i understand, and thank you for the explanation, but as i said, i use a program called 'Privoxy', and that is where stunnel would connect after accepting browser requests. Privoxy's accept address is what is given for stunnel as the connect address. Privoxy is a proxy capable of forwarding the requests to the address opened in the browser, so all stunnel would have to do is encrypt and decrypt traffic between the browser and Privoxy. but when i try it, every connection is an endless load, stunnel icon is blue, and no logs are made in Privoxy
On 12/13/18, Javier jamilist.stn@gmx.es wrote:
Hi,
You are getting around and around and you don't get it.
Yes, stunnel, after all, is a proxy, as acts as an intermediate (end of proxy definition), but is not a proxy as you understand it.
While all proxy servers act as a funnel (wide side accepts inbound connections and tight for outbound connections for EACH request), this is, accept any connection and reroute them based on the header requests, Stunnel is just a tube (one inbound and one outbound connection), a tunnel, better said to match its own name, this is, that only connects peer to peer with just one connection and ONLY, I repeat, ONLY, if that connection have already set up as a service, because stunnel doesn't read the headers to decide where to connect.
I repeat: the service, telling where (ip:port) should accept connections and where (ip/host:port) should connect to, MUST be set up first in stunnel.conf (or whatever you named it).
Even thought the connect variable for a service can have multiple destinations, it only connects to one of them in a randomly way.
If, let's imagine, the above phrase could be the solution, THAT ISN'T, you would need to set up the whole domain names used in the world as connect options and, even though, as the connections are random, and can't choose one based on headers, as, as said above, it doesn't read them, you won't be able to connect to the desired destination.
That is the reason Stunnel, isn't and can't be used as a regular proxy. In short, stunnel is to give TLS/SSL capabilities to non-secure aware (or old) programs; or to control the TLS/SSL aside the background program.
You'll need to use a real proxy server.
I hope this is crystal clear enough and helps anyone that comes to the list asking this (they are a few), why can't be used to their purposes.
Regards :)
P.S.: as a bonus, kind of off-topic, and even though doesn't explain all, but maybe could help some to understand how connections work with this OOOOLD video, even though it talks briefly about the proxy server: http://warriorsofthe.net/ http://warriorsofthe.net/movie.html (video language selection)
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users