[stunnel-users] older browsers, stunnel and privoxy
kovacsjanosfasz at gmail.com
Sat Dec 15 21:54:33 CET 2018
"Because the proxy is to be told where to connect and receives a
direct secure handshake."
is that necessary even if stunnel is told to not verify the connections?
''If no verify argument is given, then stunnel will ignore any
certificates offered and will allow all connections.''
and i gave no verify anywhere.
"Privoxy is useless with encrypted data"
i tried it again but with all 'debug' levels set in privoxy, and its
true that after a while, these errors are written:
"Invalid request" 400 0
Error: Invalid header received from 127.0.0.1.
Writing: HTTP/1.0 400 Invalid header received from client
is this because of TLS encryption? does this mean privoxy cant even
simply forward TLS requests?
if so, can anyone tell me a proxy that can, and preferably doesnt do
anything else? and works on windows?
On 12/13/18, Javier <jamilist.stn at gmx.es> wrote:
> On Thu, 13 Dec 2018 21:03:27 +0100
> kovacs janos <kovacsjanosfasz at gmail.com> wrote:
>> i understand, and thank you for the explanation, but as i said, i use
>> a program called 'Privoxy', and that is where stunnel would connect
>> after accepting browser requests. Privoxy's accept address is what is
>> given for stunnel as the connect address.
>> Privoxy is a proxy capable of forwarding the requests to the address
>> opened in the browser, so all stunnel would have to do is encrypt and
>> decrypt traffic between the browser and Privoxy.
>> but when i try it, every connection is an endless load, stunnel icon
>> is blue, and no logs are made in Privoxy
> Because the proxy is to be told where to connect and receives a
> direct secure handshake.
> Even if privoxy could use the SNI to redirect the traffic, you will
> need to specify a service, in stunnel.conf, for every host you want
> to connect to, each one with a SNI. You face the same problem.
> And, aside this, why Stunnel in the middle? To secure LAN traffic in
> case is running in a second PC? Privoxy is useless with encrypted
> data, just transmits from origin to destination:
> stunnel-users mailing list
> stunnel-users at stunnel.org
More information about the stunnel-users