[stunnel-users] older browsers, stunnel and privoxy

• Previous message (by thread): [stunnel-users] older browsers, stunnel and privoxy
• Next message (by thread): [stunnel-users] stunnel not working properly on Redhat linux (fresh install)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sure it can.  Inetd is simply a "server" and stunnel works in  inetd mode or
server mode.  When not using inetd, stunnel does the server work.  When
using inetd then inetd does the server work.  In both cases the actual
"instance" of stunnel is the same.  And inetd always works (or essentially
Unix does not).  It is milliseconds slower in inetd (and unless you are
doing millions of connections nobody will notice) but way more reliable in
my experience.

Eric

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of
Peter Pentchev
Sent: Friday, January 04, 2019 8:06 AM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] older browsers, stunnel and privoxy

On Thu, Jan 03, 2019 at 02:45:30PM -0700, Eric Eberhard wrote:
> Observation:  you accept on port 80 ... the log says 4121 ... any 
> chance you have some sort of port forwarding/NAT/firewall/router issue?

Just for the record (I already answered the question in another message),
the log says that the client - the program that was talking to stunnel,
presumably some kind of web browser - connected *to* stunnel
*from* the (ephemeral) port 4121.

> Second -- if you are on Unix why not just use inetd?  Easy, reliable, 
> simple, always works (if inetd goes down you have no Unix).  And you 
> have nothing to manage -- just logs to look at.

The inetd and stunnel tools serve different purposes - inetd cannot, by
itself, proxy between a plaintext and a TLS/SSL connection.

> Happy New Year
> 
> Eric

Same!

G'luck,
Peter


> -----Original Message-----
> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On 
> Behalf Of kovacs janos
> Sent: Saturday, December 29, 2018 7:37 PM
> To: Javier <jamilist.stn at gmx.es>
> Cc: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] older browsers, stunnel and privoxy
> 
> it still doesnt seem to work. i tried it with deviantart.com again.
> configuration:
> client = yes
> accept = 127.0.0.1:80
> connect = 52.85.220.247:443
> verifyChain = yes
> CAfile = ca-certs.pem
> checkHost = *.deviantart.com
> 
> the name after checkHost is the "Common Name" displayed when viewing the
site's certificate in a browser(lock icon, view certificate). i also saved
the certificate in case i would need to try the "certificate pinning"
method. the connect IP is what 'get-site-ip.com'
> says the IP of the website is.
> 
> these are the logs:
> Service [fbsd-www] accepted connection from 127.0.0.1:4121
> s_connect: connected 52.85.220.247:443 Service [fbsd-www] connected 
> remote server from 192.168.0.3:4122
> SSL_connect: 14077410: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure 
> Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
> 
> i know i pestered everyone long enough, but i still havent been able 
> to connect to anything. without any verification its the same
> 
> On 12/21/18, Javier <jamilist.stn at gmx.es> wrote:
> > On Fri, 21 Dec 2018 13:58:35 +0200
> > Peter Pentchev <roam at ringlet.net> wrote:
> >
> >> Hm, there's no reason why stunnel would not work like that for a 
> >> predetermined set of hosts with known addresses.
> >
> > Hi,
> >
> > I'm just trying to avoid encouraging him on keep with his first idea 
> > of browsing through Stunnel, with, or without privoxy.
> >
> > Of course one site, one connection would work, if we forget about 
> > secondary issues and..., nevermind...
> >
> > I give up :D
> >
> > Regards.
> >
> >
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users at stunnel.org
> > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> >
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 
> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

--
--
Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

• Previous message (by thread): [stunnel-users] older browsers, stunnel and privoxy
• Next message (by thread): [stunnel-users] stunnel not working properly on Redhat linux (fresh install)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]