[stunnel-users] Config for client proxy https (privoxy + stunnel)
Xavier Cheney
xav26000 at yahoo.fr
Sun Apr 2 21:04:44 CEST 2006
Hi everybody,
I found my mistake !!
The process is not good. This is the correct process :
browser (localhost:8118) <-> (localhost:8118) privoxy <-web-> server [and]
(localhost:8888) stunnel (server:443)
So with only privoxy like proxy in my Firefox config
- when I ask http://server/page.html , data is modified by privoxy
- when I ask https://server/page.html, data is transmitted by privoxy
- when I ask http://localhost:888/page.html data is modified by privoxy
and the real data transmitted is https://server/page.html , stunnel managing
SSL between localhost and server.
My new config :
[https]
accept = 8888
connect = server:443
In fact, it was the stunnel main function that I didn't understand. Sorry
:)
Thanks to exos, and hope it will help someone,
Xavier
Xavier Cheney <xav26000 at yahoo.fr> a écrit :
Hi,
I wan to customize web page before viewing by my browser Firefox.
With "privoxy" (www.privoxy.org) I can modify (proxy filter) HTTP web
page, but not HTTPS pages.
So, I want to use stunnel, to transfer HTTPS in HTTP between my proxy and
server, like this :
browser (8118) <-> (8118) privoxy (8888) <-> (8888) stunnel (server:443)
<-web-> server
This is my stunnel.conf :
----------------------------------------------------
ciphers = RC4-MD5:DES-CBC3-SHA
verify = 0
debug = 7
client = yes
[https]
accept = 8888
connect = server.server.com:443
TIMEOUTclose = 0
----------------------------------------------------
And my log :
----------------------------------------------------
2006.03.31 11:40:02 LOG7[3396:2944]: RAND_status claims sufficient entropy
for the PRNG
2006.03.31 11:40:02 LOG6[3396:2944]: PRNG seeded successfully
2006.03.31 11:40:02 LOG7[3396:2944]: SSL context initialized for service
https
2006.03.31 11:40:02 LOG5[3396:2944]: stunnel 4.15 on x86-pc-mingw32-gnu with
OpenSSL 0.9.7i 14 Oct 2005
2006.03.31 11:40:02 LOG5[3396:2944]: Threading:WIN32 SSL:ENGINE
Sockets:SELECT,IPv6
2006.03.31 11:40:02 LOG5[3396:2952]: No limit detected for the number of
clients
2006.03.31 11:40:02 LOG7[3396:2952]: FD 192 in non-blocking mode
2006.03.31 11:40:02 LOG7[3396:2952]: SO_REUSEADDR option set on accept
socket
2006.03.31 11:40:02 LOG7[3396:2952]: https bound to 0.0.0.0:8888
2006.03.31 11:40:07 LOG7[3396:2952]: https accepted FD=200 from
127.0.0.1:2414
2006.03.31 11:40:07 LOG7[3396:2952]: Creating a new thread
2006.03.31 11:40:07 LOG7[3396:2952]: New thread created
2006.03.31 11:40:07 LOG7[3396:3320]: https started
2006.03.31 11:40:07 LOG7[3396:3320]: FD 200 in non-blocking mode
2006.03.31 11:40:07 LOG5[3396:3320]: https connected from 127.0.0.1:2414
2006.03.31 11:40:07 LOG7[3396:3320]: FD 232 in non-blocking mode
2006.03.31 11:40:07 LOG7[3396:3320]: https connecting 195.101.206.82:443
2006.03.31 11:40:07 LOG7[3396:3320]: connect_wait: waiting 10 seconds
2006.03.31 11:40:07 LOG7[3396:3320]: connect_wait: connected
2006.03.31 11:40:07 LOG7[3396:3320]: Remote FD=232 initialized
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): before/connect
initialization
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write client
hello A
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read server
hello A
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read server
certificate A
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read server
done A
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write client
key exchange A
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write change
cipher spec A
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write
finished A
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 flush data
2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read
finished A
2006.03.31 11:40:07 LOG7[3396:3320]: 1 items in the session cache
2006.03.31 11:40:07 LOG7[3396:3320]: 1 client connects (SSL_connect())
2006.03.31 11:40:07 LOG7[3396:3320]: 1 client connects that finished
2006.03.31 11:40:07 LOG7[3396:3320]: 0 client renegotiations requested
2006.03.31 11:40:07 LOG7[3396:3320]: 0 server connects (SSL_accept())
2006.03.31 11:40:07 LOG7[3396:3320]: 0 server connects that finished
2006.03.31 11:40:07 LOG7[3396:3320]: 0 server renegotiations requested
2006.03.31 11:40:07 LOG7[3396:3320]: 0 session cache hits
2006.03.31 11:40:07 LOG7[3396:3320]: 0 session cache misses
2006.03.31 11:40:07 LOG7[3396:3320]: 0 session cache timeouts
2006.03.31 11:40:07 LOG6[3396:3320]: SSL connected: new session negotiated
2006.03.31 11:40:07 LOG6[3396:3320]: Negotiated ciphers: RC4-MD5
SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
2006.03.31 11:40:07 LOG7[3396:3320]: Socket closed on read
2006.03.31 11:40:07 LOG7[3396:3320]: SSL write shutdown
2006.03.31 11:40:07 LOG7[3396:3320]: SSL alert (write): warning: close
notify
2006.03.31 11:40:07 LOG7[3396:3320]: SSL_shutdown retrying
2006.03.31 11:40:07 LOG7[3396:3320]: SSL doesn't need to read or write
2006.03.31 11:40:07 LOG6[3396:3320]: s_poll_wait timeout: connection close
2006.03.31 11:40:07 LOG5[3396:3320]: Connection closed: 211 bytes sent to
SSL, 163 bytes sent to socket
2006.03.31 11:40:07 LOG7[3396:3320]: https finished (0 left)
2006.03.31 11:40:07 LOG7[3396:2952]: https accepted FD=220 from
127.0.0.1:2417
2006.03.31 11:40:07 LOG7[3396:2952]: Creating a new thread
2006.03.31 11:40:07 LOG7[3396:2952]: New thread created
2006.03.31 11:40:07 LOG7[3396:3944]: https started
2006.03.31 11:40:07 LOG7[3396:3944]: FD 220 in non-blocking mode
2006.03.31 11:40:07 LOG5[3396:3944]: https connected from 127.0.0.1:2417
2006.03.31 11:40:07 LOG7[3396:3944]: FD 232 in non-blocking mode
2006.03.31 11:40:07 LOG7[3396:3944]: https connecting 195.101.206.82:443
2006.03.31 11:40:07 LOG7[3396:3944]: connect_wait: waiting 10 seconds
2006.03.31 11:40:08 LOG7[3396:3944]: connect_wait: connected
2006.03.31 11:40:08 LOG7[3396:3944]: Remote FD=232 initialized
2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): before/connect
initialization
2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 write client
hello A
2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 read server
hello A
2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 read
finished A
2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 write change
cipher spec A
2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 write
finished A
2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 flush data
2006.03.31 11:40:08 LOG7[3396:3944]: 1 items in the session cache
2006.03.31 11:40:08 LOG7[3396:3944]: 2 client connects (SSL_connect())
2006.03.31 11:40:08 LOG7[3396:3944]: 2 client connects that finished
2006.03.31 11:40:08 LOG7[3396:3944]: 0 client renegotiations requested
2006.03.31 11:40:08 LOG7[3396:3944]: 0 server connects (SSL_accept())
2006.03.31 11:40:08 LOG7[3396:3944]: 0 server connects that finished
2006.03.31 11:40:08 LOG7[3396:3944]: 0 server renegotiations requested
2006.03.31 11:40:08 LOG7[3396:3944]: 1 session cache hits
2006.03.31 11:40:08 LOG7[3396:3944]: 0 session cache misses
2006.03.31 11:40:08 LOG7[3396:3944]: 0 session cache timeouts
2006.03.31 11:40:08 LOG6[3396:3944]: SSL connected: previous session reused
2006.03.31 11:40:08 LOG7[3396:3944]: Socket closed on read
2006.03.31 11:40:08 LOG7[3396:3944]: SSL write shutdown
2006.03.31 11:40:08 LOG7[3396:3944]: SSL alert (write): warning: close
notify
2006.03.31 11:40:08 LOG7[3396:3944]: SSL_shutdown retrying
2006.03.31 11:40:08 LOG7[3396:3944]: SSL doesn't need to read or write
2006.03.31 11:40:08 LOG6[3396:3944]: s_poll_wait timeout: connection close
2006.03.31 11:40:08 LOG5[3396:3944]: Connection closed: 211 bytes sent to
SSL, 163 bytes sent to socket
2006.03.31 11:40:08 LOG7[3396:3944]: https finished (0 left)
----------------------------------------------------
Note the first "Socket closed on read". I think the problem is there.
The web reply is "Bad Request (Invalid URL)"
Where did I do a mistake ?
Thanks for answer,
Xavier
More information about the stunnel-users
mailing list