Stunnel setup?

Question

Question

Paul Coviello · Jun 22, 2020

Hi I'm trying to setup STUNNEL between my pc and the cache database on the server, I'm trying to define port 1972 on my pc with out any luck.

has anyone done this?

thanks

Paul

Discussion (11)2

Log in or sign up to continue

Katherine Reid · Jun 29, 2020

First, are you trying to set up stunnel on the Studio machine to encrypt the connection, stunnel on the Cache server to decrypt the connection, or both? If you're trying to do stunnel on the Studio machine, you would configure it to listen on a local port, then configure Studio to think that is the host and port of the Cache server. Studio connects to the local port and stunnel forwards the data to Cache after encrypting it. Using stunnel with Studio shouldn't be different than using it with other protocols; Studio isn't doing anything unusual with the connection.

Second, is there a reason you're using stunnel instead of the built-in TLS support for Studio? It's been available since Cache 2015.1. Here's a writeup on setting it up: https://community.intersystems.com/post/configuring-cach%C3%A9-client-applications-ssltls

0 0

score 0 · Answer 1 · 2020-06-24T08:00:49-04:00

Hans-Peter Iten · Jun 24, 2020

Hi Paul,

what is your intention to do so? What kind of error do you get?

0 0

score 0 · Answer 2 · 2020-06-24T08:41:44-04:00

HI

I wanted to test a Studio connection at first, but it's looking like the port number from my PC changes with every attempt to connect to the database. in the long run it is to have a connection between 2 instances of Cache being run with Stunnel.

score 0 · Answer 3 · 2020-06-24T08:47:10-04:00

It is not normal, that the port is changing. Caché database uses port 1972 as default for connections. It remains number 1972 until you change it in the configuration. If there are changes in the port number then you should first find out where the reason for the changes comes from. Maybe there are some hints in cconsole.log.

score 0 · Answer 4 · 2020-06-24T09:29:42-04:00

this is Studio and not a full Cache install. on the server it's a constant 56773, as you can see in the screen shot below the source is no where near 1972. and was hoping someone here could shed some light on this factor.

score 0 · Answer 5 · 2020-06-24T13:51:33-04:00

Eduard Lebedyuk · Jun 24, 2020

Source port is random. Only destination port is fixed.

0 0

score 0 · Answer 6 · 2020-06-24T13:59:39-04:00

thanks that's what I was afraid of, anyway to make it fixed! probably not but worth asking.

thanks again

score 0 · Answer 7 · 2020-06-24T23:45:00-04:00

I'm not sure what's there to fix. Source port being random is standart in networking, every application does that.

I don't know much about stunnel, but it appears to make it work on a client, you should connect through port at loopback interface first

application -> 127.0.0.1:selected port -> stunnel client config, mapping selected port to target host:port -> target host:port

score 0 · Answer 8 · 2020-06-29T09:48:41-04:00

I'm trying to do both. I would love to be able to use TLS in more places than just Studio unfortunately it's not supported on VMS. it would make life a lot easier if it did.

thanks

score 0 · Answer 9 · 2020-06-29T10:51:40-04:00

I was wondering if VMS was the issue!

The server using VMS shouldn't affect the client side, meaning I think you can still set up Studio to use the standard TLS options for all the client apps, if you want to do that.

VMS versions of Cache do support TLS 1.0, but not 1.1 or higher. (This is based on the OS library support.) 1.0 is being phased out in many places, so I agree it's best to find a way to use 1.2 or even 1.3 if you can.

score 0 · Answer 10 · 2020-06-29T11:00:40-04:00

the version I am (VSI 8.4-1H1) on supports the higher versions but I was told that Cache only would look at the 1.0 library. if this is not the case please let me know what i can do to remedy this situation.

thanks

Paul