From: Josealf.rm josealf@rocketmail.com Sent: Tuesday, November 7, 2017 10:41 AM To: Peter Pentchev Cc: Osvald Brko; stunnel-users@stunnel.org Subject: Re: [stunnel-users] Web browsing over stunnel
Osvald,
Peter made a very clear explanation. Note that your connect statement should be something like:
connect=104.239.213.7:443
And you should test using something like:
O.K., I understand it. www.stunnel.org still refuse connection (see below), but I was able to open www.wikipedia.org:
http://www.wikipedia.org:8888/
[https_test] client = yes accept = 127.0.0.1:8888 connect = 91.198.174.192:443
#127.0.0.1 localhost #127.0.0.1 www.stunnel.org 127.0.0.1 www.wikipedia.org
But of course I am not able to use any web link, and I can see only default main page without any path. So stunnel is completely unusable for web browsing, I am right?
O.B.
===== http://www.stunnel.org:8888/
[https_test] client = yes accept = 127.0.0.1:8888 connect = 207.192.69.165:443
#127.0.0.1 localhost 127.0.0.1 www.stunnel.org #127.0.0.1 www.wikipedia.org
2017.11.07 15:51:37 LOG7[main]: Service [https_test] (FD=260) bound to 127.0.0.1:8888 2017.11.07 15:51:37 LOG7[cron]: Cron thread initialized 2017.11.07 15:51:53 LOG7[main]: Found 1 ready file descriptor(s) 2017.11.07 15:51:53 LOG7[main]: FD=232 ifds=r-x ofds=--- 2017.11.07 15:51:53 LOG7[main]: FD=248 ifds=r-x ofds=--- 2017.11.07 15:51:53 LOG7[main]: Service [https_test] accepted (FD=300) from 127.0.0.1:3197 2017.11.07 15:51:53 LOG7[main]: Creating a new thread 2017.11.07 15:51:53 LOG7[main]: New thread created 2017.11.07 15:51:53 LOG7[0]: Service [https_test] started 2017.11.07 15:51:53 LOG7[0]: Option TCP_NODELAY set on local socket 2017.11.07 15:51:53 LOG5[0]: Service [https_test] accepted connection from 127.0.0.1:3197 2017.11.07 15:51:53 LOG6[0]: s_connect: connecting 207.192.69.165:443 2017.11.07 15:51:53 LOG7[0]: s_connect: s_poll_wait 207.192.69.165:443: waiting 10 seconds 2017.11.07 15:51:53 LOG5[0]: s_connect: connected 207.192.69.165:443 2017.11.07 15:51:53 LOG5[0]: Service [https_test] connected remote server from XX.XXX.XXX.XXX:3198 2017.11.07 15:51:53 LOG7[0]: Option TCP_NODELAY set on remote socket 2017.11.07 15:51:53 LOG7[0]: Remote descriptor (FD=320) initialized 2017.11.07 15:51:53 LOG6[0]: SNI: sending servername: 207.192.69.165 2017.11.07 15:51:53 LOG6[0]: Peer certificate not required 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): before/connect initialization 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv2/v3 write client hello A 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server hello A 2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled 2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled 2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled 2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled 2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server certificate A 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server key exchange A 2017.11.07 15:51:53 LOG6[0]: Client certificate not requested 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server done A 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 write client key exchange A 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 write change cipher spec A 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 write finished A 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 flush data 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server session ticket A 2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read finished A 2017.11.07 15:51:53 LOG7[0]: 1 client connect(s) requested 2017.11.07 15:51:53 LOG7[0]: 1 client connect(s) succeeded 2017.11.07 15:51:53 LOG7[0]: 0 client renegotiation(s) requested 2017.11.07 15:51:53 LOG7[0]: 0 session reuse(s) 2017.11.07 15:51:53 LOG6[0]: TLS connected: new session negotiated 2017.11.07 15:51:53 LOG7[0]: Peer certificate was cached (7519 bytes) 2017.11.07 15:51:53 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption) 2017.11.07 15:51:53 LOG7[0]: Compression: null, expansion: null 2017.11.07 15:51:58 LOG7[0]: TLS alert (read): warning: close notify 2017.11.07 15:51:58 LOG6[0]: TLS closed (SSL_read) 2017.11.07 15:51:58 LOG7[0]: Sent socket write shutdown 2017.11.07 15:51:59 LOG3[0]: readsocket: Connection reset by peer (WSAECONNRESET) (10054) 2017.11.07 15:51:59 LOG5[0]: Connection reset: 483 byte(s) sent to TLS, 429 byte(s) sent to socket 2017.11.07 15:51:59 LOG7[0]: Remote descriptor (FD=320) closed 2017.11.07 15:51:59 LOG7[0]: Local descriptor (FD=300) closed 2017.11.07 15:51:59 LOG7[0]: Service [https_test] finished (0 left)