HTTP shimmed to HTTPS; was Re: stunnel as transparent proxy.
Jul 16 11:25:16 joule stunnel: LOG5[4]: Service [https] accepted connection from 127.0.0.1:36140
* From: Reco recoverym4n@enotuniq.net
* Date: Wed, 17 Jul 2019 11:01:32 +0300
> No, you're incorrect. A client application has connected to
> localhost:443 using source IP 127.0.0.1 and a destination port 36140.
OK, thanks. Can you tell me how "36140" originates? Not immediately
obvious that this application produces it. Also not listed here.
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
> stunnel(1) mentions helpfully that you're required to have a certain
> netfilter setup (mainly involving DNAT in your case), ...
> If you need to transform outbound HTTP requests to HTTPS to multiple
> hosts ...
Yes, I have a Web browser capable of HTTP and not HTTPS. The immediate
objective is that the browser requests
https://en.wikipedia.org/wiki/Network_socket , for example, the
communication is TLS encrypted and issued to the original address.
The returned packets should be decrypted. Should work for any address
of course but no address translation. Shim might describe the action
better than proxy.
> you'll probably need squid/haproxy/nginx/whatever.
Never used any of these. "/" means "or"? Shorewall is working here.
If that can apply TLS, good. What is the simplest package that can
provide this?
Thanks, ... Peter E.
--
https://en.wikibooks.org/wiki/Oberon
Tel: +1 604 670 0140 Bcc: peter at easthope. ca
Reply to: