stunnel-users August 2019

stunnel-users@stunnel.org

4 participants
12 discussions

Re: [stunnel-users] stunnel-users Digest, Vol 181, Issue 1
by Brent Kimberley 20 Aug '19

20 Aug '19

Your mileage may vary. ############################################################################### # From internal application to external host ############################################################################### # [Int_Init] -> [Int_Term] -> [Ext_Init] -> [Ext_Term] ############################################################################### # [internal_initiator] ---ssl---> [Internal terminator] # [Internal terminator] ---http---> [external Initiator] # [external Initiator] ---tls---> [external terminator] ############################################################################### # https://www.stunnel.org/static/stunnel.html ############################################################################### [Internal_Terminator] options = SSLv3 client = no accept = host_ip:443 connect = localhost:54321 CAfile = int_init_wallet.pem cert = int_term_pub.pem key = int_term_priv.pem [External_Initiator] options = SINGLE_ECDH_USE options = SINGLE_DH_USE ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 verify = 3? client = yes options = TLSv1.2 accept = localhost:54321 connect = externalhostname:443 verifyChain = yes renegotiation = no CAfile = ext_term_wallet.pem cert = ext_init_pub.pem key = ext_init_priv.pem ---------------------------------------------------------------------- Date: Mon, 19 Aug 2019 18:21:18 +0000 From: Daniel Trickett <daniel.trickett(a)milliporesigma.com> To: "stunnel-users(a)stunnel.org" <stunnel-users(a)stunnel.org> Subject: [stunnel-users] https to https proxy Hi, Our punchout vendor switched their site to only accept tls 1.2 over the weekend. Unfortunately our application will only support SSL. We are using stunnel with other vendors but can control the inbound host name. This recent one is one we can't manage as it is the software provider. I found a solution for doing https to https. I'm unclear how I get the first https traffic to route to stunnel as the initial call will be from the application will be to the external host.. Any thoughts on whether this would work for my situation? Appreciate any thoughts.. [Tunnel_in] client = yes accept = host_ip:443 connect = localhost:54321 [Tunnel_out] client = no accept = localhost:54321 connect = externalhostname:443 Best regards, Dan

1 0

https to https proxy
by Daniel Trickett 19 Aug '19

19 Aug '19

Hi, Our punchout vendor switched their site to only accept tls 1.2 over the weekend. Unfortunately our application will only support SSL. We are using stunnel with other vendors but can control the inbound host name. This recent one is one we can't manage as it is the software provider. I found a solution for doing https to https. I'm unclear how I get the first https traffic to route to stunnel as the initial call will be from the application will be to the external host.. Any thoughts on whether this would work for my situation? Appreciate any thoughts.. [Tunnel_in] client = yes accept = host_ip:443 connect = localhost:54321 [Tunnel_out] client = no accept = localhost:54321 connect = externalhostname:443 Best regards, Dan

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users August 2019