[stunnel-users] older browsers, stunnel and privoxy

kovacs janos kovacsjanosfasz at gmail.com
Mon Dec 3 14:39:58 CET 2018


sorry to bother,
im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 sites.
i heard stunnel cant be configured to always forward to the current
site address dynamically, thats why i would use privoxy.
the browser is configured to send to:
127.0.0.1  443

stunnel config has this at the end:
[Tunnel_in]
client = yes
accept = 127.0.0.1:443
connect = 127.0.0.1:8118
verifyChain = yes
CAfile = ca-certs.pem
checkHost = localhost

127.0.0.1:8118 is the privoxy address.
this is what stunnel writes:
LOG5[main]: Configuration successful
LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261
LOG5[0]: s_connect: connected 127.0.0.1:8118
LOG5[0]: Service [Tunnel_in] connected remote server from 127.0.0.1:3262

and the browser infinitely loads, and never loads anything or leaves the page.
if i remove the last 3 lines, its the same just with this line added:
LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM attacks

but it doesnt give an error or anything.

with a configuration like:
[Tunnel_out]
client = no
accept = 127.0.0.1:443
connect = 127.0.0.1:8118
cert = stunnel.pem

this is what it gives:
LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294
LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL
routines:SSL23_GET_CLIENT_HELLO:https proxy request
LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

and browser gives a server not found error immediately. im not even
sure if i should use client or server configuration in a case like
this, but none of them works anyway. all i would need is for my
browser to get the pages decrypted, or at least in less than TLS1.1.
like how on newipnow.com i can access sites with any encryption, since
they are sent to the browser without encryption. the browser just
gives an "unencrypted tunnel" warning, which is how i found stunnel,
and which is exactly what i need, just locally.



More information about the stunnel-users mailing list