On 25/09/13 00:43, Gary Chodos wrote:
We are trying to decide between SNIProxy and stunnel for the following task:
- Client browser hits https://foo.bar.org, which resolves to an IP
that corresponds to the stunnel machine listening on 443.
- stunnel "forwards" (sorry if this is not the correct technical term)
the connection to a different machine, specified by a different IP address, which is also configured to believe it is foo.bar.org http://foo.bar.org and actually has a web server listening on 443 and houses the SSL key/cert.
What an odd setup. You want to make an HTTPS connection to an IP address, but want that to make an HTTPS connection to another IP address, but don't want it to house the SSL cert.
That isn't possible - an "SSL terminator" requires the cert - otherwise it isn't terminating the SSL connection. Why don't you just use a standard TCP forwarder instead - won't that do what you want? Don't forget: SSL occurs *within* a TCP session - so a standard TCP forwarder can "reroute" the SSL transaction without needing to know what it is forwarding (ie no need for certs)
You could use xinetd or netcat - tonnes of options