Hello,
> im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 sites.
> i heard stunnel cant be configured to always forward to the current
> site address dynamically, thats why i would use privoxy.
If by "forward to the current site address dynamically" you meant "forward to
the current address of one specific domain" then stunnel can achieve that by
adding "delay = yes".
However, if I understood correctly, you wanted to let stunnel strip
or remove SSL for whatever sites you visit. Then no, I don't think you can
achieve that with privoxy and stunnel. If that's what you want, I would suggest
you use nginx to remove SSL. The following example configuration will let nginx
"upgrade" your HTTP request to HTTPS.
events {} http { server {
resolver 9.9.9.9;
listen 80;
location / {
proxy_pass https://$host$request_uri;
proxy_set_header Host $http_host;
}
}}
You can then point any domain to the nginx server (for example, via the hosts
file) and visit the site via HTTP. This will make HTTPS-oly servers happy.
That won't strip third-party HTTPS:// URL resources like NewIPNow does, but you
can use the nginx "sub_filter" to replace HTTPS with HTTP in HTML. Also there
are "security features" like "Content-Security-Policy" that prevent modern
browsers from visiting your SSL-stripped sites, but I believe your out-dated
browser will happily ignore those.
--Zizhong
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
