[jadmin] SSL workaround with 'stunnel'

kadokev at msg.net kadokev at msg.net
Tue Mar 20 16:05:05 CST 2001


I have yet to get FreeBSD 4.2 to work with SSL compiled into jabberd, I do
have a workaround:

	su jabber -c "stunnel -d 5223 -r localhost:5222 \
			-p /usr/local/jabber-1.4/key.pem"


This starts a 'stunnel' daemon process that accepts SSL connections on TCP
port 5223 and reroutes the cleartext to port 5222 on the loopback interface. I
have successfully used this with the latest 'WinJab'.

This works _without_ compiling jabberd to use OpenSSL, but does impose
significant additional overhead compared to doing the SSL in the jabber process,
and this method does not scale well to hundreds of clients.

One advantage to this general method (doing SSL independent of jabberd) is
that it is possible to use any SSL accelerator in front of a jabber server
or server pool, perhaps by policy routing inbound port 5223 traffic.


Kevin Kadow
MSG.Net, Inc.

(P.S. For more on stunnel, see http://stunnel.mirt.net/ to download source.)




More information about the JAdmin mailing list