Observation: you accept on port 80 ... the log says 4121 ... any chance you have some sort of port forwarding/NAT/firewall/router issue?
Second -- if you are on Unix why not just use inetd? Easy, reliable, simple, always works (if inetd goes down you have no Unix). And you have nothing to manage -- just logs to look at.
Happy New Year
Eric
-----Original Message----- From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of kovacs janos Sent: Saturday, December 29, 2018 7:37 PM To: Javier jamilist.stn@gmx.es Cc: stunnel-users@stunnel.org Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
it still doesnt seem to work. i tried it with deviantart.com again. configuration: client = yes accept = 127.0.0.1:80 connect = 52.85.220.247:443 verifyChain = yes CAfile = ca-certs.pem checkHost = *.deviantart.com
the name after checkHost is the "Common Name" displayed when viewing the site's certificate in a browser(lock icon, view certificate). i also saved the certificate in case i would need to try the "certificate pinning" method. the connect IP is what 'get-site-ip.com' says the IP of the website is.
these are the logs: Service [fbsd-www] accepted connection from 127.0.0.1:4121 s_connect: connected 52.85.220.247:443 Service [fbsd-www] connected remote server from 192.168.0.3:4122 SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
i know i pestered everyone long enough, but i still havent been able to connect to anything. without any verification its the same
On 12/21/18, Javier jamilist.stn@gmx.es wrote:
On Fri, 21 Dec 2018 13:58:35 +0200 Peter Pentchev roam@ringlet.net wrote:
Hm, there's no reason why stunnel would not work like that for a predetermined set of hosts with known addresses.
Hi,
I'm just trying to avoid encouraging him on keep with his first idea of browsing through Stunnel, with, or without privoxy.
Of course one site, one connection would work, if we forget about secondary issues and..., nevermind...
I give up :D
Regards.
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
On Thu, Jan 03, 2019 at 02:45:30PM -0700, Eric Eberhard wrote:
Observation: you accept on port 80 ... the log says 4121 ... any chance you have some sort of port forwarding/NAT/firewall/router issue?
Just for the record (I already answered the question in another message), the log says that the client - the program that was talking to stunnel, presumably some kind of web browser - connected *to* stunnel *from* the (ephemeral) port 4121.
Second -- if you are on Unix why not just use inetd? Easy, reliable, simple, always works (if inetd goes down you have no Unix). And you have nothing to manage -- just logs to look at.
The inetd and stunnel tools serve different purposes - inetd cannot, by itself, proxy between a plaintext and a TLS/SSL connection.
Happy New Year
Eric
Same!
G'luck, Peter
-----Original Message----- From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of kovacs janos Sent: Saturday, December 29, 2018 7:37 PM To: Javier jamilist.stn@gmx.es Cc: stunnel-users@stunnel.org Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
it still doesnt seem to work. i tried it with deviantart.com again. configuration: client = yes accept = 127.0.0.1:80 connect = 52.85.220.247:443 verifyChain = yes CAfile = ca-certs.pem checkHost = *.deviantart.com
the name after checkHost is the "Common Name" displayed when viewing the site's certificate in a browser(lock icon, view certificate). i also saved the certificate in case i would need to try the "certificate pinning" method. the connect IP is what 'get-site-ip.com' says the IP of the website is.
these are the logs: Service [fbsd-www] accepted connection from 127.0.0.1:4121 s_connect: connected 52.85.220.247:443 Service [fbsd-www] connected remote server from 192.168.0.3:4122 SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
i know i pestered everyone long enough, but i still havent been able to connect to anything. without any verification its the same
On 12/21/18, Javier jamilist.stn@gmx.es wrote:
On Fri, 21 Dec 2018 13:58:35 +0200 Peter Pentchev roam@ringlet.net wrote:
Hm, there's no reason why stunnel would not work like that for a predetermined set of hosts with known addresses.
Hi,
I'm just trying to avoid encouraging him on keep with his first idea of browsing through Stunnel, with, or without privoxy.
Of course one site, one connection would work, if we forget about secondary issues and..., nevermind...
I give up :D
Regards.
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Eric Eberhard -
Peter Pentchev