[stunnel-users] No encryption?
Michal Trojnara
Michal.Trojnara at mobi-com.net
Tue Sep 27 07:46:22 CEST 2005
On Tuesday 27 of September 2005 03:06, Revelancefound at aol.com wrote:
> It seems that stunnel does not encrypt outward traffic from my
> pc. I was able to get stunnel to work in the first place by having
> different proxies for each protocol.
[cut]
> To my disappointment, the sniffer picked up my username and
> password in plain text through HTTP protocol several times.
[cut]
> ; Use it for client mode
> client = yes
What's the reason to use client mode stunnel for http?
Most web browsers support http natively.
> [https]
> accept = 127.0.0.1:443
> connect = httpsupportingproxy2:6588
> TIMEOUTclose = 0
The port is also confusing. Since you use client mode your
httpsupportingproxy2:6588 should be an SSL-enabled server
and 127.0.0.1:443 is a plain http service, isn't it?
> verify = 0
And to have a certificate-based authentication it's a good idea to turn
it on. SSL is vulnerable to main-in-the-middle attacks, otherwise.
Best regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050927/7354cebb/attachment.sig>
More information about the stunnel-users
mailing list