Re: [stunnel-users] older browsers, stunnel and privoxy
Sure it can. Inetd is simply a "server" and stunnel works in inetd mode or server mode. When not using inetd, stunnel does the server work. When using inetd then inetd does the server work. In both cases the actual "instance" of stunnel is the same. And inetd always works (or essentially Unix does not). It is milliseconds slower in inetd (and unless you are doing millions of connections nobody will notice) but way more reliable in my experience. Eric -----Original Message----- From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Peter Pentchev Sent: Friday, January 04, 2019 8:06 AM To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] older browsers, stunnel and privoxy On Thu, Jan 03, 2019 at 02:45:30PM -0700, Eric Eberhard wrote:
Observation: you accept on port 80 ... the log says 4121 ... any chance you have some sort of port forwarding/NAT/firewall/router issue?
Just for the record (I already answered the question in another message), the log says that the client - the program that was talking to stunnel, presumably some kind of web browser - connected *to* stunnel *from* the (ephemeral) port 4121.
Second -- if you are on Unix why not just use inetd? Easy, reliable, simple, always works (if inetd goes down you have no Unix). And you have nothing to manage -- just logs to look at.
The inetd and stunnel tools serve different purposes - inetd cannot, by itself, proxy between a plaintext and a TLS/SSL connection.
Happy New Year
Eric
Same! G'luck, Peter
-----Original Message----- From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of kovacs janos Sent: Saturday, December 29, 2018 7:37 PM To: Javier <jamilist.stn@gmx.es> Cc: stunnel-users@stunnel.org Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
it still doesnt seem to work. i tried it with deviantart.com again. configuration: client = yes accept = 127.0.0.1:80 connect = 52.85.220.247:443 verifyChain = yes CAfile = ca-certs.pem checkHost = *.deviantart.com
the name after checkHost is the "Common Name" displayed when viewing the site's certificate in a browser(lock icon, view certificate). i also saved the certificate in case i would need to try the "certificate pinning" method. the connect IP is what 'get-site-ip.com' says the IP of the website is.
these are the logs: Service [fbsd-www] accepted connection from 127.0.0.1:4121 s_connect: connected 52.85.220.247:443 Service [fbsd-www] connected remote server from 192.168.0.3:4122 SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
i know i pestered everyone long enough, but i still havent been able to connect to anything. without any verification its the same
On 12/21/18, Javier <jamilist.stn@gmx.es> wrote:
On Fri, 21 Dec 2018 13:58:35 +0200 Peter Pentchev <roam@ringlet.net> wrote:
Hm, there's no reason why stunnel would not work like that for a predetermined set of hosts with known addresses.
Hi,
I'm just trying to avoid encouraging him on keep with his first idea of browsing through Stunnel, with, or without privoxy.
Of course one site, one connection would work, if we forget about secondary issues and..., nevermind...
I give up :D
Regards.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- -- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
participants (1)
-
Eric Eberhard