On Fri, 17 Sep 2021 11:32:01 +0900 Haruka Takagi takagiharuka0000@gmail.com wrote:
Thank you for your reply.
I meant 503 service unavailable response to stunnel client's CONNECT request, not to original sender's GET or POST request. I hope that stunnel clients retry CONNECT after 503.
I tried "retry = yes" configuration, but stunnel clients did not work as I had expected.
Can I adopt another approach?
Hi,
Stunnel won't recive an HTTP 503 because isn't aware of it and so won't retry a connection because the connection is up and alive.
Stunnel makes a TLS handsake with the server.
The server routes the connection to the service behind, in your case a web server.
The server replies is unavailable.
Stunnel keeps connection with the server.
The reply is sent back to the program that used Stunnel in client mode to establish a TLS connection to the server.
The program must decide to reconnect.
Stunnel connection is still alive expecting more traffic to send back and forth.
In other words, you can't instruct Stunnel to deal with an HTTP error response. That is up to the program that is using Stunnel.
Even if the connection is being reset by the server, instruct Stunnel to retry will give the same result, the HTTP server behind will tell is unavailable.
The only approach is to setup the program using Stunnel in client mode to deal with HTTP 503 accordingly.
Unless you are using the "proto = connect" option and that is another story... I don't know how it deals with HTTP error codes, but, nowadays, I think upgrade HTTP to HTTPS is not very common...
Regards.