Stunnel Configuration for NNTPS

Introduction

Most news readers do not support NNTPS connections, which makes it impossible for them to take advantage of encrypted news services. Fortunately, there is an excellent solution to this problem in the form of Stunnel.

What is Stunnel?

Stunnel is a program that enables you to encrypt TCP connections within SSL. It can provide the encryption for non SSL aware protocols such as POP, NNTP and many more. This webpage focuses on just the configuration required to access NNTPS enabled servers.

What you need to run Stunnel under Win32

Stunnel does not contain an SSL library, but uses the OpenSSL code which must be downloaded seperately. All of the required code can be obtained from the Stunnel website via the following links.

Stunnel Windows Binaries
Download the latest version of the Stunnel executable (4.04 at the time of writing).

Open SSL Binaries
Download the latest libssl32.dll, libeay32.dll and openssl.exe files from this page.

These four files (libssl32.ddl, libeay32.dll, openssl.exe and stunnel-4.04.exe) are all the downloads required.

Configuration

Having downloaded the required binary files, you need to create a directory from which to execute them. I would suggest creating \Program Files\Stunnel on whichever drive you prefer to keep programs on. (C: by default). Once this is done, copy the four downloaded binary files to it.

One more file must be created, this is the Stunnel configuration file which should be named stunnel.conf. The content of this file (shown below) defines which server Stunnel will connect to and on which ports. There are loads of additional configuration options you can employ, but this is the basic requirement. Create this file in your chosen Stunnel directory using a text editor such as Notepad. 
client = yes

[nntp]
accept = 127.0.0.1:119
connect = news.mixmin.net:563

Finishing Off

That's about it for the Stunnel configuration. You can now start your session by running the stunnel-4.04.exe. It will automatically pick up the configuration from the stunnel.conf file within the same directory. If all does well, you will see the Stunnel icon on the taskbar. Double-clicking this icon will open the Stunnel session log. You can create a Desktop or Start Menu shortcut to execute this program should you wish to do so.

Your news reader can now be configured to point to a server of 127.0.0.1 (or localhost) and it should work fine. The Stunnel log will show the arbitration taking place with the news server and the current connection status.

Example Configuration

The following excellent configuration example was submitted by Bikikii Admin. This includes some additional options not documented on this page that provide the user with an authenticated connection to the server.
Configuration File
Certificates and Fingerprints

Feedback

Writing instructions is easy, making sense of other peoples instructions is however not always so straight forward. I'm no technical author, so feedback on how these instructions can be improved or on your experiences whilst trying to follow them would be much appreciated. Please Email me, post to the local.feedback group on my news server or to alt.privacy.anon-server.


Home