<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><span></span></div><div><div>You can set the host header in the request using curl. Try adding -H "HOST: localhost" to your command.</div><div id="AppleMailSignature"><br>Not sure about regular browsers...</div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">Regards </div><div id="AppleMailSignature">Jose<br><br></div><div><br>El 10 oct 2015, a las 12:28, Adrián Mihálko <<a href="mailto:adriankoooo@gmail.com">adriankoooo@gmail.com</a>> escribió:<br><br></div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html charset=utf-8">Thank you for this idea.<div class=""><br class=""></div><div class="">The connection is now successful:</div><div class=""><br class=""></div><div class=""><a href="http://pastebin.com/idLxrzRA" class="">http://pastebin.com/idLxrzRA</a></div><div class=""><br class=""></div><div class="">But the application on :41952 is blocking the request.</div><div class=""><br class=""></div><div class="">Let me clarify:</div><div class=""><br class=""></div><div class="">The only URL what is working is:</div><div class=""><a href="https://localhost:41952/DYMO/DLS/Printing/Check" class="">https://localhost:41952/DYMO/DLS/Printing/Check</a></div><div class=""><a href="https://www.dropbox.com/s/syw5clruyjildyf/Screenshot 2015-10-10 19.18.23.png?dl=0" class="">https://www.dropbox.com/s/syw5clruyjildyf/Screenshot%202015-10-10%2019.18.23.png?dl=0</a></div><div class=""> </div><div class="">Non working URL's:</div><div class=""><br class=""></div><div class=""><a href="https://127.0.0.1:41952/DYMO/DLS/Printing/Check" class="">https://127.0.0.1:41952/DYMO/DLS/Printing/Check</a></div><div class=""><a href="https://www.dropbox.com/s/8fc2v1e3gr0ap2q/Screenshot 2015-10-10 19.19.27.png?dl=0" class="">https://www.dropbox.com/s/8fc2v1e3gr0ap2q/Screenshot%202015-10-10%2019.19.27.png?dl=0</a></div><div class=""><br class=""></div><div class=""><a href="https://192.168.2.123:41952/DYMO/DLS/Printing/Check" class="">https://192.168.2.123:41952/DYMO/DLS/Printing/Check</a></div><div class=""><a href="https://www.dropbox.com/s/yfkwx1s5acfek38/Screenshot 2015-10-10 19.20.46.png?dl=0" class="">https://www.dropbox.com/s/yfkwx1s5acfek38/Screenshot%202015-10-10%2019.20.46.png?dl=0</a></div><div class=""><br class=""></div><div class="">From remote machine (trough stunnel) I get same error:</div><div class=""><a href="https://www.dropbox.com/s/cm6l358k948hxhu/Screenshot 2015-10-10 19.21.23.png?dl=0" class="">https://www.dropbox.com/s/cm6l358k948hxhu/Screenshot%202015-10-10%2019.21.23.png?dl=0</a></div><div class=""><br class=""></div><div class="">Interesting that 127.0.0.1, 192.168.2.123 are also pointing to the localhost and it's not working.</div><div class="">I think the web service on :41952 checks the request header? Is there any way to fake this?</div><div class=""><br class=""></div><div class="">Regards,</div><div class="">Adrian</div><div class=""><br class=""></div><div class=""><div><blockquote type="cite" class=""><div class="">On 10. 10. 2015, at 19:06, Jose Alf. <<a href="mailto:josealf@rocketmail.com" class="">josealf@rocketmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><div style="background-color: rgb(255, 255, 255); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" class=""><div id="yiv1841358563" class=""><div id="yui_3_16_0_1_1444495737924_8359" class=""><div id="yui_3_16_0_1_1444495737924_8358" style="background-color: rgb(255, 255, 255); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" class=""><div id="yiv1841358563" class=""><div id="yiv1841358563yui_3_16_0_1_1444495737924_4338" class=""><div id="yiv1841358563yui_3_16_0_1_1444495737924_4337" style="background-color: rgb(255, 255, 255); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" class=""><div id="yiv1841358563yui_3_16_0_1_1444495737924_3174" class=""><div id="yui_3_16_0_1_1444495737924_8357" class="">Adrian,</div><div id="yui_3_16_0_1_1444495737924_8360" class=""><br clear="none" class=""></div><div id="yiv1841358563yui_3_16_0_1_1444495737924_4662" class=""><div id="yui_3_16_0_1_1444495737924_8426" dir="ltr" class="">Sorry, I didn't read your original mail carefully. You want to write <a id="yui_3_16_0_1_1444495737924_8554" href="https://192.168.1.10:1988/" class="">https://192.168.1.10:1988</a> <a id="yui_3_16_0_1_1444495737924_8421" href="https://192.168.1.10:1988/" class=""></a></div></div><div id="yiv1841358563yui_3_16_0_1_1444495737924_4661" class=""><div id="yui_3_16_0_1_1444495737924_8681" dir="ltr" class=""> and reach your SSL or TLS service that listens on port 4952 of loopback interface on host with IP 192.168.1.10.</div><div id="yui_3_16_0_1_1444495737924_8826" dir="ltr" class=""><br class=""></div><div id="yui_3_16_0_1_1444495737924_8827" dir="ltr" class="">You need to 2 stunnel stanzas to achive what you want. Something like:<br class=""></div></div></div><div id="yiv1841358563yui_3_16_0_1_1444495737924_3169" class=""><div id="yiv1841358563yui_3_16_0_1_1444495737924_4658" class=""><br clear="none" class=""></div><div id="yiv1841358563yui_3_16_0_1_1444495737924_4657" class=""><br clear="none" class=""></div></div><div id="yiv1841358563yui_3_16_0_1_1444495737924_3170" class="">[myservice]<br class="" id="yui_3_16_0_1_1444495737924_9055" clear="none"> cert = stunnel.pem<br class="" id="yui_3_16_0_1_1444495737924_9057" clear="none"> client = no<br class="" id="yui_3_16_0_1_1444495737924_9059" clear="none"> accept = <a class="" id="yui_3_16_0_1_1444495737924_9061" rel="nofollow" shape="rect" target="_blank" href="http://0.0.0.0:1988/">0.0.0.0:1988</a><br class="" id="yui_3_16_0_1_1444495737924_9063" clear="none"><div id="yui_3_16_0_1_1444495737924_9279" dir="ltr" class=""> connect = localhost:1987</div></div><div id="yiv1841358563yui_3_16_0_1_1444495737924_3168" class=""><span class=""></span></div><div id="yui_3_16_0_1_1444495737924_9215" class=""><br class=""> </div><div id="yui_3_16_0_1_1444495737924_9214" class=""><br class=""></div><div class="" id="yiv1841358563yui_3_16_0_1_1444495737924_3170">[myserviceaux]<br class="" id="yui_3_16_0_1_1444495737924_9055" clear="none"> cert = stunnel.pem<br class="" id="yui_3_16_0_1_1444495737924_9057" clear="none"> client = yes<br class="" id="yui_3_16_0_1_1444495737924_9059" clear="none"> accept = <a class="" id="yui_3_16_0_1_1444495737924_9061" rel="nofollow" shape="rect" target="_blank" href="http://0.0.0.0:1988/">localhost:1987</a><br class="" id="yui_3_16_0_1_1444495737924_9063" clear="none"><div class="" id="yui_3_16_0_1_1444495737924_9073" dir="ltr"> connect = localhost:4952</div></div><div class="" id="yiv1841358563yui_3_16_0_1_1444495737924_3168"><span class="" id="yui_3_16_0_1_1444495737924_9076"></span></div><div class="" id="yui_3_16_0_1_1444495737924_9078"><br class="" id="yui_3_16_0_1_1444495737924_9080"> </div><div class="" id="yui_3_16_0_1_1444495737924_9082" dir="ltr"><br class="" id="yui_3_16_0_1_1444495737924_9084"></div><div class="yiv1841358563qtdSeparateBR" id="yiv1841358563yui_3_16_0_1_1444495737924_3255">If you find this too convoluted, you could try with other reverse proxy software like apache or squid.<br clear="none" class=""><br clear="none" class=""></div></div></div></div><div id="yui_3_16_0_1_1444495737924_8685" class=""> <div id="yui_3_16_0_1_1444495737924_8684" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;" class=""> <div id="yui_3_16_0_1_1444495737924_8683" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;" class=""> <div id="yui_3_16_0_1_1444495737924_8682" class="yiv1841358563qtdSeparateBR">With your original config, you should be able to connect using http instead of https, as stunnel is expecting clearr text traffic.<br clear="none" class=""><div id="yui_3_16_0_1_1444495737924_9670" class=""><br class=""></div><div id="yui_3_16_0_1_1444495737924_9676" class=""><br class=""></div><div id="yui_3_16_0_1_1444495737924_9669" class="">Please try and let us know how it goes.<br class=""></div><div id="yui_3_16_0_1_1444495737924_9675" class=""><br class=""></div></div><div class="yiv1841358563yqt6141254515" id="yiv1841358563yqt00966"><div class="yiv1841358563yqt4233582521" id="yiv1841358563yqt03006"><div id="yui_3_16_0_1_1444495737924_9344" dir="ltr" class=""> <font id="yui_3_16_0_1_1444495737924_9668" face="Arial" size="2" class=""> On Saturday, October 10, 2015 9:58 AM, Josealf.rm <<a href="mailto:josealf@rocketmail.com" class="">josealf@rocketmail.com</a>> wrote:<br clear="none" class=""> </font> </div> <br clear="none" class=""><br clear="none" class=""> <div id="yui_3_16_0_1_1444495737924_8890" class="yiv1841358563y_msg_container"><div id="yiv1841358563" class=""><div id="yui_3_16_0_1_1444495737924_8889" class=""><div id="yui_3_16_0_1_1444495737924_9538" class="">Some clarifications</div><div id="yiv1841358563AppleMailSignature" class=""><br clear="none" class=""></div><div id="yiv1841358563AppleMailSignature" class="">1. Most likely stunnel and your service can't negotiate a protocol. Thus the connection fails. The service could be using SSL3 that is now obsolete. You may need to downgrade from TLS to SSL3 in stunnel.</div><div id="yiv1841358563AppleMailSignature" class="">2. You can do a direct test with curl against you service (local) or openssl s_client.</div><div id="yiv1841358563AppleMailSignature" class=""><br clear="none" class="">Regards</div><div id="yiv1841358563AppleMailSignature" class="">Jose</div><div class=""><br clear="none" class="">El 9 oct 2015, a las 5:44, Adrián Mihálko <<a rel="nofollow" shape="rect" ymailto="mailto:adriankoooo@gmail.com" target="_blank" href="mailto:adriankoooo@gmail.com" class="">adriankoooo@gmail.com</a>> escribió:<br clear="none" class=""><br clear="none" class=""></div><div class="yiv1841358563yqt9984607881" id="yiv1841358563yqt70604"><blockquote id="yui_3_16_0_1_1444495737924_8895" type="cite" class=""><div id="yui_3_16_0_1_1444495737924_8894" class=""><div id="yui_3_16_0_1_1444495737924_8893" dir="ltr" class="">Some good news, I remove client = yes as you suggested:<div class=""><br clear="none" class=""></div><div id="yui_3_16_0_1_1444495737924_8892" class=""><div class="">2015.10.09 12:39:29 LOG5[main]: Configuration successful</div><div id="yui_3_16_0_1_1444495737924_9604" class="">2015.10.09 12:39:29 LOG5[main]: Logging to C:\Users\adrianmihalko\AppData\Local\stunnel.log</div><div id="yui_3_16_0_1_1444495737924_9602" class="">2015.10.09 12:39:34 LOG6[57]: SSL socket closed (SSL_read)</div><div class="">2015.10.09 12:39:34 LOG5[57]: Connection closed: 0 byte(s) sent to SSL, 445 byte(s) sent to socket</div><div class="">2015.10.09 12:39:34 LOG5[60]: Service [myservice] accepted connection from <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://192.168.1.25:49671/" class="">192.168.1.25:49671</a></div><div id="yui_3_16_0_1_1444495737924_8891" class="">2015.10.09 12:39:34 LOG6[60]: SSL accepted: new session negotiated</div><div class="">2015.10.09 12:39:34 LOG6[60]: No peer certificate received</div><div class="">2015.10.09 12:39:34 LOG6[60]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)</div><div class="">2015.10.09 12:39:34 LOG6[60]: failover: round-robin, starting at entry #0</div><div class="">2015.10.09 12:39:34 LOG6[60]: s_connect: connecting ::1:41952</div><div class="">2015.10.09 12:39:34 LOG5[60]: s_connect: connected ::1:41952</div><div class="">2015.10.09 12:39:34 LOG6[60]: persistence: ::1:41952 cached</div><div class="">2015.10.09 12:39:34 LOG5[60]: Service [myservice] connected remote server from ::1:50598</div><div id="yui_3_16_0_1_1444495737924_9603" class="">2015.10.09 12:39:34 LOG6[60]: SSL socket closed (SSL_read)</div><div class="">2015.10.09 12:39:34 LOG5[60]: Connection closed: 0 byte(s) sent to SSL, 0 byte(s) sent to socket</div><div class="">2015.10.09 12:39:34 LOG5[61]: Service [myservice] accepted connection from <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://192.168.1.25:49672/" class="">192.168.1.25:49672</a></div><div id="yui_3_16_0_1_1444495737924_8896" class="">2015.10.09 12:39:34 LOG6[61]: SSL accepted: new session negotiated</div><div class="">2015.10.09 12:39:34 LOG6[61]: No peer certificate received</div><div class="">2015.10.09 12:39:34 LOG6[61]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)</div><div class="">2015.10.09 12:39:34 LOG6[61]: failover: round-robin, starting at entry #1</div><div class="">2015.10.09 12:39:34 LOG6[61]: s_connect: connecting <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1:41952/" class="">127.0.0.1:41952</a></div><div id="yui_3_16_0_1_1444495737924_8994" class="">2015.10.09 12:39:34 LOG5[61]: s_connect: connected <a id="yui_3_16_0_1_1444495737924_8993" rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1:41952/" class="">127.0.0.1:41952</a></div><div class="">2015.10.09 12:39:34 LOG6[61]: persistence: <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1:41952/" class="">127.0.0.1:41952</a> cached</div><div class="">2015.10.09 12:39:34 LOG5[61]: Service [myservice] connected remote server from <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1:50599/" class="">127.0.0.1:50599</a></div></div><div class=""><br clear="none" class=""></div><div class="">openssl_client log:</div><div class=""><br clear="none" class=""></div><div id="yui_3_16_0_1_1444495737924_8897" class=""><a rel="nofollow" shape="rect" target="_blank" href="http://pastebin.com/7bg3sf7J" class="">http://pastebin.com/7bg3sf7J</a><br clear="none" class=""></div><div class=""><br clear="none" class=""></div><div class="">The problem is now that the site loads forever, nothing happens. </div><div class=""><br clear="none" class=""></div><div class=""><div class="">(this certificate (:1988) is other than the original (:41952). This is not problem?</div></div><div class=""><br clear="none" class=""></div><div class="">curl test:</div><div class=""><br clear="none" class=""></div><div id="yui_3_16_0_1_1444495737924_8899" class=""><div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">$ curl <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="https://192.168.1.17:1988/DYMO/DLS/Printing/Check" class="">https://192.168.1.17:1988/DYMO/DLS/Printing/Check</a> -vk</div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">* Trying 192.168.1.17...</div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">* Connected to 192.168.1.17 (192.168.1.17) port 1988 (#0)</div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</div>
<div id="yui_3_16_0_1_1444495737924_8898" style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">* Server certificate: localhost</div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">> GET /DYMO/DLS/Printing/Check HTTP/1.1</div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">> Host: <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://192.168.1.17:1988/" class="">192.168.1.17:1988</a></div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">> User-Agent: curl/7.43.0</div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">> Accept: */*</div>
<div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">> </div></div><div class="">waiting forever.</div></div><div id="yui_3_16_0_1_1444495737924_8905" class="yiv1841358563gmail_extra"><br clear="none" class=""><div id="yui_3_16_0_1_1444495737924_8904" class="yiv1841358563gmail_quote">2015-10-09 12:34 GMT+02:00 Adrián Mihálko <span dir="ltr" class=""><<a rel="nofollow" shape="rect" ymailto="mailto:adriankoooo@gmail.com" target="_blank" href="mailto:adriankoooo@gmail.com" class="">adriankoooo@gmail.com</a>></span>:<br clear="none" class=""><blockquote id="yui_3_16_0_1_1444495737924_8903" class="yiv1841358563gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div id="yui_3_16_0_1_1444495737924_8902" dir="ltr" class="">In the first mail I wrote ports bad, of course in the log I am using the good ones.<div class=""><br clear="none" class=""></div><div id="yui_3_16_0_1_1444495737924_8901" class=""><span class="yiv1841358563"></span><div class="">[myservice]</div><div class="">cert = stunnel.pem</div><div id="yui_3_16_0_1_1444495737924_8900" class="">client = yes</div><div class="">accept = <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://0.0.0.0:1988/" class="">0.0.0.0:1988</a></div><div class="">connect = localhost:41952</div></div><div class=""><br clear="none" class=""></div></div><div id="yui_3_16_0_1_1444495737924_8912" class="yiv1841358563HOEnZb"><div id="yui_3_16_0_1_1444495737924_8911" class="yiv1841358563h5"><div id="yui_3_16_0_1_1444495737924_8910" class="yiv1841358563gmail_extra"><br clear="none" class=""><div id="yui_3_16_0_1_1444495737924_8909" class="yiv1841358563gmail_quote">2015-10-09 12:32 GMT+02:00 Adrián Mihálko <span dir="ltr" class=""><<a rel="nofollow" shape="rect" ymailto="mailto:adriankoooo@gmail.com" target="_blank" href="mailto:adriankoooo@gmail.com" class="">adriankoooo@gmail.com</a>></span>:<br clear="none" class=""><blockquote id="yui_3_16_0_1_1444495737924_8908" class="yiv1841358563gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div id="yui_3_16_0_1_1444495737924_8907" dir="ltr" class="">Sorry, curl was only for testing.<div class=""><br clear="none" class=""></div>Adrians-MacBook-Pro:~ adrianmihalko$ openssl s_client -connect <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://192.168.1.17:1988/" class="">192.168.1.17:1988</a><br clear="none" class="">CONNECTED(00000003)<br clear="none" class="">1130:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:618:<div id="yui_3_16_0_1_1444495737924_8906" class=""><br clear="none" class=""></div><div id="yui_3_16_0_1_1444495737924_8914" class=""><div class="">2015.10.09 12:23:21 LOG5[main]: Reading configuration from file stunnel.conf</div><div class="">2015.10.09 12:23:21 LOG5[main]: UTF-8 byte order mark detected</div><div class="">2015.10.09 12:23:21 LOG5[main]: FIPS mode disabled</div><div class="">2015.10.09 12:23:21 LOG6[main]: Initializing service [gmail-pop3]</div><div class="">2015.10.09 12:23:21 LOG6[main]: Initializing service [gmail-imap]</div><div class="">2015.10.09 12:23:21 LOG6[main]: Initializing service [gmail-smtp]</div><div class="">2015.10.09 12:23:21 LOG6[main]: Initializing service [myservice]</div><div class="">2015.10.09 12:23:21 LOG6[main]: Loading certificate from file: stunnel.pem</div><div class="">2015.10.09 12:23:21 LOG6[main]: Loading key from file: stunnel.pem</div><div class="">2015.10.09 12:23:21 LOG4[main]: Service [myservice] needs authentication to prevent MITM attacks</div><div class="">2015.10.09 12:23:21 LOG5[main]: Configuration successful</div><div id="yui_3_16_0_1_1444495737924_8913" class="">2015.10.09 12:23:21 LOG5[main]: Logging to C:\Users\adrianmihalko\AppData\Local\stunnel.log</div><div class="">2015.10.09 12:23:42 LOG5[39]: Service [myservice] accepted connection from <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://192.168.1.25:49454/" class="">192.168.1.25:49454</a></div><div class="">2015.10.09 12:23:42 LOG6[39]: failover: round-robin, starting at entry #0</div><div class="">2015.10.09 12:23:42 LOG6[39]: s_connect: connecting ::1:41952</div><div class="">2015.10.09 12:23:42 LOG5[39]: s_connect: connected ::1:41952</div><div class="">2015.10.09 12:23:42 LOG5[39]: Service [myservice] connected remote server from ::1:50564</div><div class="">2015.10.09 12:23:42 LOG6[39]: SNI: sending servername: localhost</div><div class="">2015.10.09 12:23:42 LOG6[39]: Certificate verification disabled</div><div class="">2015.10.09 12:23:42 LOG6[39]: Certificate verification disabled</div><div class="">2015.10.09 12:23:42 LOG6[39]: SSL connected: new session negotiated</div><div class="">2015.10.09 12:23:42 LOG6[39]: Negotiated TLSv1 ciphersuite AES128-SHA (128-bit encryption)</div><div class="">2015.10.09 12:23:42 LOG6[39]: SSL socket closed (SSL_read)</div><div id="yui_3_16_0_1_1444495737924_8915" class="">2015.10.09 12:23:42 LOG5[39]: Connection closed: 130 byte(s) sent to SSL, 505 byte(s) sent to socket</div></div><div class=""><br clear="none" class=""></div><div class="">If I am connecting to the :41952:</div><div class=""><br clear="none" class=""></div><div style="margin:0px;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(101,123,131);background-color:rgb(253,246,227);" class="">openssl s_client -connect <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://192.168.1.17:41952/" class="">192.168.1.17:41952</a></div>...<br clear="none" class=""><br clear="none" class="">---<br clear="none" class="">No client certificate CA names sent<br clear="none" class="">---<br clear="none" class="">SSL handshake has read 1724 bytes and written 712 bytes<br clear="none" class="">---<br clear="none" class="">New, TLSv1/SSLv3, Cipher is AES128-SHA<br clear="none" class="">Server public key is 4096 bit<br clear="none" class="">Secure Renegotiation IS supported<br clear="none" class="">Compression: NONE<br clear="none" class="">Expansion: NONE<br clear="none" class="">SSL-Session:<br clear="none" class=""> Protocol : TLSv1<br clear="none" class=""> Cipher : AES128-SHA<br clear="none" class="">...<div class="yiv1841358563gmail_extra"><br clear="none" class=""></div><div id="yui_3_16_0_1_1444495737924_8920" class="yiv1841358563gmail_extra"><br clear="none" class=""><div id="yui_3_16_0_1_1444495737924_8919" class="yiv1841358563gmail_quote"><div class=""><div class="">2015-10-09 10:55 GMT+02:00 test rig <span dir="ltr" class=""><<a rel="nofollow" shape="rect" ymailto="mailto:testrig@z1p.biz" target="_blank" href="mailto:testrig@z1p.biz" class="">testrig@z1p.biz</a>></span>:<br clear="none" class=""></div></div><blockquote id="yui_3_16_0_1_1444495737924_8918" class="yiv1841358563gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div id="yui_3_16_0_1_1444495737924_8917" class=""><div id="yui_3_16_0_1_1444495737924_8916" class=""><br clear="none" class=""><font face="arial" size="2" class=""><font face="arial" size="2" class="">Ouch #2 missing...<br clear="none" class=""><br clear="none" class=""></font></font><font face="arial" size="2" class=""><font face="arial" size="2" class=""><span class="">Hi Adrian, looks good to me so far - mostly. Try to replace the client=yes with a client=no on the server<br clear="none" class=""><br clear="none" class=""></span>You are connection to :9999 with curl(?)<br clear="none" class="">Try verify it via "openssl s_client -connect yourserverip:1988" command<br clear="none" class=""><br clear="none" class="">Best Regards<br clear="none" class="">Michael<br clear="none" class=""><br clear="none" class=""></font></font><font face="arial" size="2" class=""><font face="arial" size="2" class=""></font></font><blockquote id="yui_3_16_0_1_1444495737924_8921" dir="ltr" style="border-left:2px solid rgb(0,0,0);padding-right:0px;padding-left:5px;margin-left:5px;margin-right:0px;" class="">--- Ursprüngliche Nachricht ---<br clear="none" class=""><b class="">Von:</b> "test rig" <<a rel="nofollow" shape="rect" ymailto="mailto:testrig@z1p.biz" target="_blank" href="mailto:testrig@z1p.biz" class="">testrig@z1p.biz</a>><br clear="none" class=""><b class="">Datum:</b> 09.10.2015 09:48:02<br clear="none" class=""><b class="">An:</b> "<a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org" class="">stunnel-users@stunnel.org</a>." <<a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org" class="">stunnel-users@stunnel.org</a>><br clear="none" class=""><b class="">Betreff:</b> Re: [stunnel-users] (no subject)<br clear="none" class=""><br clear="none" class=""><font face="arial" size="2" class=""><span class="">Hi Adrian, looks good to me so far - mostly. Try to replace the client=yes with a client=no on the server<br clear="none" class=""></span></font><blockquote id="yui_3_16_0_1_1444495737924_8926" dir="ltr" style="border-left:2px solid rgb(0,0,0);padding-right:0px;padding-left:5px;margin-left:5px;margin-right:0px;" class=""><span class="">--- Ursprüngliche Nachricht ---<br clear="none" class=""><b class="">Von:</b> Adrián Mihálko <u class=""></u><br clear="none" class=""></span><div id="yui_3_16_0_1_1444495737924_8925" class=""><div id="yui_3_16_0_1_1444495737924_8924" class=""><b class="">Datum:</b> 09.10.2015 08:15:19<br clear="none" class=""><b class="">An:</b> <a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org" class="">stunnel-users@stunnel.org</a><br clear="none" class=""><b class="">Betreff:</b> [stunnel-users] (no subject)<br clear="none" class=""><br clear="none" class=""><div id="yui_3_16_0_1_1444495737924_8923" dir="ltr" class=""><div id="yui_3_16_0_1_1444495737924_8922" class="">Dear stunnel users,</div><div class=""><br clear="none" class=""></div><div id="yui_3_16_0_1_1444495737924_8927" class="">I have a little service which listen only on <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="https://localhost:4952/" class="">https://localhost:4952</a> and checks source hostname. I want to connect on "listen:1988" and redirect requests with stunnel to "localhost:4952"<br clear="none" class=""><br clear="none" class=""><a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="https://192.168.1.10:1988/" class="">https://192.168.1.10:1988</a>
-> redirect <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="https://localhost:4952/" class="">https://localhost:4952</a><br clear="none" class=""><br clear="none" class=""><br clear="none" class=""> I am trying to configure stunnel like this<br clear="none" class=""><br clear="none" class=""> [myservice]<br clear="none" class=""> cert = stunnel.pem<br clear="none" class=""> client = yes<br clear="none" class=""> accept = <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://0.0.0.0:1988/" class="">0.0.0.0:1988</a><br clear="none" class=""> connect = localhost:4952<br clear="none" class=""><br clear="none" class=""> remote machine$ curl <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="https://192.168.1.25:9999/DYMO/DLS/Printing/Check" class="">https://192.168.1.25:9999/DYMO/DLS/Printing/Check</a> -v<br clear="none" class=""> * Trying 192.168.1.25...<br clear="none" class=""> * Connected to 192.168.1.25 (192.168.1.25) port 9999 (#0)<br clear="none" class=""> * WARNING: using IP address, SNI is being disabled by the OS.<br clear="none" class=""> * Unknown SSL protocol error in connection to 192.168.1.25:-9847<br clear="none" class=""> * Closing connection 0<br clear="none" class=""> curl: (35) Unknown SSL protocol error in connection to 192.168.1.25:-9847<br clear="none" class=""><br clear="none" class=""> stunnel.log:<br clear="none" class=""> 2015.10.09
09:05:42 LOG5[38]: Service [myservice] accepted connection from <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://192.168.1.24:60748/" class="">192.168.1.24:60748</a><br clear="none" class=""> 2015.10.09 09:05:42 LOG6[38]: failover: round-robin, starting at entry #1<br clear="none" class=""> 2015.10.09 09:05:42 LOG6[38]: s_connect: connecting <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1:41952/" class="">127.0.0.1:41952</a><br clear="none" class=""> 2015.10.09 09:05:42 LOG5[38]: s_connect: connected <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1:41952/" class="">127.0.0.1:41952</a><br clear="none" class=""> 2015.10.09 09:05:42 LOG5[38]: Service [myservice] connected remote server from <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://127.0.0.1:50503/" class="">127.0.0.1:50503</a><br clear="none" class=""> 2015.10.09 09:05:42 LOG6[38]: SNI: sending servername: localhost<br clear="none" class=""> 2015.10.09 09:05:42 LOG6[38]: Certificate verification disabled<br clear="none" class=""> 2015.10.09 09:05:42 LOG6[38]: Certificate verification disabled<br clear="none" class=""> 2015.10.09
09:05:42 LOG6[38]: SSL connected: new session negotiated<br clear="none" class=""> 2015.10.09 09:05:42 LOG6[38]: Negotiated TLSv1 ciphersuite AES128-SHA (128-bit encryption)<br clear="none" class=""> 2015.10.09 09:05:42 LOG6[38]: SSL socket closed (SSL_read)<br clear="none" class=""> 2015.10.09 09:05:42 LOG5[38]: Connection closed: 230 byte(s) sent to SSL, 505 byte(s) sent to socket<br clear="none" class=""><br clear="none" class=""> I am tried verify = 1 to 4, either works. :(<br clear="none" class=""><br clear="none" class=""> Best Regards,<br clear="none" class=""> Adrian </div></div>
<u class=""></u></div></div></blockquote><div class=""><div class="">
<br clear="none" class=""><br clear="none" class="">
______________________________________________________<br clear="none" class="">
powered by <a rel="nofollow" shape="rect" target="_blank" href="http://perfect-privacy.com/" class="">Perfect-Privacy.com</a> / <a rel="nofollow" shape="rect" target="_blank" href="http://secure-mail.biz/" class="">Secure-Mail.biz</a> - anonymous and secure internet.</div></div></blockquote><div class=""><div class="">
<br clear="none" class=""><br clear="none" class="">
______________________________________________________<br clear="none" class="">
powered by <a rel="nofollow" shape="rect" target="_blank" href="http://perfect-privacy.com/" class="">Perfect-Privacy.com</a> / <a rel="nofollow" shape="rect" target="_blank" href="http://secure-mail.biz/" class="">Secure-Mail.biz</a> - anonymous and secure internet.
</div></div><br clear="none" class=""></div></div>_______________________________________________<br clear="none" class="">
stunnel-users mailing list<br clear="none" class="">
<a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org" class="">stunnel-users@stunnel.org</a><br clear="none" class="">
<a rel="nofollow" shape="rect" target="_blank" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" class="">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br clear="none" class="">
<br clear="none" class=""></blockquote></div><br clear="none" class=""></div></div>
</blockquote></div><br clear="none" class=""></div>
</div></div></blockquote></div><br clear="none" class=""></div>
</div></blockquote></div><blockquote type="cite" class=""><div class=""><span class="">_______________________________________________</span><br clear="none" class=""><span class="">stunnel-users mailing list</span><br clear="none" class=""><span class=""><a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org" class="">stunnel-users@stunnel.org</a></span><br clear="none" class=""><span class=""><a rel="nofollow" shape="rect" target="_blank" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" class="">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a></span><br clear="none" class=""></div></blockquote></div></div><br clear="none" class=""><div class="yiv1841358563yqt9984607881" id="yiv1841358563yqt48884">_______________________________________________<br clear="none" class="">stunnel-users mailing list<br clear="none" class=""><a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org" class="">stunnel-users@stunnel.org</a><br clear="none" class=""><a rel="nofollow" shape="rect" target="_blank" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" class="">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br clear="none" class=""></div><br clear="none" class=""><br clear="none" class=""></div></div></div> </div> </div> </div></div></div></div></div></div></div></blockquote></div><br class=""></div></div></blockquote></div></body></html>