[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

HTTP shimmed to HTTPS; was Re: stunnel as transparent proxy.



Jul 16 11:25:16 joule stunnel: LOG5[4]: Service [https] accepted connection from 127.0.0.1:36140

*	From: Reco recoverym4n@enotuniq.net
*	Date: Wed, 17 Jul 2019 11:01:32 +0300
> No, you're incorrect. A client application has connected to
> localhost:443 using source IP 127.0.0.1 and a destination port 36140.

OK, thanks.  Can you tell me how "36140" originates?  Not immediately 
obvious that this application produces it.  Also not listed here.
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

> stunnel(1) mentions helpfully that you're required to have  a certain
> netfilter setup (mainly involving DNAT in your case), ... 
> If you need to transform outbound HTTP requests to HTTPS to multiple
> hosts ...

Yes, I have a Web browser capable of HTTP and not HTTPS. The immediate 
objective is that the browser requests 
https://en.wikipedia.org/wiki/Network_socket , for example, the 
communication is TLS encrypted and issued to the original address.  
The returned packets should be decrypted.  Should work for any address 
of course but no address translation.  Shim might describe the action 
better than proxy.
                                                                                                                                                       
> you'll probably need squid/haproxy/nginx/whatever.

Never used any of these.  "/" means "or"?  Shorewall is working here.  
If that can apply TLS, good.  What is the simplest package that can 
provide this?

Thanks,              ... Peter E.
                               




-- 
https://en.wikibooks.org/wiki/Oberon
Tel: +1 604 670 0140            Bcc: peter at easthope. ca


Reply to: