Hi Claudio, What happens if you Try client = no for proxy1 and client = yes for proxy2?
Regards, José > El 23 feb 2016, a las 12:13, Claudio Beretta > <[email protected]> escribió: > > I'd like Stunnel to act as a reverse proxy that accepts TLS 1.0 and TLS 1.2 > for https://example.com and then forwards the traffic to https://example.net, > another web server that only accepts TLS 1.2 > browser --TLS 1.0 or 1.2--> Stunnel --TLS 1.2--> Web App > > The browser should have no idea that example.net even exists (only > example.com certificate will be presented to the browser). > Is this something Stunnel can do? > > > This is what I got so far: > > cert = example.com.pem > ;stunnel.pem > > [proxy1] > client = yes > accept = 10.100.4.179:443 > connect = localhost:54323 > CAfile = sca.server1.crt.pem > ;verify = 2 > > [proxy2] > client = no > accept = localhost:54323 > connect = example.net:443 > ;CAfile = SymantecClass3EVSSLCA-G3.pem > > example.com.pem contains the public and decrypted private key for example.com > sca.server1.crt.pem contains the intermediate and root certificates of the CA > that issues the example.com.pem certificate > > It partially works: the browser shows example.com in the address bad and the > content of example.net, but the certificate that is returned is from > example.net > > What am I doing wrong? > Or do you have other recommendations to get something like this working on > Windows Server 2008 R2? (IIS + Application Request Routing + URL Rewrite > won't work: TLS1.2 is not properly supported) > > Thank you > Claudio > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
