[stunnel-users] Trouble after disabling SSLv3
dion at concero.nl
Sun Oct 19 20:09:39 CEST 2014
I have stunnel running in a configuration where we use it to connect to
a webserver over https while adding client certificates to the requests.
This worked fine until recently on the (Apache) webserver SSLv3 was
disabled. I installed the latest version of stunnel today
<https://www.stunnel.org/downloads/beta/stunnel-5.07b2.tar.gz>) but that
did not fix the problem. Now STunnel tries to negotiate a https
connection using the TLSv1.2 and I found that because of this Apache
does not like the content of the Host variable in the HTTP header which
is different from what Apache is expectingto be. With SSLv3 this was not
an issue. As a result I get a "HTTP/1.1 400 Bad Request" from the webserver.
In my configuration I cannot (easily) apply some form of split DNS to
get the hostname correct in the http header already from the client
connecting to the stunnel service.
I tested using curl sending a request through stunnel to the web server
and verified that when I modified the Host field in the request header
it does work.
To my opinion it is stunnel setting up the HTTPS connection to the
webserver and stunnel should take care of setting the correct Host field
in the request header. Is there a way to let stunnel take care of
setting the correct info in the HTTP header?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users