<div dir="ltr"><div>Hi,</div><div><br></div><div>It's not clear in your description what is running on 8118 local port.</div><div><br></div><div>Regards,</div><div>Flo<br></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <<a href="mailto:kovacsjanosfasz@gmail.com">kovacsjanosfasz@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">sorry to bother,<br>
im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 sites.<br>
i heard stunnel cant be configured to always forward to the current<br>
site address dynamically, thats why i would use privoxy.<br>
the browser is configured to send to:<br>
127.0.0.1 443<br>
<br>
stunnel config has this at the end:<br>
[Tunnel_in]<br>
client = yes<br>
accept = <a href="http://127.0.0.1:443" rel="noreferrer" target="_blank">127.0.0.1:443</a><br>
connect = <a href="http://127.0.0.1:8118" rel="noreferrer" target="_blank">127.0.0.1:8118</a><br>
verifyChain = yes<br>
CAfile = ca-certs.pem<br>
checkHost = localhost<br>
<br>
<a href="http://127.0.0.1:8118" rel="noreferrer" target="_blank">127.0.0.1:8118</a> is the privoxy address.<br>
this is what stunnel writes:<br>
LOG5[main]: Configuration successful<br>
LOG5[0]: Service [Tunnel_in] accepted connection from <a href="http://127.0.0.1:3261" rel="noreferrer" target="_blank">127.0.0.1:3261</a><br>
LOG5[0]: s_connect: connected <a href="http://127.0.0.1:8118" rel="noreferrer" target="_blank">127.0.0.1:8118</a><br>
LOG5[0]: Service [Tunnel_in] connected remote server from <a href="http://127.0.0.1:3262" rel="noreferrer" target="_blank">127.0.0.1:3262</a><br>
<br>
and the browser infinitely loads, and never loads anything or leaves the page.<br>
if i remove the last 3 lines, its the same just with this line added:<br>
LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM attacks<br>
<br>
but it doesnt give an error or anything.<br>
<br>
with a configuration like:<br>
[Tunnel_out]<br>
client = no<br>
accept = <a href="http://127.0.0.1:443" rel="noreferrer" target="_blank">127.0.0.1:443</a><br>
connect = <a href="http://127.0.0.1:8118" rel="noreferrer" target="_blank">127.0.0.1:8118</a><br>
cert = stunnel.pem<br>
<br>
this is what it gives:<br>
LOG5[3]: Service [Tunnel_out] accepted connection from <a href="http://127.0.0.1:3294" rel="noreferrer" target="_blank">127.0.0.1:3294</a><br>
LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL<br>
routines:SSL23_GET_CLIENT_HELLO:https proxy request<br>
LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket<br>
<br>
and browser gives a server not found error immediately. im not even<br>
sure if i should use client or server configuration in a case like<br>
this, but none of them works anyway. all i would need is for my<br>
browser to get the pages decrypted, or at least in less than TLS1.1.<br>
like how on <a href="http://newipnow.com" rel="noreferrer" target="_blank">newipnow.com</a> i can access sites with any encryption, since<br>
they are sent to the browser without encryption. the browser just<br>
gives an "unencrypted tunnel" warning, which is how i found stunnel,<br>
and which is exactly what i need, just locally.<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" rel="noreferrer" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</blockquote></div>