well yes, im pretty sure the same encryption is needed in requests and the returned page, otherwise it would probably get a no cypher overlap error.
so i basically need stunnel to encrypt outgoing requests, and decrypt the returned things and only on the browser side of connection.
there's a good reason why they are deprecated, but it would be better to add this functionality this way if possible, rather than change whole programs, especially when its the purpose of stunnel, according to the description
On 12/4/18, Flo Rance trourance@gmail.com wrote:
This is not what I've understood from your first description. You would like to bridge TLSv1 to TLSv1.1 or TLSv1.2 before sending requests to a web proxy.
This is why I don't think stunnel is intended for that.
That said, if SSLV3 and TLSv1 have been deprecated, there's a good reason and you should seriously think to update your tools.
Regards, Flo
On Tue, Dec 4, 2018 at 3:18 PM kovacs janos kovacsjanosfasz@gmail.com wrote:
well, it says this on the first line of the website: "Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code."
i just want to add TLS functionality to client browsers which dont have it. i only need stunnel to decrypt TLS traffic going back to the browser.
On 12/4/18, Flo Rance trourance@gmail.com wrote:
Sorry I didn't read it correctly. I don't think this is something stunnel can handle.
Regards, Flo
On Mon, Dec 3, 2018 at 9:31 PM kovacs janos kovacsjanosfasz@gmail.com wrote:
thank you for the reply, its the address and port where privoxy listens for requests. from the config file: "# 4.1. listen-address # ==================== # # Specifies: # # The IP address and TCP port on which Privoxy will listen for # client requests." and under it:
listen-address 127.0.0.1:8118
On 12/3/18, Flo Rance trourance@gmail.com wrote:
Hi,
It's not clear in your description what is running on 8118 local port.
Regards, Flo
On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <
kovacsjanosfasz@gmail.com>
wrote:
sorry to bother, im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 sites. i heard stunnel cant be configured to always forward to the current site address dynamically, thats why i would use privoxy. the browser is configured to send to: 127.0.0.1 443
stunnel config has this at the end: [Tunnel_in] client = yes accept = 127.0.0.1:443 connect = 127.0.0.1:8118 verifyChain = yes CAfile = ca-certs.pem checkHost = localhost
127.0.0.1:8118 is the privoxy address. this is what stunnel writes: LOG5[main]: Configuration successful LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261 LOG5[0]: s_connect: connected 127.0.0.1:8118 LOG5[0]: Service [Tunnel_in] connected remote server from
127.0.0.1:3262
and the browser infinitely loads, and never loads anything or leaves the page. if i remove the last 3 lines, its the same just with this line added: LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM attacks
but it doesnt give an error or anything.
with a configuration like: [Tunnel_out] client = no accept = 127.0.0.1:443 connect = 127.0.0.1:8118 cert = stunnel.pem
this is what it gives: LOG5[3]: Service [Tunnel_out] accepted connection from
127.0.0.1:3294
LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
and browser gives a server not found error immediately. im not even sure if i should use client or server configuration in a case like this, but none of them works anyway. all i would need is for my browser to get the pages decrypted, or at least in less than TLS1.1. like how on newipnow.com i can access sites with any encryption,
since
they are sent to the browser without encryption. the browser just gives an "unencrypted tunnel" warning, which is how i found stunnel, and which is exactly what i need, just locally. _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users