archerlogic
asked on
Persistent Connection for Stunnel
with Stunnel as the HTTPS SSL proxy I am connecting to a SSL server, with stunnel listening in my localhost on 4800. However, for every connection i make to localhost:4800 it seems to make a new connection to the remote SSL server too.
What I need is that when I run stunnel, it will connect to the remote server and maintain the connection. This same connection will be used for all the rest of the data I send to localhost:4800 and not create a new one.
Is there a setting I can add to make it persistant?
What I need is that when I run stunnel, it will connect to the remote server and maintain the connection. This same connection will be used for all the rest of the data I send to localhost:4800 and not create a new one.
Is there a setting I can add to make it persistant?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Stunnel _can_ keep connection active when 'session' and 'TIMEOUTidle' are specified. man stunnel. But some remote WEB servers close connection after each https:// request.
I just tested this very simple stunnel configuration:
[https]
accept = 8080
client = yes
connect = dave.sni.velox.ch:443
session = 300
TIMEOUTclose = 0
TIMEOUTidle = 180
When trying to connect to localhost:8080 and get any page:
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.1
Host: dave.sni.velox.ch
Connection: keep-alive
I always get "Connection: close" with subsequent TCP connection close:
HTTP/1.1 200 OK
Date: Thu, 22 Nov 2007 04:05:10 GMT
Server: Apache/2.2
Cache-Control: max-age=0
Expires: Thu, 22 Nov 2007 04:05:10 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
...
So I guess the problem is not in stunnel, but in remote server, that closes connection and you can do nothing with that.
I just tested this very simple stunnel configuration:
[https]
accept = 8080
client = yes
connect = dave.sni.velox.ch:443
session = 300
TIMEOUTclose = 0
TIMEOUTidle = 180
When trying to connect to localhost:8080 and get any page:
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.1
Host: dave.sni.velox.ch
Connection: keep-alive
I always get "Connection: close" with subsequent TCP connection close:
HTTP/1.1 200 OK
Date: Thu, 22 Nov 2007 04:05:10 GMT
Server: Apache/2.2
Cache-Control: max-age=0
Expires: Thu, 22 Nov 2007 04:05:10 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
...
So I guess the problem is not in stunnel, but in remote server, that closes connection and you can do nothing with that.
Oops, after some more testing with tcpdump I agree with alextoft, new connection to stunnel = new outgong TCP request. When incoming connection closes, outgoing connection also closes. That's logical, otherwise we could use other session, say after someone had authenticated, dropped connection and we connected to the same session and resume connection as that first authenticated user.
so that:
ssh -P -f -l 4800:192.168.1.15:80 me@192.168.1.85 sleep 10000