I am looking to provide automatic encryption between my browser and my proxy server. I searched Google for pages providing a detailed solution. I found a couple of solutions: moving to version 3 or using Stunnel/SSLProxy. I would prefer not to use version 3 as it is a developmental. So I placed Stunnel on the proxy server with the following configuration:
# Sample stunnel configuration file # Copyright by Michal Trojnara 2002
# Comment it out on Win32 cert = /etc/stunnel/stunnel.pem #chroot = /usr/var/run/stunnel/ # PID is created inside chroot jail #pid = /stunnel.pid setuid = root setgid = root
# Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS
# Authentication stuff verify = default # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /usr/etc/stunnel/certs.pem
# Some debugging stuff debug = 7 output = stunnel.log
# Use it for client mode #client = yes
# Service-level configuration
[sproxy] accept = 3127 connect = 3128
Stunnel starts fine as does Squid. However when I attempt to connect I receive an alert message stating "Document contains no data". The following error message appears in stunnel.log:
2003.09.25 14:39:53 LOG3[2256:1084423472]: SSL_accept: 1407609C: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Any suggestions, help or points in the right direction would be greatly appreciated. Please note I am not necessarily attached to using Stunnel, but would prefer to avoid using Squid 3 if at all possible. I can provide my squid.conf if necessary.
Thanks Pat
smime.p7s
Description: S/MIME Cryptographic Signature
