[stunnel-users] Connect using TLS with public Web Server

Carlos Castro carlos.castro.guerrero at gmail.com
Mon Mar 5 12:32:41 CET 2018 

Hello ,

Thanks @Peter

I'm trying to configure to connect with my PC to this Public server 
https://ctm.omgeo.net using TLS1.2 but i don't can.

I'm need setup stunnel for old application doesn't support TLS , and 
this application need connect with this public server to send data.


I'm using the Peter config , but nothing . I try this config :

[omgeo]
client = yes
accept = 127.0.0.1:19201
connect = ctm.omgeo.net:443
verify = 2
CApath = /etc/ssl/certs/


I'm using Curl to try connect  , I'm recive this error

/etc/ssl/certs# curl -v https://127.0.0.1:19201
* Rebuilt URL to: https://127.0.0.1:19201/
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: The TLS connection was non-properly terminated.
* Closing connection 0
curl: (35) gnutls_handshake() failed: The TLS connection was 
non-properly terminated.


whitout STUNNEL , i recived this OUTPUT :
  curl -v https://ctm.omgeo.net
* Rebuilt URL to: https://ctm.omgeo.net/
*   Trying 88.221.6.124...
* Connected to ctm.omgeo.net (88.221.6.124) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*      server certificate verification OK
*      server certificate status verification SKIPPED
*      common name: *.omgeo.net (matched)
*      server certificate expiration date OK
*      server certificate activation date OK
*      certificate public key: RSA
*      certificate version: #3
*      subject: C=US,ST=Massachusetts,L=Boston,O=Omgeo LLC,CN=*.omgeo.net
*      start date: Fri, 21 Jul 2017 00:00:00 GMT
*      expire date: Sat, 20 Oct 2018 23:59:59 GMT
*      issuer: C=US,O=Symantec Corporation,OU=Symantec Trust 
Network,CN=Symantec Class 3 Secure Server CA - G4
*      compression: NULL
* ALPN, server accepted to use http/1.1
 > GET / HTTP/1.1
 > Host: ctm.omgeo.net
 > User-Agent: curl/7.47.0
 > Accept: */*
 >
< HTTP/1.1 302 Moved Temporarily
< Location: /cleartrust/ct_logon.jsp
< Content-Length: 0
< Date: Mon, 05 Mar 2018 11:31:09 GMT
< Connection: keep-alive
< Set-Cookie: 
Actrust-session-v001d=aHR0cHM6Ly9jdG0ub21nZW8ubmV0OjQ0My9pbmRleC5odG1s; 
secure; domain=.omgeo.net; path=/
<
* Connection #0 to host ctm.omgeo.net left intact

Many Thanks

Regards


On 02/02/18 14:10, peter at easthope.ca wrote:
> From:	Carlos Castro <carlos.castro.guerrero at gmail.com>
> Date:	Fri, 2 Feb 2018 12:04:08 +0100
>> I have older application and now I need connect with external server HTTPS
>> using TLS . My application doesn't support with TLS and I think use Stunnel
>> to connect with this Server HTTPS.
> Same requirement here.  Have you tried this configuration?
>
> ; yourhost:/etc/stunnel4/stunnel.conf
>    ...
> [https]
> client = yes
> accept = 443
> transparent = destination
>
> Regards,         ... Peter E.
>

More information about the stunnel-users mailing list