this with starting a separate container for stunnel and creating a docker network of the rtmp service and the stunnel service to connect. OpenSSL 1.0.2 is what is built into stunnel 5.41. The easiest way to configure authentication is with PSK (Pre-Shared Key). Type a name in the Key pair name field, such as NGINXkey. Simple enough to follow / do if youre adventurous, or familiar with the CLI (Linux). documents why I can't use TLS 1.2 with OpenSSL 1.0.2. Just to add to the post, I published an article where I setup nginx+stunnel for multi-streaming to facebook and youtube, from OBS, on Windows using the WSL. I found an example on how to configure stunnel to use capi - which worked beautifully, but because openssl 1.0.2 doesn't support ciphers that are used in TLS 1.2, only TLS 1.1 works. I am specifically looking for a way to manage the pfx/p12 (private key) in stunnel without resorting to the Windows certificate store.
stunnel now use ports from 1000 to 1999 for example if rtmp 2456 facebook stunel port will be 1456. I’ve tried compiling OpenSSL 1.1.0f and stunnel 5.41, but no luck either cross compiling under CentOS, nor under Windows using either MSYS2/MINGW32 or Cygwin. So for each FB account will need other port for stunnel. Because of this, stunnel can only negotiate a TLS 1.1 connection (SSLv2 and SSLv3/TLS1 are disabled for obvious reasons). Currently, my private keys are managed by the Windows certificate store, using the CAPI engineId within stunnel (v 5.41), which uses OpenSSL 1.0.2k-fips. I'm having trouble enabling TLS 1.2 connections on a Windows (environment has both Windows 2008 and Windows 10 environments) platform.
0 kommentar(er)
