[stunnel-users] older browsers, stunnel and privoxy

kovacs janos kovacsjanosfasz at gmail.com
Sun Dec 30 03:36:56 CET 2018


it still doesnt seem to work. i tried it with deviantart.com again.
configuration:
client = yes
accept = 127.0.0.1:80
connect = 52.85.220.247:443
verifyChain = yes
CAfile = ca-certs.pem
checkHost = *.deviantart.com

the name after checkHost is the "Common Name" displayed when viewing
the site's certificate in a browser(lock icon, view certificate). i
also saved the certificate in case i would need to try the
"certificate pinning" method. the connect IP is what 'get-site-ip.com'
says the IP of the website is.

these are the logs:
Service [fbsd-www] accepted connection from 127.0.0.1:4121
s_connect: connected 52.85.220.247:443
Service [fbsd-www] connected remote server from 192.168.0.3:4122
SSL_connect: 14077410: error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

i know i pestered everyone long enough, but i still havent been able
to connect to anything. without any verification its the same

On 12/21/18, Javier <jamilist.stn at gmx.es> wrote:
> On Fri, 21 Dec 2018 13:58:35 +0200
> Peter Pentchev <roam at ringlet.net> wrote:
>
>> Hm, there's no reason why stunnel would not work like that for
>> a predetermined set of hosts with known addresses.
>
> Hi,
>
> I'm just trying to avoid encouraging him on keep with his first idea
> of browsing through Stunnel, with, or without privoxy.
>
> Of course one site, one connection would work, if we forget about
> secondary issues and..., nevermind...
>
> I give up :D
>
> Regards.
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>



More information about the stunnel-users mailing list