[stunnel-users] Can this be done by Stunnel
Alan C. Bonnici
chribonn at gmail.com
Fri Mar 23 12:37:46 CET 2012
After a few exchanges a few hours ago with the folk at STunnel I can confirm
that the "problem" was that the company uses host headers. Here is the
procedure I used to sort it out:
1. Modify the windows host file and add the following entry 127.0.0.1
rest.nexmo.com. If your STunnel ir running on a different machines, set the
127.0.0.1 to the IP address of the Stunnel server.
2. Add the following to the stunnel.conf file (you may alter the port)
client = yes
accept = 9013
connect = 220.127.116.11:443
TIMEOUTclose = 0
3. Start sending secure SMSs as follows (note the port number much match the
one set in stunnel.conf)
This will bypass the issue related to host headers and I can confirm that
the solution has worked.
The setup is useful if using server technology that does not natively
support SSL as is our case.
Hope this helps.
While I don't generally use Stunnel for HTTPS, I found your question
interesting. Since I'm always trying
to experiment with configurations of and applications for Stunnel, I
decided to give it a whirl.
I'm happy to confirm that it works just fine for me. I'm not connecting
to the site in your example,
but the principle is the same. Perhaps the answer lies in how your
browser parses that URL,
and how, as a result, it inserts that data into the stream.
For the experiment, I used Firefox 9.0.1 running under Windows XP x86
with Stunnel version 4.53.
My test config was:
debug = 6
fips = no
delay = yes
output = stunnel.log
client = yes
accept = 127.0.1.21:7777
connect = www.host.domain:443
Where www.host.domain is just an example. As you can see, I did not
TIMEOUTclose statement in my config file.
Then I pointed the browser at
As far as I can tell, all of the parameters contained in that string
were passed on to the web site without
You might want to check your log window to see what's happening when you
try to connect via Stunnel.
Here's an actual example of the connection activity from my log:
2012.03.22 21:20:51 LOG5[992:2548]: Service [https] accepted connection
2012.03.22 21:20:51 LOG6[992:2548]: connect_blocking: connecting
2012.03.22 21:20:51 LOG5[992:2548]: connect_blocking: connected
2012.03.22 21:20:51 LOG5[992:2548]: Service [https] connected remote
server from ***.**.***.*:2672
2012.03.22 21:20:51 LOG6[992:2548]: SSL connected: new session negotiated
2012.03.22 21:20:51 LOG6[992:2548]: Negotiated TLSv1/SSLv3 ciphersuite:
RC4-SHA (128-bit encryption)
2012.03.22 21:20:51 LOG6[992:2548]: Compression: null, expansion: null
2012.03.22 21:21:00 LOG6[992:2548]: SSL_shutdown successfully sent
2012.03.22 21:21:00 LOG5[992:2548]: Connection closed: 1879 byte(s) sent
to SSL, 128546 byte(s) sent to socket
If you have to post again, it would be helpful if you included more detail.
Good luck with your application!
On 3/21/2012 9:50 AM, Alan C. Bonnici wrote:
> I am new to STunnel. I am trying to connect to a service provided by
> If from a browser I type the following:
> The process works.
> I just installed stunnel and have the following config file
> ; Debugging stuff (may useful for troubleshooting)
> ;debug = 7
> ;output = stunnel.log
> ; Certificate/key is needed in server mode and optional in client mode
> cert = stunnel.pem
> ;key = stunnel.pem
> ; Disable support for insecure SSLv2 protocol
> options = NO_SSLv2
> client = yes
> accept = 9012
> connect = rest.nexmo.com:443
> TIMEOUTclose = 0
> When I type
> it does not.
> Can anyone please confirm whether what I am trying to do is doable and
> maybe highlight what I am doing wrong.
> stunnel-users mailing list
> stunnel-users at stunnel.org
Attention: This message and all attachments are private and may contain
information that is confidential and privileged. If you received this
message in error, please notify the sender by reply email and delete the
-------------- next part --------------
An HTML attachment was scrubbed...
stunnel-users mailing list
stunnel-users at stunnel.org
End of stunnel-users Digest, Vol 92, Issue 22
More information about the stunnel-users