<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:11pt;color:#632423;font-family:Verdana,Geneva,sans-serif;" dir="ltr">
<p>Manuele--</p>
<p><br>
</p>
<p>Yes, SSL over SSL was more of an academic exercise, rather than a practical concern. But, thanks for the explanation. Chrome encrypts the connection, sends it to the STunnel server, which then decrypts. This means that any traffic flowing out of STunnel
server past this point is non-SSL. The STunnel server then makes a connection to my router's HTTPS port 443. This fails because the HTTPS server expects SSL traffic over 443, but the actual traffic it gets is not SSL and hence, rejects the connection. I think
I am understanding it correctly.</p>
<p><br>
</p>
<p>I followed your suggestion to run an STunnel client on my computer and Chrome going via it and it works. Alternatively, inserting an instance of STunnel client between the STunnel server and HTTPS server (all 3 running on the router) also works.</p>
<p><br>
</p>
<p>On a related note, while reading the documentation, I came across the "protocol" configuration parameter. One of the values it can take is "connect". I haven't had the chance to test it, but it is intriguing. I am wondering if putting "protocol = connect"
in my STunnel server's service options will force STunnel to make a HTTPS connection to the HTTPS server... Any idea?</p>
<p><br>
</p>
<p>Thanks,</p>
<div id="Signature">
<div id="divtagdefaultwrapper" style="font-size: 12pt; color: rgb(99, 36, 35); font-family: Verdana, Geneva, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols;">
<p><span style="font-size:11pt"></span></p>
<p><span style="font-size:11pt">Dipen Doshi</span><br>
</p>
</div>
</div>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="display:inline-block; width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Manuele Trimarchi <info@trimarchimanuele.it><br>
<b>Sent:</b> Monday, October 2, 2017 12:32 AM<br>
<b>To:</b> Dipen Doshi; stunnel-users@stunnel.org<br>
<b>Subject:</b> Re: [stunnel-users] Using Chrome directly as an STunnel Client to connect to an STunnel Server</font>
<div> </div>
</div>
<div>
<div>
<div dir="auto">Hi,</div>
<div dir="auto"><br>
</div>
<div dir="auto">Chrome is not able to know that behind the SSL connection there will be another SSL connection and not plain HTTP, that's your problem.</div>
<div dir="auto"><br>
</div>
<div dir="auto">In order to achive your goal for point 2 (btw I don't think that this kind of configuration has any sense honestly) you need to run an instance of stunnel in client mode on your computer that connects to the 443 endpoint of stunnel server. Then
it will listen on a port that you decide (i.e. 8443). At this point you have to point chrome to
<a href="https://localhost:8443">https://localhost:8443</a> and all will works *but* with some problems about certificate. This time chrome will get an handshake with the webserver and not with stunnel server.</div>
<div dir="auto"><br>
</div>
<div dir="auto">I hope that you understand that this is not a normal configuration and there is no need to double encrypt the HTTP connection.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Kind regards.</div>
</div>
<div dir="ltr">-- <br>
</div>
<div class="gmail_signature">Manuele Trimarchi</div>
</div>
</div>
</div>
</body>
</html>