Observation: you accept on port 80 ... the log says 4121 ... any chance you have some sort of port forwarding/NAT/firewall/router issue?
Second -- if you are on Unix why not just use inetd? Easy, reliable, simple, always works (if inetd goes down you have no Unix). And you have nothing to manage -- just logs to look at. Happy New Year Eric -----Original Message----- From: stunnel-users [mailto:stunnel-users-boun...@stunnel.org] On Behalf Of kovacs janos Sent: Saturday, December 29, 2018 7:37 PM To: Javier <jamilist....@gmx.es> Cc: stunnel-users@stunnel.org Subject: Re: [stunnel-users] older browsers, stunnel and privoxy it still doesnt seem to work. i tried it with deviantart.com again. configuration: client = yes accept = 127.0.0.1:80 connect = 52.85.220.247:443 verifyChain = yes CAfile = ca-certs.pem checkHost = *.deviantart.com the name after checkHost is the "Common Name" displayed when viewing the site's certificate in a browser(lock icon, view certificate). i also saved the certificate in case i would need to try the "certificate pinning" method. the connect IP is what 'get-site-ip.com' says the IP of the website is. these are the logs: Service [fbsd-www] accepted connection from 127.0.0.1:4121 s_connect: connected 52.85.220.247:443 Service [fbsd-www] connected remote server from 192.168.0.3:4122 SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket i know i pestered everyone long enough, but i still havent been able to connect to anything. without any verification its the same On 12/21/18, Javier <jamilist....@gmx.es> wrote: > On Fri, 21 Dec 2018 13:58:35 +0200 > Peter Pentchev <r...@ringlet.net> wrote: > >> Hm, there's no reason why stunnel would not work like that for a >> predetermined set of hosts with known addresses. > > Hi, > > I'm just trying to avoid encouraging him on keep with his first idea > of browsing through Stunnel, with, or without privoxy. > > Of course one site, one connection would work, if we forget about > secondary issues and..., nevermind... > > I give up :D > > Regards. > > > _______________________________________________ > stunnel-users mailing list > stunnel-users@stunnel.org > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
