[stunnel-users] older browsers, stunnel and privoxy
Flo Rance
trourance at gmail.com
Mon Dec 3 14:55:09 CET 2018
Hi,
It's not clear in your description what is running on 8118 local port.
Regards,
Flo
On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <kovacsjanosfasz at gmail.com>
wrote:
> sorry to bother,
> im trying to make older browsers be able to display TLS 1.1 and TLS 1.2
> sites.
> i heard stunnel cant be configured to always forward to the current
> site address dynamically, thats why i would use privoxy.
> the browser is configured to send to:
> 127.0.0.1 443
>
> stunnel config has this at the end:
> [Tunnel_in]
> client = yes
> accept = 127.0.0.1:443
> connect = 127.0.0.1:8118
> verifyChain = yes
> CAfile = ca-certs.pem
> checkHost = localhost
>
> 127.0.0.1:8118 is the privoxy address.
> this is what stunnel writes:
> LOG5[main]: Configuration successful
> LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261
> LOG5[0]: s_connect: connected 127.0.0.1:8118
> LOG5[0]: Service [Tunnel_in] connected remote server from 127.0.0.1:3262
>
> and the browser infinitely loads, and never loads anything or leaves the
> page.
> if i remove the last 3 lines, its the same just with this line added:
> LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM
> attacks
>
> but it doesnt give an error or anything.
>
> with a configuration like:
> [Tunnel_out]
> client = no
> accept = 127.0.0.1:443
> connect = 127.0.0.1:8118
> cert = stunnel.pem
>
> this is what it gives:
> LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294
> LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request
> LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
>
> and browser gives a server not found error immediately. im not even
> sure if i should use client or server configuration in a case like
> this, but none of them works anyway. all i would need is for my
> browser to get the pages decrypted, or at least in less than TLS1.1.
> like how on newipnow.com i can access sites with any encryption, since
> they are sent to the browser without encryption. the browser just
> gives an "unencrypted tunnel" warning, which is how i found stunnel,
> and which is exactly what i need, just locally.
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20181203/b2ce74c8/attachment.html>
More information about the stunnel-users
mailing list