[stunnel-users] older browsers, stunnel and privoxy

Javier jamilist.stn at gmx.es
Sun Dec 16 01:35:30 CET 2018

On Sat, 15 Dec 2018 21:54:33 +0100
kovacs janos <kovacsjanosfasz at gmail.com> wrote:

> "Because the proxy is to be told where to connect and receives a
> direct secure handshake."
> is that necessary even if stunnel is told to not verify the connections?
> ''If no verify argument is given, then stunnel will ignore any
> certificates offered and will allow all connections.''
> and i gave no verify anywhere.


The verification has nothing to do with the connection, but with the
verification by Stunnel of the received certificate, if it is set as
client, from the server, or if it is running as a server, from the
clients (cert or PSK).

What I said above is that the proxy expects to be told where to
connect, and instead receives a secure handshake, what doesn't

And as you found then..., with this quoted text below. Can't find the
headers requesting it to connect wherever is needed.

> "Privoxy is useless with encrypted data"
> i tried it again but with all 'debug' levels set in privoxy, and its
> true that after a while, these errors are written:
> "Invalid request" 400 0
> Error: Invalid header received from
> Writing: HTTP/1.0 400 Invalid header received from client
> is this because of TLS encryption? does this mean privoxy cant even
> simply forward TLS requests?

Is not that it can't handle/fordward, is that it doesn't expect
encrypted garbage. It expects and HTTP header telling where to

Can forward, but when it knows where to connect. As stunnel is not
designed for this (is not an HTTP web browser), it doesn't send what
the proxy needs.

And, again, setup Stunnel to handle this kind of task (browsing
through it, or redirect to a proxy) is unrealizable in any way. It
hasn't made for this.

> if so, can anyone tell me a proxy that can, and preferably doesnt do
> anything else? and works on windows?

Can't help with that, sorry.


More information about the stunnel-users mailing list