<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">At QUT Library we use Stunnel to encrypt SIP2 (ie. book borrowing) traffic from the self-checkout machines through to the Alma library services platform (as per
<a href="https://developers.exlibrisgroup.com/alma/integrations/stunnel/">https://developers.exlibrisgroup.com/alma/integrations/stunnel/</a> )<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our self-checkout machines run Windows 10 and are allowed limited internet access to two hosts (cloud.fetechgroup.com and ap01.alma.exlibrisgroup.com) via our institution’s Squid proxy and I have our c<span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;mso-fareast-language:EN-AU">urrent
WinHTTP proxy settings:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;mso-fareast-language:EN-AU"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Courier New";mso-fareast-language:EN-AU"> Proxy Server(s) : wproxy.qut.edu.au:3128<br>
Bypass List : *.qut.edu.au<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The proxy server settings are set for all protocols (HTTP, HTTPS, secure and FTP) and I’ve confirmed that web browser and the FE Technologies software is routing via wproxy.qut.edu.au. However Stunnel is still trying to connect to Alma
directly. Our stunnel.conf is as follows (just FYI, the FE Tech software points to 127.0.0.1:5001 as our library services platform address):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[KG_Self-Checkout]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">key = client.pem<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">cert = client.pem<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">client = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">accept = 127.0.0.1:5001<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">connect = ap01.alma.exlibrisgroup.com:6443<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">TIMEOUTclose = 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">TIMEOUTconnect = 200<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">TIMEOUTidle = 86400<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">sslVersion = TLSv1.2<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is there a way to force Stunnel to either respect the WinHTTP settings or configure it to route traffic to wproxy.qut.edu.au:3128 before initiating the connect = hostname:port?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I did try protocolHost as follows, but I’m probably misunderstanding how it works
<a href="https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS">https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS</a>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[KG_Self-Checkout]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">key = client.pem<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">cert = client.pem<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">client = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">accept = 127.0.0.1:5001<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">connect = wproxy.qut.edu.au:3128<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">protocolHost = ap01.alma.exlibrisgroup.com:6443<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">TIMEOUTclose = 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">TIMEOUTconnect = 200<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">TIMEOUTidle = 86400<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">sslVersion = TLSv1.2<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any advice or assistance gratefully accepted, and apologies if this is a silly question – I’m just a librarian trying to make this thing work.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#00467F;mso-fareast-language:EN-AU">Jai Parker | Information Access Librarian</span></b><span style="mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-AU"> </span><span style="mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-AU">QUT Library | Division of Administrative Services</span><span style="mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#00467F;mso-fareast-language:EN-AU">QUT</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-AU"> | Kelvin Grove | D Block, Level
1 | Victoria Park Rd Kelvin Grove QLD 4059</span><span style="mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-AU">P:
</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-AU">07 313<b>8 3381
</b>| E: <a href="mailto:lib.infoaccess@qut.edu.au" target="_blank"><span style="color:blue">lib.infoaccess@qut.edu.au</span></a> |
<a href="http://www.qut.edu.au/" target="_blank"><span style="color:blue">www.qut.edu.au</span></a>
</span><span style="mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;mso-fareast-language:EN-AU">ABN: 83 791 724 622 | CRICOS No. 00213J</span><span style="mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>