[stunnel-users]  Re: Connect using TLS with public Web Server

Carlos Castro carlos.castro.guerrero at gmail.com
Tue Mar 6 09:34:01 CET 2018


Hi All ,
it's mandatory for use stunnel wich the infrastructure has client 
stunnel and server stunnel ??

Or I can have client stunnel vs Web server HTTPS without stunnel server 
, only web server https .

I newbie in stunnel , but i think is  mandatory install stunnel in both 
sites , that's is correct?

Regards


On 05/03/18 20:23, Carlos Castro wrote:
>
> Thanks @Mike
>
> If possible use Squid  + stunnel  to solve the problem with host 
> header? The application is very very old .
>
> Thanks
>
>
> On 05/03/18 20:06, Mike Spooner wrote:
>>
>> The problem is the "Host: ..." header that is being sent to the 
>> remote server. You need to configure 127.0.0.1:19021 as a proxy in 
>> your app (and curl) and then have the app (curl) fetch 
>> https://ctm.omego.net
>>
>>
>> Not sure how to do that in curl, but search the curl manpage for any 
>> mentions of "proxy".
>>
>> -- Mike Spooner
>>
>> --------- Original Message ---------
>> *From*: Carlos Castro
>> *Date*: Mon Mar 05 12:28:15 GMT+00:00 2018
>> *Subject*: Re: [stunnel-users] Connect using TLS with public Web Server
>> Hello
>>
>> Thanks @Peter
>>
>>
>> Yes , my application not support TLS and I need the application connect
>> using TLS , for this i using stunnel (i hope)
>>
>> When I make curl -v http://127.0.0.1:19021 :
>>
>> curl -v http://127.0.0.1:19201
>> * Rebuilt URL to: http://127.0.0.1:19201/
>> *   Trying 127.0.0.1...
>> * Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0)
>> > GET / HTTP/1.1
>> > Host: 127.0.0.1:19201
>> > User-Agent: curl/7.47.0
>> > Accept: */*
>> >
>> * HTTP 1.0, assume close after body
>> < HTTP/1.0 400 Bad Request
>> < Server: AkamaiGHost
>> < Mime-Version: 1.0
>> < Content-Type: text/html
>> < Content-Length: 208
>> < Expires: Mon, 05 Mar 2018 12:25:53 GMT
>> < Date: Mon, 05 Mar 2018 12:25:53 GMT
>> < Connection: close
>>
>> The web ctm.omgeo.net only works in mode HTTPS , .
>>
>> Thanks Peter
>>
>>
>> On 05/03/18 13:22, Peter Pentchev wrote:
>> > On Mon, Mar 05, 2018 at 12:32:41PM +0100, Carlos Castro wrote:
>> >> Hello ,
>> >>
>> >> Thanks @Peter
>> >>
>> >> I'm trying to configure to connect with my PC to this Public server
>> >> https://ctm.omgeo.net using TLS1.2 but i don't can.
>> >>
>> >> I'm need setup stunnel for old application doesn't support TLS , 
>> and this
>> >> application need connect with this public server to send data.
>> >>
>> >>
>> >> I'm using the Peter config , but nothing . I try this config :
>> >>
>> >> [omgeo]
>> >> client = yes
>> >> accept = 127.0.0.1:19201
>> >> connect = ctm.omgeo.net:443
>> >> verify = 2
>> >> CApath = /etc/ssl/certs/
>> >>
>> >>
>> >> I'm using Curl to try connect  , I'm recive this error
>> >>
>> >> /etc/ssl/certs# curl -v https://127.0.0.1:19201
>> > Maybe I'm reading this wrong, but if your client application does not
>> > support TLS, then it won't speak HTTPS, it would speak plain HTTP.
>> > That's what the configuration you're using does - it tells stunnel to
>> > run in client mode, i.e. something will connect to stunnel using
>> > an unencrypted connection and stunnel will connect to a TLS server
>> > (in this case an HTTPS server).
>> >
>> > So what happens when you try almost the same query, but with the "http"
>> > scheme instead of the "https" one?
>> >
>> > curl -v http://127.0.0.1:19201
>> >
>> > G'luck,
>> > Peter
>> >
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180306/bf85e78d/attachment-0001.html>


More information about the stunnel-users mailing list