This is not what I've understood from your first description. You would like to bridge TLSv1 to TLSv1.1 or TLSv1.2 before sending requests to a web proxy.

This is why I don't think stunnel is intended for that.

That said, if SSLV3 and TLSv1 have been deprecated, there's a good reason and you should seriously think to update your tools.

Regards,
Flo

On Tue, Dec 4, 2018 at 3:18 PM kovacs janos <kovacsjanosfasz@gmail.com> wrote:
well, it says this on the first line of the website:
"Stunnel is a proxy designed to add TLS encryption functionality to
existing clients and servers without any changes in the programs'
code."

i just want to add TLS functionality to client browsers which dont
have it. i only need stunnel to decrypt TLS traffic going back to the
browser.

On 12/4/18, Flo Rance <trourance@gmail.com> wrote:
> Sorry I didn't read it correctly. I don't think this is something stunnel
> can handle.
>
> Regards,
> Flo
>
> On Mon, Dec 3, 2018 at 9:31 PM kovacs janos <kovacsjanosfasz@gmail.com>
> wrote:
>
>> thank you for  the reply,
>> its the address and port where privoxy listens for requests.
>> from the config file:
>> "#  4.1. listen-address
>> #  ====================
>> #
>> #  Specifies:
>> #
>> #      The IP address and TCP port on which Privoxy will listen for
>> #      client requests."
>> and under it:
>>
>> listen-address  127.0.0.1:8118
>>
>> On 12/3/18, Flo Rance <trourance@gmail.com> wrote:
>> > Hi,
>> >
>> > It's not clear in your description what is running on 8118 local port.
>> >
>> > Regards,
>> > Flo
>> >
>> > On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <kovacsjanosfasz@gmail.com>
>> > wrote:
>> >
>> >> sorry to bother,
>> >> im trying to make older browsers be able to display TLS 1.1 and TLS
>> >> 1.2
>> >> sites.
>> >> i heard stunnel cant be configured to always forward to the current
>> >> site address dynamically, thats why i would use privoxy.
>> >> the browser is configured to send to:
>> >> 127.0.0.1  443
>> >>
>> >> stunnel config has this at the end:
>> >> [Tunnel_in]
>> >> client = yes
>> >> accept = 127.0.0.1:443
>> >> connect = 127.0.0.1:8118
>> >> verifyChain = yes
>> >> CAfile = ca-certs.pem
>> >> checkHost = localhost
>> >>
>> >> 127.0.0.1:8118 is the privoxy address.
>> >> this is what stunnel writes:
>> >> LOG5[main]: Configuration successful
>> >> LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261
>> >> LOG5[0]: s_connect: connected 127.0.0.1:8118
>> >> LOG5[0]: Service [Tunnel_in] connected remote server from
>> 127.0.0.1:3262
>> >>
>> >> and the browser infinitely loads, and never loads anything or leaves
>> >> the
>> >> page.
>> >> if i remove the last 3 lines, its the same just with this line added:
>> >> LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM
>> >> attacks
>> >>
>> >> but it doesnt give an error or anything.
>> >>
>> >> with a configuration like:
>> >> [Tunnel_out]
>> >> client = no
>> >> accept = 127.0.0.1:443
>> >> connect = 127.0.0.1:8118
>> >> cert = stunnel.pem
>> >>
>> >> this is what it gives:
>> >> LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294
>> >> LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL
>> >> routines:SSL23_GET_CLIENT_HELLO:https proxy request
>> >> LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to
>> >> socket
>> >>
>> >> and browser gives a server not found error immediately. im not even
>> >> sure if i should use client or server configuration in a case like
>> >> this, but none of them works anyway. all i would need is for my
>> >> browser to get the pages decrypted, or at least in less than TLS1.1.
>> >> like how on newipnow.com i can access sites with any encryption, since
>> >> they are sent to the browser without encryption. the browser just
>> >> gives an "unencrypted tunnel" warning, which is how i found stunnel,
>> >> and which is exactly what i need, just locally.
>> >> _______________________________________________
>> >> stunnel-users mailing list
>> >> stunnel-users@stunnel.org
>> >> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>> >>
>> >
>>
>