<html><body><div style="color:#000; background-color:#fff; font-family:Courier New, courier, monaco, monospace, sans-serif;font-size:13px"><div id="yui_3_16_0_1_1434974849653_6640">Good idea, as it looks like a more reasonable approach. I will check it out.</div><div id="yui_3_16_0_1_1434974849653_6823">Thanx a lot.<br></div><div id="yui_3_16_0_1_1434974849653_6639"><span></span></div> <br><div class="qtdSeparateBR"><br><br></div><div style="display: block;" class="yahoo_quoted"> <div style="font-family: Courier New, courier, monaco, monospace, sans-serif; font-size: 13px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"> <font face="Arial" size="2"> Josealf.rm <josealf@rocketmail.com> schrieb am 13:33 Montag, 22.Juni 2015:<br> </font> </div> <br><br> <div class="y_msg_container"><div id="yiv3929821751"><div><div>Not sure I understand your need. But it seems to me you can get what you want at the firewall level. You can enable ip accounting and set some rules to log https connections. Then you Can parse the logs to obtain your data.<br clear="none"></div><div><br clear="none"></div><div>Regards,</div><div>Jose</div><div><br clear="none">El 20/6/2015, a las 10:12, reiner otto <<a rel="nofollow" shape="rect" ymailto="mailto:augustus_meyer@yahoo.de" target="_blank" href="mailto:augustus_meyer@yahoo.de">augustus_meyer@yahoo.de</a>> escribió:<br clear="none"><br clear="none"></div><div class="yiv3929821751yqt6012425657" id="yiv3929821751yqt51231"><blockquote type="cite"><div><div style="color:#000;background-color:#fff;font-family:Courier New, courier, monaco, monospace, sans-serif;font-size:13px;"><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2599">I have following problem: I want to avoid the user to explicitly specify a https-proxy in his browser.<br clear="none"></div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2677">Let me explain:<br clear="none"></div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2785">For http, a transparent proxy can be interfaced via iptables DNAT, for example.</div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2676">Same for https will not work, without certificates installed etc.</div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2738">However, I only want some basic info about the https-session, like traffic volume or destination domain.<br clear="none"></div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2759">In case, there is an explicit https-proxy defined in the browser, I can get this info from the connect request, preceding the secure data exchange.</div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2807">But I want to avoid this explicit declararion. <br clear="none"></div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2838">Most likely I will need some custom programming for this, but may be there is a specialist here to give some direction. <br clear="none"></div><div dir="ltr" id="yiv3929821751yui_3_16_0_1_1434812466548_2784"><br clear="none"></div></div></div></blockquote></div><blockquote type="cite"><div><span>_______________________________________________</span><br clear="none"><span>stunnel-users mailing list</span><br clear="none"><span><a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a></span><br clear="none"><span><a rel="nofollow" shape="rect" target="_blank" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a></span><br clear="none"></div></blockquote></div></div><br><br></div> </div> </div> </div></div></body></html>