Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<FAQ> <4.x Man Page> <3.x Man Page> <Installing> <Running> <Arguments> <Other Applications> <Certificates> <Miscellany> <Terminology> <Troubleshooting>
Stunnel FAQ: Miscellany Chapter Contents:

The Ubiquitous Miscellaneous Section

Those things that don't have a proper home yet may end up here. Or they may stay here. I've heard that many answers prefer to be in the miscellaneous sections. Maybe they're just shy.

What are the offical SSL ports?

These are the officially 'registered' ports for various SSL-ified protocols. note that listing them here doesn't mean that they can be used with stunnel. 
    nsiiops      261/tcp   # IIOP Name Service over TLS/SSL
    https        443/tcp   # http protocol over TLS/SSL
    smtps        465/tcp   # smtp protocol over TLS/SSL (was ssmtp)
    nntps        563/tcp   # nntp protocol over TLS/SSL (was snntp)
    imap4-ssl    585/tcp   # IMAP4+SSL (use 993 instead)
    sshell       614/tcp   # SSLshell
    ldaps        636/tcp   # ldap protocol over TLS/SSL (was sldap)
    ftps-data    989/tcp   # ftp protocol, data, over TLS/SSL
    ftps         990/tcp   # ftp protocol, control, over TLS/SSL
    telnets      992/tcp   # telnet protocol over TLS/SSL
    imaps        993/tcp   # imap4 protocol over TLS/SSL
    ircs         994/tcp   # irc protocol over TLS/SSL
    pop3s        995/tcp   # pop3 protocol over TLS/SSL (was spop3)
    msft-gc-ssl  3269/tcp  # Microsoft Global Catalog with LDAP/SSL

How do I know which encryption ciphers are available?

The ciphers that are availabre to stunnel (and usable by the '-C' flag) are determined by your OpenSSL library. To list the available ciphers, run the following: 
    openssl ciphers -v

How can I delay DNS lookups until connect time?

If you're using Stunnel-4.0 or later, add the following to your Stunnel configuration file: 
  delay = yes

If you are using older versions, there are several different patches available for this in the patches directory on this site you may try.

Another option is to launch redir (a TCP redirector) dynamically instead of using the "-r host:port" option, like this: 

   -l /usr/bin/redir -- redir --inetd --caddr host --cport port

How can I convert a certificate from der format (.cer) to PEM format?

Some institutions that supply certificates will send them to you in der format instead of PEM format. You can use the openssl command line tool to convert from one to the other: 

  openssl x509 -in file.cer -inform d -out file.pem