[stunnel-users] Web browsing over stunnel

Osvald Brko bflmpsvz at hotmail.com
Tue Nov 7 16:28:23 CET 2017


> From: Josealf.rm <josealf at rocketmail.com>
> Sent: Tuesday, November 7, 2017 10:41 AM
> To: Peter Pentchev
> Cc: Osvald Brko; stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] Web browsing over stunnel
  

> Osvald,

> Peter made a very clear explanation. Note that your connect statement should be something like:

> connect=104.239.213.7:443

> And you should test using something like:

> http://www.stunnel.net:8888/


    O.K., I understand it. www.stunnel.org still refuse connection (see below), but I was able to open www.wikipedia.org:

http://www.wikipedia.org:8888/

[https_test]
client = yes
accept = 127.0.0.1:8888
connect = 91.198.174.192:443

#127.0.0.1       localhost
#127.0.0.1 www.stunnel.org
127.0.0.1 www.wikipedia.org

But of course I am not able to use any web link, and I can see only default main page without any path.
So stunnel is completely unusable for web browsing, I am right?

       O.B.

=====
http://www.stunnel.org:8888/

[https_test]
client = yes
accept = 127.0.0.1:8888
connect = 207.192.69.165:443

#127.0.0.1       localhost
127.0.0.1 www.stunnel.org
#127.0.0.1 www.wikipedia.org

2017.11.07 15:51:37 LOG7[main]: Service [https_test] (FD=260) bound to 127.0.0.1:8888
2017.11.07 15:51:37 LOG7[cron]: Cron thread initialized
2017.11.07 15:51:53 LOG7[main]: Found 1 ready file descriptor(s)
2017.11.07 15:51:53 LOG7[main]: FD=232 ifds=r-x ofds=---
2017.11.07 15:51:53 LOG7[main]: FD=248 ifds=r-x ofds=---
2017.11.07 15:51:53 LOG7[main]: Service [https_test] accepted (FD=300) from 127.0.0.1:3197
2017.11.07 15:51:53 LOG7[main]: Creating a new thread
2017.11.07 15:51:53 LOG7[main]: New thread created
2017.11.07 15:51:53 LOG7[0]: Service [https_test] started
2017.11.07 15:51:53 LOG7[0]: Option TCP_NODELAY set on local socket
2017.11.07 15:51:53 LOG5[0]: Service [https_test] accepted connection from 127.0.0.1:3197
2017.11.07 15:51:53 LOG6[0]: s_connect: connecting 207.192.69.165:443
2017.11.07 15:51:53 LOG7[0]: s_connect: s_poll_wait 207.192.69.165:443: waiting 10 seconds
2017.11.07 15:51:53 LOG5[0]: s_connect: connected 207.192.69.165:443
2017.11.07 15:51:53 LOG5[0]: Service [https_test] connected remote server from XX.XXX.XXX.XXX:3198
2017.11.07 15:51:53 LOG7[0]: Option TCP_NODELAY set on remote socket
2017.11.07 15:51:53 LOG7[0]: Remote descriptor (FD=320) initialized
2017.11.07 15:51:53 LOG6[0]: SNI: sending servername: 207.192.69.165
2017.11.07 15:51:53 LOG6[0]: Peer certificate not required
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): before/connect initialization
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv2/v3 write client hello A
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server hello A
2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled
2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled
2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled
2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled
2017.11.07 15:51:53 LOG6[0]: Certificate verification disabled
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server certificate A
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server key exchange A
2017.11.07 15:51:53 LOG6[0]: Client certificate not requested
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server done A
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 write client key exchange A
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 write change cipher spec A
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 write finished A
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 flush data
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read server session ticket A
2017.11.07 15:51:53 LOG7[0]: TLS state (connect): SSLv3 read finished A
2017.11.07 15:51:53 LOG7[0]:      1 client connect(s) requested
2017.11.07 15:51:53 LOG7[0]:      1 client connect(s) succeeded
2017.11.07 15:51:53 LOG7[0]:      0 client renegotiation(s) requested
2017.11.07 15:51:53 LOG7[0]:      0 session reuse(s)
2017.11.07 15:51:53 LOG6[0]: TLS connected: new session negotiated
2017.11.07 15:51:53 LOG7[0]: Peer certificate was cached (7519 bytes)
2017.11.07 15:51:53 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2017.11.07 15:51:53 LOG7[0]: Compression: null, expansion: null
2017.11.07 15:51:58 LOG7[0]: TLS alert (read): warning: close notify
2017.11.07 15:51:58 LOG6[0]: TLS closed (SSL_read)
2017.11.07 15:51:58 LOG7[0]: Sent socket write shutdown
2017.11.07 15:51:59 LOG3[0]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2017.11.07 15:51:59 LOG5[0]: Connection reset: 483 byte(s) sent to TLS, 429 byte(s) sent to socket
2017.11.07 15:51:59 LOG7[0]: Remote descriptor (FD=320) closed
2017.11.07 15:51:59 LOG7[0]: Local descriptor (FD=300) closed
2017.11.07 15:51:59 LOG7[0]: Service [https_test] finished (0 left)


More information about the stunnel-users mailing list