<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Dear list,<br>
<br>
I have stunnel running in a configuration where we use it to connect
to a webserver over https while adding client certificates to the
requests. <br>
<br>
This worked fine until recently on the (Apache) webserver SSLv3 was
disabled. I installed the latest version of stunnel today (<a
href="https://www.stunnel.org/downloads/beta/stunnel-5.07b2.tar.gz">stunnel-5.07b2</a>)
but that did not fix the problem. Now STunnel tries to negotiate a
https connection using the TLSv1.2 and I found that because of this
Apache does not like the content of the Host variable in the HTTP
header which is different from what Apache is expectingto be. With
SSLv3 this was not an issue. As a result I get a "HTTP/1.1 400 Bad
Request" from the webserver.<br>
<br>
In my configuration I cannot (easily) apply some form of split DNS
to get the hostname correct in the http header already from the
client connecting to the stunnel service.<br>
<br>
I tested using curl sending a request through stunnel to the web
server and verified that when I modified the Host field in the
request header it does work. <br>
<br>
To my opinion it is stunnel setting up the HTTPS connection to the
webserver and stunnel should take care of setting the correct Host
field in the request header. Is there a way to let stunnel take
care of setting the correct info in the HTTP header?<br>
<br>
Best regards,<br>
<br>
Dion Kant<br>
<br>
</body>
</html>