[stunnel-users] Connect using TLS with public Web Server

Carlos Castro carlos.castro.guerrero at gmail.com
Mon Mar 5 13:28:15 CET 2018


Hello

Thanks @Peter


Yes , my application not support TLS and I need the application connect 
using TLS , for this i using stunnel (i hope)

When I make curl -v http://127.0.0.1:19021  :

curl -v http://127.0.0.1:19201
* Rebuilt URL to: http://127.0.0.1:19201/
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0)
 > GET / HTTP/1.1
 > Host: 127.0.0.1:19201
 > User-Agent: curl/7.47.0
 > Accept: */*
 >
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< Server: AkamaiGHost
< Mime-Version: 1.0
< Content-Type: text/html
< Content-Length: 208
< Expires: Mon, 05 Mar 2018 12:25:53 GMT
< Date: Mon, 05 Mar 2018 12:25:53 GMT
< Connection: close

The web ctm.omgeo.net only works in mode HTTPS , .

Thanks Peter


On 05/03/18 13:22, Peter Pentchev wrote:
> On Mon, Mar 05, 2018 at 12:32:41PM +0100, Carlos Castro wrote:
>> Hello ,
>>
>> Thanks @Peter
>>
>> I'm trying to configure to connect with my PC to this Public server
>> https://ctm.omgeo.net using TLS1.2 but i don't can.
>>
>> I'm need setup stunnel for old application doesn't support TLS , and this
>> application need connect with this public server to send data.
>>
>>
>> I'm using the Peter config , but nothing . I try this config :
>>
>> [omgeo]
>> client = yes
>> accept = 127.0.0.1:19201
>> connect = ctm.omgeo.net:443
>> verify = 2
>> CApath = /etc/ssl/certs/
>>
>>
>> I'm using Curl to try connect  , I'm recive this error
>>
>> /etc/ssl/certs# curl -v https://127.0.0.1:19201
> Maybe I'm reading this wrong, but if your client application does not
> support TLS, then it won't speak HTTPS, it would speak plain HTTP.
> That's what the configuration you're using does - it tells stunnel to
> run in client mode, i.e. something will connect to stunnel using
> an unencrypted connection and stunnel will connect to a TLS server
> (in this case an HTTPS server).
>
> So what happens when you try almost the same query, but with the "http"
> scheme instead of the "https" one?
>
>    curl -v http://127.0.0.1:19201
>
> G'luck,
> Peter
>



More information about the stunnel-users mailing list