Setting up stunnel in client mode in Backtrack 4 / Ubuntu

This blog post will explain how to configure stunnel to allow non-SSL speaking tools (like for example netcat) to communicate with SSL protocols, in our example we will use HTTPS.
Before stunnel, direct attempt of using a non-SSL tool:
# nc 443
400 Bad Request
Bad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
You can find the stunnel configuration file using this command:
# locate stunnel|grep conf
Or you can directly edit the stunnel configuration file like this:
vi /etc/stunnel/stunnel.conf
Configuration changes in the stunnel.conf file (note: comments start with “;”):
  • comment this: ;cert = /etc/stunnel/mail.pem (no need for certs on client mode)
  • uncomment this: client = yes
  • comment all unneeded services, for example:
;accept =
;connect =
  • Uncomment and configure needed services, for example ( represents the target host you want to connect to, below accepts connections in clear text on port 80 and forwards them using SSL to the destination host on port 443):
accept = 80
connect =
TIMEOUTclose = 0
  • Create pem file:
cd /etc/stunnel
openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem
  • Fix permissions:
chmod 600 stunnel.pem
  • Shocking but true … Set as enabled!!!!:
vi /etc/default/stunnel4
  • Even more shocking .. Set as enabled again!!!:
vi /etc/init.d/stunnel4
  • Now start it via init.d!!!:
/etc/init.d/stunnel4 start
Starting SSL tunnels: [Started: /etc/stunnel/stunnel.conf]
Now you are ready to go!
There are other self-explanatory commands like:
/etc/init.d/stunnel4 restart
/etc/init.d/stunnel4 stop
After doing all this you can communicate with host, which requires SSL on port 443 with non-SSL tools like netcat, the following would work and get the reply from the web server:
# nc 80
HTTP/1.1 302 Found
Date: Fri, 11 Mar 2011 05:10:31 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=iso-8859-1