It cannot be made to work. TLS termination proxy is type of reverse proxy, proxy behind browser is a forward proxy. Reverse proxy connects to 1 (or small set of) server, defined in proxy configuration, client cannot select destination server. Forward proxy connects to many servers, defined in client connection request. Stunnel does not read contents of request and can connect only to defined server(s).
----- Original Message ----- From: "kovacs janos" kovacsjanosfasz@gmail.com To: "Yyy" yyy@yyy.id.lv Cc: stunnel-users@stunnel.org Sent: Wednesday, December 12, 2018 5:56 PM Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
anyways, here is an article about what i need: https://en.wikipedia.org/wiki/TLS_termination_proxy
except it shouldnt pass the unencrypted data to a server but a browser. on the same page, stunnel is listed under "Servers capable of acting as a TLS/SSL termination proxy". i would be grateful if i could finally make this work
On 12/9/18, kovacs janos kovacsjanosfasz@gmail.com wrote:
how can i disable verification though? at first i just want to see it work at all. in the howto page, it says this: " Stunnel has 3 methods for checking certificates, which are controlled by the verify option:
* Do not Verify Certificates If no verify argument is given, then stunnel will ignore any
certificates offered and will allow all connections. "
there is no "verify" in the stunnel.conf file, and only the gmail service examples have verifyChain