Hi, It's not clear in your description what is running on 8118 local port.
Regards, Flo On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <[email protected]> wrote: > sorry to bother, > im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 > sites. > i heard stunnel cant be configured to always forward to the current > site address dynamically, thats why i would use privoxy. > the browser is configured to send to: > 127.0.0.1 443 > > stunnel config has this at the end: > [Tunnel_in] > client = yes > accept = 127.0.0.1:443 > connect = 127.0.0.1:8118 > verifyChain = yes > CAfile = ca-certs.pem > checkHost = localhost > > 127.0.0.1:8118 is the privoxy address. > this is what stunnel writes: > LOG5[main]: Configuration successful > LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261 > LOG5[0]: s_connect: connected 127.0.0.1:8118 > LOG5[0]: Service [Tunnel_in] connected remote server from 127.0.0.1:3262 > > and the browser infinitely loads, and never loads anything or leaves the > page. > if i remove the last 3 lines, its the same just with this line added: > LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM > attacks > > but it doesnt give an error or anything. > > with a configuration like: > [Tunnel_out] > client = no > accept = 127.0.0.1:443 > connect = 127.0.0.1:8118 > cert = stunnel.pem > > this is what it gives: > LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294 > LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL > routines:SSL23_GET_CLIENT_HELLO:https proxy request > LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket > > and browser gives a server not found error immediately. im not even > sure if i should use client or server configuration in a case like > this, but none of them works anyway. all i would need is for my > browser to get the pages decrypted, or at least in less than TLS1.1. > like how on newipnow.com i can access sites with any encryption, since > they are sent to the browser without encryption. the browser just > gives an "unencrypted tunnel" warning, which is how i found stunnel, > and which is exactly what i need, just locally. > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
