This is not what I've understood from your first description. You would like to bridge TLSv1 to TLSv1.1 or TLSv1.2 before sending requests to a web proxy.
This is why I don't think stunnel is intended for that.
That said, if SSLV3 and TLSv1 have been deprecated, there's a good reason and you should seriously think to update your tools.
Regards, Flo
On Tue, Dec 4, 2018 at 3:18 PM kovacs janos kovacsjanosfasz@gmail.com wrote:
well, it says this on the first line of the website: "Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code."
i just want to add TLS functionality to client browsers which dont have it. i only need stunnel to decrypt TLS traffic going back to the browser.
On 12/4/18, Flo Rance trourance@gmail.com wrote:
Sorry I didn't read it correctly. I don't think this is something stunnel can handle.
Regards, Flo
On Mon, Dec 3, 2018 at 9:31 PM kovacs janos kovacsjanosfasz@gmail.com wrote:
thank you for the reply, its the address and port where privoxy listens for requests. from the config file: "# 4.1. listen-address # ==================== # # Specifies: # # The IP address and TCP port on which Privoxy will listen for # client requests." and under it:
listen-address 127.0.0.1:8118
On 12/3/18, Flo Rance trourance@gmail.com wrote:
Hi,
It's not clear in your description what is running on 8118 local port.
Regards, Flo
On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <
kovacsjanosfasz@gmail.com>
wrote:
sorry to bother, im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 sites. i heard stunnel cant be configured to always forward to the current site address dynamically, thats why i would use privoxy. the browser is configured to send to: 127.0.0.1 443
stunnel config has this at the end: [Tunnel_in] client = yes accept = 127.0.0.1:443 connect = 127.0.0.1:8118 verifyChain = yes CAfile = ca-certs.pem checkHost = localhost
127.0.0.1:8118 is the privoxy address. this is what stunnel writes: LOG5[main]: Configuration successful LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261 LOG5[0]: s_connect: connected 127.0.0.1:8118 LOG5[0]: Service [Tunnel_in] connected remote server from
127.0.0.1:3262
and the browser infinitely loads, and never loads anything or leaves the page. if i remove the last 3 lines, its the same just with this line added: LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM attacks
but it doesnt give an error or anything.
with a configuration like: [Tunnel_out] client = no accept = 127.0.0.1:443 connect = 127.0.0.1:8118 cert = stunnel.pem
this is what it gives: LOG5[3]: Service [Tunnel_out] accepted connection from
127.0.0.1:3294
LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
and browser gives a server not found error immediately. im not even sure if i should use client or server configuration in a case like this, but none of them works anyway. all i would need is for my browser to get the pages decrypted, or at least in less than TLS1.1. like how on newipnow.com i can access sites with any encryption,
since
they are sent to the browser without encryption. the browser just gives an "unencrypted tunnel" warning, which is how i found stunnel, and which is exactly what i need, just locally. _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users