Do not attempt this before checking your country laws for encryption standards, if applicable.
You can achieve ssl connections for the vibe streamer via stunnel. (I have successfully done this.)
With a decent broadband connection and modern pc there shouldn't be any issues of "slowdown."
The only problem you'll probably run into is setting up stunnel. Stunnel setup information is sparse, but here is a modified tutorial (I originally wrote this for email connections)
Please note that this will probably only work in windows xp or server 2003.
First you need to download and install the following windows binary files (.exe). I recommend downloading and installing in the following order.
1) Active Perl
http//www.activestate.com/Products/Dow ... ActivePerl
2)Open SSL - names the directory Open SSL
http//www.slproweb.com/products/Win32OpenSSL.html
3) Stunnel - name the directory Stunnel
http//www.stunnel.org/download/binaries.html
Fo this tutorial I am going to use C\Program Filess\SSL as the install directory for OpenSSL and Stunnel. C\Perl should be used as the default directory for Perl.
After all installations are completed create a .bat to avoid having to cd into the directories.
To do this create a standard text file anywhere. Now name the file "open from here" without the "".
Open the text file and type "cmd" without the "".
Now close the file and go to top of the directory window and click on the Tools menu. In the Tools Menu, click view, and uncheck the option "hide extensions for known file ypes." Click okay and close the Tools Menu. Now your "open from here" text file will read "open from here.txt", rename this file to .bat which will give you "open from here.bat"
Once you have done this simply drop and/or copy/paste the "open from here.bat" into your C\Program Files\SSL\Stunnel and C\Program Files\SSL\OpenSSL\bin directories.
Trust me this will save you alot of time and frustation if you do not know how to cd to directores.
Now we need to do two things to get stunnel working
Create a configuration file.
Create some certificates.
The configuration file is easy.
First go into the stunnel directory and right click on the stunnel.conf file, open it's property menu, assign the file to open with notepad. Now open the file and replace the text with this
cert = stunnel.pem
key = stunnel.pem
socket = lTCP_NODELAY=1
socket = rTCP_NODELAY=1
options = TLS_ROLLBACK_BUG
options = ALL
;verify = 1
CApath = C\Program Files\OpenSSL\bin\demoCA\certs
CRLpath = C\Program Files\OpenSSL\bin\demoCA\crls
debug = 7
output = stunnel.log
client = no
[https]
accept = 443
connect = 127.0.0.180
TIMEOUTclose = 0
;End of Configuration file
Now note that you can choose to use a different ssl port other than 443. Upon using port 443 and port 80 you can expect various intrusion attempts.
I recommend using off port like port 30553, in such a case you need to change the stunnel configuration file to read
[https]
accept = 30553
connect = 127.0.0.180
TIMEOUTclose = 0
127.0.0.180 - 127.0.0.1 being the local host ip and port 80 being the port vibe streamer is listening to.
Your link would then become
https//yourserverdomain30553
This should cut down on port scans and intrusion attempts; after who uses port 30553, thus who would think to scan for it.
Now close and save the file.
Your configuration file is done.
Now all we need to do is create some certificates. Granted a few Linux and stunnel users will disagree with my methods, never the less there isn't a valid working windows tutorial that I've seen online; even the tutorial on the stunnel site doesn't work on windows. Thus my method was resolved through a lot of trial and error it should work on most windows systems.
1) Go into C\Program Files\OpenSSL\Bin and click on the "open from here.bat" you created earlier.
Follow the steps.
Type "ca.pl -newca" without the ""
Once prompted simply press enter
Now fill out the information requested
Question and Example Answers
Country name US
State or Province name WA
Locality Washington
Organization Name Company Name
Organizational Unit Name Company Division
Common Name (FQDN) Domain name or no ip address - you will need to enter a valid domain name here. If you don't have one then get one free from No Ip.
When prompted for a pass phase simply make one up; but don't lose the pass phase you made up. You may need this in the future with other
methods of certificate creation. I suggest you write it down some where. If ever lose the pass phase and need to create a new one, simply delete the demoCA and .rnd file, then start over.
Once you have answered all the questions about your certificate close the opened window.
This method creates the file needed for a certificate and it can be used to create the .pem stunnel requires; but I only use this method to create a directory for the ca and crls paths in the configuration file.
Now we need to create the actual stunnel certificate; to do this we need to go back into C\Program Files\SSL\Stunnel.
Here's where things get a little tricky You need need to create a folder called OpenSSL in the Stunnel directory. In this new OpenSSL folder we need to copy the openssl.exe file from CProgram Files\SSL\OpenSSL\bin to C\Program Files\SSL\Stunnel\OpenSSL via right click, copy, and paste. Plus we need the libeay32.dll, libssl32.dll, ssleay32.dll files from the C\Windows\system32 copied into the C\Program Files\SSL\Stunnel\Open SSL directory. (DO NOT PLACE ANY OF THESE FILES DIRECTLY INTO THE STUNNEL FOLDER. ) If you do then stunnel will not work. Stunnel will not work with Open SSL 9.8a. The version of openssl we are using to create certificates must remain seperate from the version stunnel uses for connections.) We also need to place a copy of our "open from here.bat into the new OpenSSL folder.
*******Modified*******
Last I checked Stunnel 4.20 will work fine with OpenSSL v0.9.8e, thus the libeay32.dll, libssl32.dll, ssleay32.dll files can be copied from the C\Windows\system32 into the C\Program Files\SSL\Stunnel\Open SSL directory. This will actually update Stunnel, however I do recommend that you save a backup to the original files as a precaution.
*******Modified*******
Once this is done we are ready to create a certificate.
Open your "open from here.bat file" and paste this command into it
openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
Now fill out the information as you did before and copy the .rnd file and the stunnel.pem into your stunnel directory. If prompted to replace the existing files then click okay.
Stunnel should start up without any problems and begin accepting SSL connections whenever requested.
If you want create longer valid certifcates then simply edit openssl file that looks like a pc with a globe in the background located in C\Program Files\SSL\Open SSL\bin This file needs to be opened from notepad, you will need to tell notepad to look for all file (extensions) in the directory - not just text files. Once open, look for and change the line - default_days from 365 to whatever, I use 1825 for 5 years. Close and save the file.
Now recreate your certificate with this command
openssl req -new -x509 -days 1825 -nodes -out stunnel.pem -keyout stunnel.pem
You will now have a five year long certificate.
Lastly don't forget to go back into the Tools menu of any windows directory and under view restore the default settings; this is to avoid changing any other file extension by accident.
I hope this tutorial helps.
) or is it just on the drawing board/not possible?
... ill try it out when i have time for it... sadly it wont be for a atleast a week or so.
