Dear list,

I have stunnel running in a configuration where we use it to connect to a webserver over https while adding client certificates to the requests.

This worked fine until recently on the (Apache) webserver SSLv3 was disabled. I installed the latest version of stunnel today (stunnel-5.07b2 https://www.stunnel.org/downloads/beta/stunnel-5.07b2.tar.gz) but that did not fix the problem. Now STunnel tries to negotiate a https connection using the TLSv1.2 and I found that because of this Apache does not like the content of the Host variable in the HTTP header which is different from what Apache is expectingto be. With SSLv3 this was not an issue. As a result I get a "HTTP/1.1 400 Bad Request" from the webserver.

In my configuration I cannot (easily) apply some form of split DNS to get the hostname correct in the http header already from the client connecting to the stunnel service.

I tested using curl sending a request through stunnel to the web server and verified that when I modified the Host field in the request header it does work.

To my opinion it is stunnel setting up the HTTPS connection to the webserver and stunnel should take care of setting the correct Host field in the request header. Is there a way to let stunnel take care of setting the correct info in the HTTP header?

Best regards,

Dion Kant