On Sat, 15 Dec 2018 21:54:33 +0100 kovacs janos kovacsjanosfasz@gmail.com wrote:
"Because the proxy is to be told where to connect and receives a direct secure handshake."
is that necessary even if stunnel is told to not verify the connections? ''If no verify argument is given, then stunnel will ignore any certificates offered and will allow all connections.'' and i gave no verify anywhere.
Hi,
The verification has nothing to do with the connection, but with the verification by Stunnel of the received certificate, if it is set as client, from the server, or if it is running as a server, from the clients (cert or PSK).
What I said above is that the proxy expects to be told where to connect, and instead receives a secure handshake, what doesn't understands.
And as you found then..., with this quoted text below. Can't find the headers requesting it to connect wherever is needed.
"Privoxy is useless with encrypted data" i tried it again but with all 'debug' levels set in privoxy, and its true that after a while, these errors are written: "Invalid request" 400 0 Error: Invalid header received from 127.0.0.1. Writing: HTTP/1.0 400 Invalid header received from client
is this because of TLS encryption? does this mean privoxy cant even simply forward TLS requests?
Is not that it can't handle/fordward, is that it doesn't expect encrypted garbage. It expects and HTTP header telling where to connect.
Can forward, but when it knows where to connect. As stunnel is not designed for this (is not an HTTP web browser), it doesn't send what the proxy needs.
And, again, setup Stunnel to handle this kind of task (browsing through it, or redirect to a proxy) is unrealizable in any way. It hasn't made for this.
if so, can anyone tell me a proxy that can, and preferably doesnt do anything else? and works on windows?
Can't help with that, sorry.
Regards.