I'd like Stunnel to act as a reverse proxy that accepts TLS 1.0 and TLS 1.2 for https://example.com and then forwards the traffic to https://example.net, another web server that only accepts TLS 1.2

browser --TLS 1.0 or 1.2--> Stunnel --TLS 1.2--> Web App

The browser should have no idea that example.net even exists (only example.com certificate will be presented to the browser).

Is this something Stunnel can do?

This is what I got so far:

cert = example.com.pem

;stunnel.pem

[proxy1]

client = yes

accept = 10.100.4.179:443

connect = localhost:54323

CAfile = sca.server1.crt.pem

;verify = 2

[proxy2]

client = no

accept = localhost:54323

connect = example.net:443

;CAfile = SymantecClass3EVSSLCA-G3.pem

example.com.pem contains the public and decrypted private key for example.com

sca.server1.crt.pem contains the intermediate and root certificates of the CA that issues the example.com.pem certificate

It partially works: the browser shows example.com in the address bad and the content of example.net, but the certificate that is returned is from example.net

What am I doing wrong?

Or do you have other recommendations to get something like this working on Windows Server 2008 R2? (IIS + Application Request Routing + URL Rewrite won't work: TLS1.2 is not properly supported)

Thank you

Claudio

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users