Question
· Jun 22, 2020

Stunnel setup?

Hi  I'm trying to setup STUNNEL between my pc and the cache database on the server,  I'm trying to define port 1972 on my pc with out any luck.

has anyone done this?

 

thanks 

Paul

Discussion (11)2
Log in or sign up to continue

It is not normal, that the port is changing. Caché database uses port 1972 as default for connections. It remains number 1972 until you change it in the configuration.  If there are changes in the port number then you should first find out where the reason for the changes comes from. Maybe there are some hints in cconsole.log.

I'm not sure what's there to fix. Source port being random is standart in networking, every application does that.

I don't know much about stunnel, but it appears to make it work on a client, you should connect through port at loopback interface first

application -> 127.0.0.1:selected port -> stunnel client config, mapping selected port to target host:port -> target host:port

First, are you trying to set up stunnel on the Studio machine to encrypt the connection, stunnel on the Cache server to decrypt the connection, or both?  If you're trying to do stunnel on the Studio machine, you would configure it to listen on a local port, then configure Studio to think that is the host and port of the Cache server.  Studio connects to the local port and stunnel forwards the data to Cache after encrypting it.  Using stunnel with Studio shouldn't be different than using it with other protocols; Studio isn't doing anything unusual with the connection.

Second, is there a reason you're using stunnel instead of the built-in TLS support for Studio?  It's been available since Cache 2015.1.  Here's a writeup on setting it up: https://community.intersystems.com/post/configuring-cach%C3%A9-client-applications-ssltls

I was wondering if VMS was the issue! 

The server using VMS shouldn't affect the client side, meaning I think you can still set up Studio to use the standard TLS options for all the client apps, if you want to do that.   

VMS versions of Cache do support TLS 1.0, but not 1.1 or higher.  (This is based on the OS library support.)  1.0 is being phased out in many places, so I agree it's best to find a way to use 1.2 or even 1.3 if you can.