[stunnel-users] older browsers, stunnel and privoxy
kovacs janos
kovacsjanosfasz at gmail.com
Mon Dec 3 21:31:42 CET 2018
thank you for the reply,
its the address and port where privoxy listens for requests.
from the config file:
"# 4.1. listen-address
# ====================
#
# Specifies:
#
# The IP address and TCP port on which Privoxy will listen for
# client requests."
and under it:
listen-address 127.0.0.1:8118
On 12/3/18, Flo Rance <trourance at gmail.com> wrote:
> Hi,
>
> It's not clear in your description what is running on 8118 local port.
>
> Regards,
> Flo
>
> On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <kovacsjanosfasz at gmail.com>
> wrote:
>
>> sorry to bother,
>> im trying to make older browsers be able to display TLS 1.1 and TLS 1.2
>> sites.
>> i heard stunnel cant be configured to always forward to the current
>> site address dynamically, thats why i would use privoxy.
>> the browser is configured to send to:
>> 127.0.0.1 443
>>
>> stunnel config has this at the end:
>> [Tunnel_in]
>> client = yes
>> accept = 127.0.0.1:443
>> connect = 127.0.0.1:8118
>> verifyChain = yes
>> CAfile = ca-certs.pem
>> checkHost = localhost
>>
>> 127.0.0.1:8118 is the privoxy address.
>> this is what stunnel writes:
>> LOG5[main]: Configuration successful
>> LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261
>> LOG5[0]: s_connect: connected 127.0.0.1:8118
>> LOG5[0]: Service [Tunnel_in] connected remote server from 127.0.0.1:3262
>>
>> and the browser infinitely loads, and never loads anything or leaves the
>> page.
>> if i remove the last 3 lines, its the same just with this line added:
>> LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM
>> attacks
>>
>> but it doesnt give an error or anything.
>>
>> with a configuration like:
>> [Tunnel_out]
>> client = no
>> accept = 127.0.0.1:443
>> connect = 127.0.0.1:8118
>> cert = stunnel.pem
>>
>> this is what it gives:
>> LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294
>> LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL
>> routines:SSL23_GET_CLIENT_HELLO:https proxy request
>> LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to
>> socket
>>
>> and browser gives a server not found error immediately. im not even
>> sure if i should use client or server configuration in a case like
>> this, but none of them works anyway. all i would need is for my
>> browser to get the pages decrypted, or at least in less than TLS1.1.
>> like how on newipnow.com i can access sites with any encryption, since
>> they are sent to the browser without encryption. the browser just
>> gives an "unencrypted tunnel" warning, which is how i found stunnel,
>> and which is exactly what i need, just locally.
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>
More information about the stunnel-users
mailing list