This is not what I've understood from your first description. You would like to bridge TLSv1 to TLSv1.1 or TLSv1.2 before sending requests to a web proxy.
This is why I don't think stunnel is intended for that. That said, if SSLV3 and TLSv1 have been deprecated, there's a good reason and you should seriously think to update your tools. Regards, Flo On Tue, Dec 4, 2018 at 3:18 PM kovacs janos <[email protected]> wrote: > well, it says this on the first line of the website: > "Stunnel is a proxy designed to add TLS encryption functionality to > existing clients and servers without any changes in the programs' > code." > > i just want to add TLS functionality to client browsers which dont > have it. i only need stunnel to decrypt TLS traffic going back to the > browser. > > On 12/4/18, Flo Rance <[email protected]> wrote: > > Sorry I didn't read it correctly. I don't think this is something stunnel > > can handle. > > > > Regards, > > Flo > > > > On Mon, Dec 3, 2018 at 9:31 PM kovacs janos <[email protected]> > > wrote: > > > >> thank you for the reply, > >> its the address and port where privoxy listens for requests. > >> from the config file: > >> "# 4.1. listen-address > >> # ==================== > >> # > >> # Specifies: > >> # > >> # The IP address and TCP port on which Privoxy will listen for > >> # client requests." > >> and under it: > >> > >> listen-address 127.0.0.1:8118 > >> > >> On 12/3/18, Flo Rance <[email protected]> wrote: > >> > Hi, > >> > > >> > It's not clear in your description what is running on 8118 local port. > >> > > >> > Regards, > >> > Flo > >> > > >> > On Mon, Dec 3, 2018 at 2:40 PM kovacs janos < > [email protected]> > >> > wrote: > >> > > >> >> sorry to bother, > >> >> im trying to make older browsers be able to display TLS 1.1 and TLS > >> >> 1.2 > >> >> sites. > >> >> i heard stunnel cant be configured to always forward to the current > >> >> site address dynamically, thats why i would use privoxy. > >> >> the browser is configured to send to: > >> >> 127.0.0.1 443 > >> >> > >> >> stunnel config has this at the end: > >> >> [Tunnel_in] > >> >> client = yes > >> >> accept = 127.0.0.1:443 > >> >> connect = 127.0.0.1:8118 > >> >> verifyChain = yes > >> >> CAfile = ca-certs.pem > >> >> checkHost = localhost > >> >> > >> >> 127.0.0.1:8118 is the privoxy address. > >> >> this is what stunnel writes: > >> >> LOG5[main]: Configuration successful > >> >> LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261 > >> >> LOG5[0]: s_connect: connected 127.0.0.1:8118 > >> >> LOG5[0]: Service [Tunnel_in] connected remote server from > >> 127.0.0.1:3262 > >> >> > >> >> and the browser infinitely loads, and never loads anything or leaves > >> >> the > >> >> page. > >> >> if i remove the last 3 lines, its the same just with this line added: > >> >> LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM > >> >> attacks > >> >> > >> >> but it doesnt give an error or anything. > >> >> > >> >> with a configuration like: > >> >> [Tunnel_out] > >> >> client = no > >> >> accept = 127.0.0.1:443 > >> >> connect = 127.0.0.1:8118 > >> >> cert = stunnel.pem > >> >> > >> >> this is what it gives: > >> >> LOG5[3]: Service [Tunnel_out] accepted connection from > 127.0.0.1:3294 > >> >> LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL > >> >> routines:SSL23_GET_CLIENT_HELLO:https proxy request > >> >> LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to > >> >> socket > >> >> > >> >> and browser gives a server not found error immediately. im not even > >> >> sure if i should use client or server configuration in a case like > >> >> this, but none of them works anyway. all i would need is for my > >> >> browser to get the pages decrypted, or at least in less than TLS1.1. > >> >> like how on newipnow.com i can access sites with any encryption, > since > >> >> they are sent to the browser without encryption. the browser just > >> >> gives an "unencrypted tunnel" warning, which is how i found stunnel, > >> >> and which is exactly what i need, just locally. > >> >> _______________________________________________ > >> >> stunnel-users mailing list > >> >> [email protected] > >> >> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > >> >> > >> > > >> > > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
