[stunnel-users] older browsers, stunnel and privoxy
flash at vicsmba.com
Thu Jan 3 22:45:30 CET 2019
Observation: you accept on port 80 ... the log says 4121 ... any chance you have some sort of port forwarding/NAT/firewall/router issue?
Second -- if you are on Unix why not just use inetd? Easy, reliable, simple, always works (if inetd goes down you have no Unix). And you have nothing to manage -- just logs to look at.
Happy New Year
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of kovacs janos
Sent: Saturday, December 29, 2018 7:37 PM
To: Javier <jamilist.stn at gmx.es>
Cc: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
it still doesnt seem to work. i tried it with deviantart.com again.
client = yes
accept = 127.0.0.1:80
connect = 220.127.116.11:443
verifyChain = yes
CAfile = ca-certs.pem
checkHost = *.deviantart.com
the name after checkHost is the "Common Name" displayed when viewing the site's certificate in a browser(lock icon, view certificate). i also saved the certificate in case i would need to try the "certificate pinning" method. the connect IP is what 'get-site-ip.com'
says the IP of the website is.
these are the logs:
Service [fbsd-www] accepted connection from 127.0.0.1:4121
s_connect: connected 18.104.22.168:443
Service [fbsd-www] connected remote server from 192.168.0.3:4122
SSL_connect: 14077410: error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
i know i pestered everyone long enough, but i still havent been able to connect to anything. without any verification its the same
On 12/21/18, Javier <jamilist.stn at gmx.es> wrote:
> On Fri, 21 Dec 2018 13:58:35 +0200
> Peter Pentchev <roam at ringlet.net> wrote:
>> Hm, there's no reason why stunnel would not work like that for a
>> predetermined set of hosts with known addresses.
> I'm just trying to avoid encouraging him on keep with his first idea
> of browsing through Stunnel, with, or without privoxy.
> Of course one site, one connection would work, if we forget about
> secondary issues and..., nevermind...
> I give up :D
> stunnel-users mailing list
> stunnel-users at stunnel.org
stunnel-users mailing list
stunnel-users at stunnel.org
More information about the stunnel-users