All,
I am looking to provide automatic encryption between my browser and my
proxy server. I searched Google for pages providing a detailed
solution. I found a couple of solutions: moving to version 3 or using
Stunnel/SSLProxy. I would prefer not to use version 3 as it is a
developmental. So I placed Stunnel on the proxy server with the
following configuration:
# Sample stunnel configuration file
# Copyright by Michal Trojnara 2002
# Comment it out on Win32
cert = /etc/stunnel/stunnel.pem
#chroot = /usr/var/run/stunnel/
# PID is created inside chroot jail
#pid = /stunnel.pid
setuid = root
setgid = root
# Workaround for Eudora bug
#options = DONT_INSERT_EMPTY_FRAGMENTS
# Authentication stuff
verify = default
# don't forget about c_rehash CApath
# it is located inside chroot jail:
#CApath = /certs
# or simply use CAfile instead:
#CAfile = /usr/etc/stunnel/certs.pem
# Some debugging stuff
debug = 7
output = stunnel.log
# Use it for client mode
#client = yes
# Service-level configuration
[sproxy]
accept = 3127
connect = 3128
Stunnel starts fine as does Squid. However when I attempt to connect I
receive an alert message stating "Document contains no data". The
following error message appears in stunnel.log:
2003.09.25 14:39:53 LOG3[2256:1084423472]: SSL_accept: 1407609C:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Any suggestions, help or points in the right direction would be greatly
appreciated. Please note I am not necessarily attached to using
Stunnel, but would prefer to avoid using Squid 3 if at all possible. I
can provide my squid.conf if necessary.
Thanks
Pat
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:02 MST