<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_1_1456419692869_2674"><br><span></span></div><div><span>Claudio,</span></div><div><span><br></span></div><div id="yui_3_16_0_1_1456419692869_2735"><span>Sure, it works. Is it clear for you why? :)</span></div> <div class="qtdSeparateBR"><br><br></div><div style="display: block;" class="yahoo_quoted"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font face="Arial" size="2"> On Thursday, February 25, 2016 11:18 AM, Claudio Beretta <claudio.beretta@helloinnovation.com> wrote:<br></font></div>  <br><br> <div class="y_msg_container"><div id="yiv7324081453"><div><div dir="ltr">José, that did the trick!<br clear="none"><div>Thank you</div></div><div class="yiv7324081453yqt6723258046" id="yiv7324081453yqt67404"><div class="yiv7324081453gmail_extra"><br clear="none"><div class="yiv7324081453gmail_quote">On Thu, Feb 25, 2016 at 12:07 AM, Josealf.rm <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:josealf@rocketmail.com" target="_blank" href="mailto:josealf@rocketmail.com">josealf@rocketmail.com</a>></span> wrote:<br clear="none"><blockquote class="yiv7324081453gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div><span></span></div><div><div>Hi Claudio,</div><div><br clear="none"></div><div>What happens if you Try client = no for proxy1 and client = yes for proxy2?<br clear="none"></div><div><br clear="none"></div><div>Regards,</div><div>José</div><div><div class="yiv7324081453h5"><div><br clear="none">El 23 feb 2016, a las 12:13, Claudio Beretta <<a rel="nofollow" shape="rect" ymailto="mailto:claudio.beretta@helloinnovation.com" target="_blank" href="mailto:claudio.beretta@helloinnovation.com">claudio.beretta@helloinnovation.com</a>> escribió:<br clear="none"><br clear="none"></div><blockquote type="cite"><div><div dir="ltr"><div>I'd like Stunnel to act as a reverse proxy that accepts TLS 1.0 and TLS 1.2 for <a rel="nofollow" shape="rect" target="_blank" href="https://example.com/">https://example.com</a> and then forwards the traffic to <a rel="nofollow" shape="rect" target="_blank" href="https://example.net/">https://example.net</a>, another web server that only accepts TLS 1.2<br clear="none"></div><div>browser --TLS 1.0 or 1.2--> Stunnel --TLS 1.2--> Web App<br clear="none"></div><div><br clear="none"></div><div>The browser should have no idea that <a rel="nofollow" shape="rect" target="_blank" href="http://example.net/">example.net</a> even exists (only <a rel="nofollow" shape="rect" target="_blank" href="http://example.com/">example.com</a> certificate will be presented to the browser).</div><div>Is this something Stunnel can do?</div><div><br clear="none"></div><div><br clear="none"></div><div>This is what I got so far:</div><div><br clear="none"></div><div><div>cert = example.com.pem</div><div>;stunnel.pem</div><div><br clear="none"></div><div>[proxy1]</div><div>client = yes</div><div>accept = <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://10.100.4.179:443/">10.100.4.179:443</a></div><div>connect = localhost:54323</div><div>CAfile = sca.server1.crt.pem</div><div>;verify = 2</div><div><br clear="none"></div><div>[proxy2]</div><div>client = no</div><div>accept = localhost:54323</div><div>connect = <a rel="nofollow" shape="rect" target="_blank" onclick="return theMainWindow.showLinkWarning(this)" href="http://example.net:443/">example.net:443</a></div><div>;CAfile = SymantecClass3EVSSLCA-G3.pem</div></div><div><br clear="none"></div><div>example.com.pem contains the public and decrypted private key for <a rel="nofollow" shape="rect" target="_blank" href="http://example.com/">example.com</a><br clear="none"></div><div>sca.server1.crt.pem contains the intermediate and root certificates of the CA that issues the example.com.pem certificate<br clear="none"></div><div><br clear="none"></div><div>It partially works: the browser shows <a rel="nofollow" shape="rect" target="_blank" href="http://example.com/">example.com</a> in the address bad and the content of <a rel="nofollow" shape="rect" target="_blank" href="http://example.net/">example.net</a>, but the certificate that is returned is from <a rel="nofollow" shape="rect" target="_blank" href="http://example.net/">example.net</a></div><div><br clear="none"></div><div>What am I doing wrong?</div><div>Or do you have other recommendations to get something like this working on Windows Server 2008 R2? (IIS + Application Request Routing + URL Rewrite won't work: TLS1.2 is not properly supported)<br clear="none"></div><div><br clear="none"></div><div>Thank you</div><div>Claudio</div></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>_______________________________________________</span><br clear="none"><span>stunnel-users mailing list</span><br clear="none"><span><a rel="nofollow" shape="rect" ymailto="mailto:stunnel-users@stunnel.org" target="_blank" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a></span><br clear="none"><span><a rel="nofollow" shape="rect" target="_blank" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a></span><br clear="none"></div></blockquote></div></div></blockquote></div><br clear="none"></div></div></div></div><br><br></div>  </div> </div>  </div></div></body></html>