How to Configure Stunnel Windows

stunnel is an open-source multi-platform application used to provide universal TLS/SSL tunneling service. stunnel is used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.

stunnel can be used as TLS proxy, I have used when we have issues with TLS 1.0 with one of API End point.

Server administrators and home users alike feel the pressure to secure their Internet communications, but not every application supports using Transport Layer Security (TLS). Recently all OS and all major stopped TLS 1.0 support. So we used Stunel as an fall back approach to TLS 1.0.

Step 1
Install Stunnel. Download the Windows binary file from Stunnel.org. Double-click on the executable "stunnel-4.34-installer.exe" and accept the default values for installing Stunnel on your computer.

Step 2
Copy a valid SSL public certificate to the directory "C:\Program Files (x86)\stunnel." To make things more trouble-free, combine the public key and private key certificates into one .PEM file.

Step 3
Modify the Stunnel configuration file. Open the file "C:\Program Files (x86)\stunnel\stunnel.conf" using a text editor such as Notepad. Modify the file to include the line "cert = C:\Program Files (x86)\stunnel\," where is the name of your certificate file.

Here is the example of my config file

client = yes
[myService1]
accept          = 4010
connect         = www.pld.ups.com:443
sslVersion 	= TLSv1.2

[myService2]
accept          = 4011
connect         = wwwcie.ups.com:443
sslVersion 	= TLSv1.2

Step 4
Configure Stunnel to start automatically. Navigate to the Start menu, "stunnel" folder and click on "Service Install." Stunnel will configure a Windows service called "stunnel" to start automatically when the computer boots.

Determining which version and edition of SQL Server Database Engine is running

Open SQL Server Management Studio (SSMS) and connect to SQL Server. Run below query to find version and edition of SQL server.

SELECT  
    SERVERPROPERTY('productversion') as 'Product Version', 
    SERVERPROPERTY('productlevel') as 'Product Level',  
    SERVERPROPERTY('edition') as 'Product Edition',
    SERVERPROPERTY('buildclrversion') as 'CLR Version',
    SERVERPROPERTY('collation') as 'Default Collation',
    SERVERPROPERTY('instancename') as 'Instance',
    SERVERPROPERTY('lcid') as 'LCID',
    SERVERPROPERTY('servername') as 'Server Name'

Hosts File in Windows 10 : Locate, Edit and Manage

Locating the Hosts file in Windows 10, navigate to C:\Windows\System32\Drivers\etc to find your Windows 10 hosts file. You can see it in the image given below

Editing the Windows 10 Hosts File

Before you can edit this file, you have a pre-requisites that need to be done, Make sure that your account has Administrator privilege as only administrators can modify this file.

Quick note: What does spherical, cylindrical, and axis mean in an eyeglass prescription?

• Spherical (or sphere): Specifies if you’re have either myopia or hyperopia.
  • Prescriptions with myopia (i.e. are nearsighted) will have a MINUS symbol followed by a number (that indicates the amount)
  • Prescriptions with hyperopia (i.e. are farsighted) will have a PLUS symbol followed by a number (which also indicates the amount).
• Cylindrical (or cyl): Ever heard of the word astigmatism? If you have a number in this column, guess what, you have some form of astigmatism.
  • Depending on the doctor you see, you may have a MINUS symbol here (if you see an optometrist) or a PLUS symbol here (if you see an ophthalmologist) followed by a number (that indicates the amount).
• Axis: This number indicates the orientation of where your astigmatism is located. This number will be between 0 to 180 degrees and can change over time.
• Add: This number is for patients that have presbyopia (or focusing/accommodative trouble) and need a bifocal. It provides focusing relieve and will have a PLUS symbol followed by a number (typically between +0.75 and +2.50).

Remote desktop connection authentication error due to “CredSSP encryption oracle remediation” #GDPR

In March, Microsoft released a security update to address vulnerabilities for the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) connections for Windows clients and Windows Server.

Previously, you were able to connect remotely from the updated machine to machines without the update. However, with the latest update released this May, Microsoft hardened security, and you can no longer connect to machines without the update.These might came in due to #GDPR

You will face the CredSSP encryption oracle remediation error if you have applications or services such as the Remote Desktop Connection that use CredSSP on an updated machine. Authentication will not work and you will get this error message:

Here is error message that is seen after recent windows update

The workable solution I found is to edit client Windows’ local group policy (gpedit.msc):

Under Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

Find setting “Encryption Oracle Remediation”. Its default value is “Not configured”. Just change it to “Enabled”, and set “Protection Level” as “Vulnerable”.

Now your remote desktop should be able to connect. Remember to revert the setting after you are done.