"Because the proxy is to be told where to connect and receives a direct secure handshake."
is that necessary even if stunnel is told to not verify the connections? ''If no verify argument is given, then stunnel will ignore any certificates offered and will allow all connections.'' and i gave no verify anywhere.
"Privoxy is useless with encrypted data" i tried it again but with all 'debug' levels set in privoxy, and its true that after a while, these errors are written: "Invalid request" 400 0 Error: Invalid header received from 127.0.0.1. Writing: HTTP/1.0 400 Invalid header received from client
is this because of TLS encryption? does this mean privoxy cant even simply forward TLS requests? if so, can anyone tell me a proxy that can, and preferably doesnt do anything else? and works on windows?
On 12/13/18, Javier jamilist.stn@gmx.es wrote:
On Thu, 13 Dec 2018 21:03:27 +0100 kovacs janos kovacsjanosfasz@gmail.com wrote:
i understand, and thank you for the explanation, but as i said, i use a program called 'Privoxy', and that is where stunnel would connect after accepting browser requests. Privoxy's accept address is what is given for stunnel as the connect address. Privoxy is a proxy capable of forwarding the requests to the address opened in the browser, so all stunnel would have to do is encrypt and decrypt traffic between the browser and Privoxy. but when i try it, every connection is an endless load, stunnel icon is blue, and no logs are made in Privoxy
Hi,
Because the proxy is to be told where to connect and receives a direct secure handshake.
Even if privoxy could use the SNI to redirect the traffic, you will need to specify a service, in stunnel.conf, for every host you want to connect to, each one with a SNI. You face the same problem.
And, aside this, why Stunnel in the middle? To secure LAN traffic in case is running in a second PC? Privoxy is useless with encrypted data, just transmits from origin to destination: https://www.privoxy.org/faq/misc.html#SSL
Regards. _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users