well, it says this on the first line of the website: "Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code."
i just want to add TLS functionality to client browsers which dont have it. i only need stunnel to decrypt TLS traffic going back to the browser. On 12/4/18, Flo Rance <[email protected]> wrote: > Sorry I didn't read it correctly. I don't think this is something stunnel > can handle. > > Regards, > Flo > > On Mon, Dec 3, 2018 at 9:31 PM kovacs janos <[email protected]> > wrote: > >> thank you for the reply, >> its the address and port where privoxy listens for requests. >> from the config file: >> "# 4.1. listen-address >> # ==================== >> # >> # Specifies: >> # >> # The IP address and TCP port on which Privoxy will listen for >> # client requests." >> and under it: >> >> listen-address 127.0.0.1:8118 >> >> On 12/3/18, Flo Rance <[email protected]> wrote: >> > Hi, >> > >> > It's not clear in your description what is running on 8118 local port. >> > >> > Regards, >> > Flo >> > >> > On Mon, Dec 3, 2018 at 2:40 PM kovacs janos <[email protected]> >> > wrote: >> > >> >> sorry to bother, >> >> im trying to make older browsers be able to display TLS 1.1 and TLS >> >> 1.2 >> >> sites. >> >> i heard stunnel cant be configured to always forward to the current >> >> site address dynamically, thats why i would use privoxy. >> >> the browser is configured to send to: >> >> 127.0.0.1 443 >> >> >> >> stunnel config has this at the end: >> >> [Tunnel_in] >> >> client = yes >> >> accept = 127.0.0.1:443 >> >> connect = 127.0.0.1:8118 >> >> verifyChain = yes >> >> CAfile = ca-certs.pem >> >> checkHost = localhost >> >> >> >> 127.0.0.1:8118 is the privoxy address. >> >> this is what stunnel writes: >> >> LOG5[main]: Configuration successful >> >> LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261 >> >> LOG5[0]: s_connect: connected 127.0.0.1:8118 >> >> LOG5[0]: Service [Tunnel_in] connected remote server from >> 127.0.0.1:3262 >> >> >> >> and the browser infinitely loads, and never loads anything or leaves >> >> the >> >> page. >> >> if i remove the last 3 lines, its the same just with this line added: >> >> LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM >> >> attacks >> >> >> >> but it doesnt give an error or anything. >> >> >> >> with a configuration like: >> >> [Tunnel_out] >> >> client = no >> >> accept = 127.0.0.1:443 >> >> connect = 127.0.0.1:8118 >> >> cert = stunnel.pem >> >> >> >> this is what it gives: >> >> LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294 >> >> LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL >> >> routines:SSL23_GET_CLIENT_HELLO:https proxy request >> >> LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to >> >> socket >> >> >> >> and browser gives a server not found error immediately. im not even >> >> sure if i should use client or server configuration in a case like >> >> this, but none of them works anyway. all i would need is for my >> >> browser to get the pages decrypted, or at least in less than TLS1.1. >> >> like how on newipnow.com i can access sites with any encryption, since >> >> they are sent to the browser without encryption. the browser just >> >> gives an "unencrypted tunnel" warning, which is how i found stunnel, >> >> and which is exactly what i need, just locally. >> >> _______________________________________________ >> >> stunnel-users mailing list >> >> [email protected] >> >> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >> >> >> > >> > _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
