stunnel software

Fabian Keil freebsd-listen at fabiankeil.de
Tue May 8 15:10:51 UTC 2007


"JT" <toruser at fastmail.fm> wrote:

> I just found an example of what I was asking:
> 
> http://www.stunnel.org/examples/https_client.html
> 
> Would it be technically possible to make privoxy SSL capable with
> stunnel, so that it can still filter browserbugs but also encrypt end to
> end ?

If you use stunnel as HTTP forwarder for
SSL connections, Privoxy will always see HTTP
traffic which it can then filter.

The configuration is pretty straight forward
and by following the documentation you shouldn't
have any problems setting it up.

There are several disadvantages though:

- you have to configure both Privoxy and
  stunnel in advance for every host you
  plan to connect to.

- you have to somehow convince stunnel to
  connect through Tor, either by running Tor as
  intercepting proxy (you'll also need something
  like dns-proxy-tor) or by using a socks4a
  patch that you can find somewhere on the
  stunnel web site (I never used it).

- the encryption ends with stunnel, so your browser
  can no longer tell if the connection is secure or
  not. As a result you probably can't tell either.

There may be more, but I don't remember them right now.

There is at least one Privoxy support request about
this as well, you might want to try digging it up
for additional information.


I only use SSL for sites I trust enough to give them
privacy-sensitive information anyway and after I did
that, user tracking is the least of my worries.

As a result I don't think adding stunnel to the proxy
chain is worth the effort and I also think the lost
transparency (how secure the connection is) comes pretty
close to being a show stopper. Your mileage may vary of course.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070508/959816ee/attachment.pgp>


More information about the tor-talk mailing list