[stunnel-users] Client-side SNI

Vincent Deschenes vdeschenes at stelvio.com
Mon Aug 1 22:28:42 CEST 2016


Problem solved, was not related to SNI, SNI works great with client side stunnel, no need to set the protocol option.

Our problem was that http host, since our clients app was using stunnel to reach a virtual host on an nginx to reverse proxy, we connected to stunnel using stunnel local IP instead of our server domain name. Nginx was not receiving the domain name and was serving the default host.

Solution was to add a record to the host file to point the server name to our local stunnel IP.


Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570



On Mon, Aug 1, 2016 at 1:19 PM -0400, "Vincent Deschenes" <vdeschenes at stelvio.com<mailto:vdeschenes at stelvio.com>> wrote:

Do we have to specify the "protocol" option to have stunnel know how to handle the server name indication?

I remember I had to set it to smtp for an smtp connection.

This current case is for https.
I can not find the http/s option for protocol, should I use the "connect" option?

Thanks,

Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570

From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Vincent Deschenes
Sent: Monday, August 1, 2016 1:10 PM
To: stunnel-users at stunnel.org
Subject: [stunnel-users] Client-side SNI

Hi,

Anyone know if there is anything special to do to get ServerName sent when using stunnel in client mode to be able to connect to SNI enabled server?
Using latest version of stunnel and openssl.

Will stunnel use the name specified in the "connect=" config ?

Thanks,
Regards,

Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160801/234c7fcd/attachment-0001.html>


More information about the stunnel-users mailing list