Stunnel Vs. Routers

[CmdrMoozy]

So I've been trying to use Stunnel (http://www.stunnel.org/) on an unsecured wireless network I use fairly frequently to try to secure my traffic (and no, I can't just use vanilla SSH -- outgoing SSH traffic is blocked).

After some testing it looks like Stunnel, being that it's just an SSL connection, is pretty much transparent from any other SSL connection (like, say, Gmail or a banking site or whatever).

The only problem, is, apparently, some router or other piece of infrastructure on this network -- SOMETIMES -- blocks outgoing SSL connections. It would make perfect sense if they blocked outgoing port 443, or if SSL traffic was always filtered, but this is not the case: SSL-enabled web pages (again, Gmail, for example) work just fine 100% of the time, but Stunnel doesn't seem to be able to successfully open a connection at all.

So as a test I tried just using "openssl s_client" to see what exact was going wrong -- and here's where things get weird. The openssl client successfully connects, say, 50%-ish of the time. The rest of the time, it gets a packet from some Cisco piece of hardware that tells it to drop the connection (I confirmed this through Wireshark).

So anyway, my question is, what method can I use to figure out why this router is (sometimes) blocking my outgoing connection and other times does not, and what should I try to get it to leave Stunnel traffic alone the same way it does to SSL websites?

I can tell, like I said, that I'm receiving some drop packets from a piece of Cisco hardware, but after looking through some packet captures I can't really tell what the difference is between a blocked connection and a working connection.

[Infiltrator]

My guess is that whoever configured the router, must have set it in a way that blocks/unblocks port 443 at a scheduled time. One of the reasons I can think of is security measure.

However you could tunnel your traffic through port 80 if it doesn't get blocked at all.

Edited October 15, 2010 by Infiltrator

[CmdrMoozy]

My guess is that whoever configured the router, must have set it in a way that blocks/unblocks port 443 at a scheduled time. One of the reasons I can think of is security measure.

However you could tunnel your traffic through port 80 if it doesn't get blocked at all.

Well, as far as I can tell from poking around, it isn't really related to the port. The fact that web-based SSL traffic on the very same port works 100% of the time seems to indicate that, anyway.

There's got to be some manner in which an stunnel connection is different than a web-based SSL connection that the router doesn't like, I believe. I'm just not exactly sure what that difference is, or how I would go about finding it.

[Infiltrator]

I don't see much differences between Stunnel and Web-based SSL either. They both use the same methods to encrypt the traffic.

It uses the same libraries as the web-based SSL uses to implement the underlying TLS or SSL protocol. But it uses a different approach to encrypt the traffic, it wraps itself around the unencrypted traffic, in order to create a secure link.

This wiki can explain it a bit better, than I can.

http://en.wikipedia.org/wiki/Stunnel