[stunnel-users] older browsers, stunnel and privoxy

kovacs janos kovacsjanosfasz at gmail.com
Thu Dec 13 21:03:27 CET 2018


i understand, and thank you for the explanation, but as i said, i use
a program called 'Privoxy', and that is where stunnel would connect
after accepting browser requests. Privoxy's accept address is what is
given for stunnel as the connect address.
Privoxy is a proxy capable of forwarding the requests to the address
opened in the browser, so all stunnel would have to do is encrypt and
decrypt traffic between the browser and Privoxy.
but when i try it, every connection is an endless load, stunnel icon
is blue, and no logs are made in Privoxy

On 12/13/18, Javier <jamilist.stn at gmx.es> wrote:
> Hi,
>
> You are getting around and around and you don't get it.
>
> Yes, stunnel, after all, is a proxy, as acts as an intermediate (end
> of proxy definition), but is not a proxy as you understand it.
>
> While all proxy servers act as a funnel (wide side accepts inbound
> connections and tight for outbound connections for EACH request),
> this is, accept any connection and reroute them based on the header
> requests, Stunnel is just a tube (one inbound and one outbound
> connection), a tunnel, better said to match its own name, this is,
> that only connects peer to peer with just one connection and ONLY, I
> repeat, ONLY, if that connection have already set up as a service,
> because stunnel doesn't read the headers to decide where to connect.
>
> I repeat: the service, telling where (ip:port) should accept
> connections and where (ip/host:port) should connect to, MUST be set
> up first in stunnel.conf (or whatever you named it).
>
> Even thought the connect variable for a service can have multiple
> destinations, it only connects to one of them in a randomly way.
>
> If, let's imagine, the above phrase could be the solution, THAT
> ISN'T, you would need to set up the whole domain names used in the
> world as connect options and, even though, as the connections are
> random, and can't choose one based on headers, as, as said above, it
> doesn't read them, you won't be able to connect to the desired
> destination.
>
> That is the reason Stunnel, isn't and can't be used as a regular
> proxy. In short, stunnel is to give TLS/SSL capabilities to
> non-secure aware (or old) programs; or to control the TLS/SSL aside
> the background program.
>
> You'll need to use a real proxy server.
>
> I hope this is crystal clear enough and helps anyone that comes to
> the list asking this (they are a few), why can't be used to their
> purposes.
>
> Regards :)
>
>
> P.S.: as a bonus, kind of off-topic, and even though doesn't explain
> all, but maybe could help some to understand how connections work with
> this OOOOLD video, even though it talks briefly about the proxy
> server:
> http://warriorsofthe.net/
> http://warriorsofthe.net/movie.html (video language selection)
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>



More information about the stunnel-users mailing list