[stunnel-users] Connect to web app with weak crypto

Pete McEvoy pete at yerma.org
Fri Apr 29 11:42:01 CEST 2016


Hi.
I have a java web app that uses weak crypto. I would like to be able to
access it with a modern browser. Currently the only method that seems to
work is links on freebsd 9.3, all other browsers give errors such as:

Error performing TLS handshake: The Diffie-Hellman prime sent by the server
is not acceptable (not long enough).

Obviously it would be better if this was fixed but it is not something I
have control of.

Would it be possible for me to use stunnel to encapsulate the weak
connection within a stronger one so the browser does not complain?

I have tried this:

; TLS front-end to a web server
[https]
client = yes
accept  = 443
connect = 192.168.1.5:443
cert = /usr/local/etc/stunnel/stunnel.pem

Which asks me to make an exception for the self signed cert but then
proceeds to fail in same way as before.

Cheers

--
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160429/0877ac4b/attachment.html>


More information about the stunnel-users mailing list