[stunnel-users] No encryption?

Michal Trojnara Michal.Trojnara at mobi-com.net
Tue Sep 27 07:46:22 CEST 2005


On Tuesday 27 of September 2005 03:06, Revelancefound at aol.com wrote:
> It seems that stunnel does not encrypt outward traffic from my
> pc. I was able to get stunnel to work in the first place by having
> different proxies for each protocol.
[cut]
> To my  disappointment, the sniffer picked up my username and
> password in plain text through  HTTP protocol several times.
[cut]
> ; Use it for client mode
> client = yes

What's the reason to use client mode stunnel for http?
Most web browsers support http natively.

> [https]
> accept  = 127.0.0.1:443
> connect = httpsupportingproxy2:6588
> TIMEOUTclose = 0

The port is also confusing.  Since you use client mode your 
httpsupportingproxy2:6588 should be an SSL-enabled server
and 127.0.0.1:443 is a plain http service, isn't it?

> verify = 0

And to have a certificate-based authentication it's a good idea to turn
it on.  SSL is vulnerable to main-in-the-middle attacks, otherwise.

Best regards,
    Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050927/7354cebb/attachment.sig>


More information about the stunnel-users mailing list