Discussion:
[stunnel-users] Client-side SNI
(too old to reply)
Vincent Deschenes
2016-08-01 17:09:58 UTC
Permalink
Hi,

Anyone know if there is anything special to do to get ServerName sent when using stunnel in client mode to be able to connect to SNI enabled server?
Using latest version of stunnel and openssl.

Will stunnel use the name specified in the "connect=" config ?

Thanks,
Regards,

Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570
Vincent Deschenes
2016-08-01 17:19:17 UTC
Permalink
Do we have to specify the "protocol" option to have stunnel know how to handle the server name indication?

I remember I had to set it to smtp for an smtp connection.

This current case is for https.
I can not find the http/s option for protocol, should I use the "connect" option?

Thanks,

Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570

From: stunnel-users [mailto:stunnel-users-***@stunnel.org] On Behalf Of Vincent Deschenes
Sent: Monday, August 1, 2016 1:10 PM
To: stunnel-***@stunnel.org
Subject: [stunnel-users] Client-side SNI

Hi,

Anyone know if there is anything special to do to get ServerName sent when using stunnel in client mode to be able to connect to SNI enabled server?
Using latest version of stunnel and openssl.

Will stunnel use the name specified in the "connect=" config ?

Thanks,
Regards,

Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570
Vincent Deschenes
2016-08-01 20:28:42 UTC
Permalink
Problem solved, was not related to SNI, SNI works great with client side stunnel, no need to set the protocol option.

Our problem was that http host, since our clients app was using stunnel to reach a virtual host on an nginx to reverse proxy, we connected to stunnel using stunnel local IP instead of our server domain name. Nginx was not receiving the domain name and was serving the default host.

Solution was to add a record to the host file to point the server name to our local stunnel IP.


Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570



On Mon, Aug 1, 2016 at 1:19 PM -0400, "Vincent Deschenes" <***@stelvio.com<mailto:***@stelvio.com>> wrote:

Do we have to specify the "protocol" option to have stunnel know how to handle the server name indication?

I remember I had to set it to smtp for an smtp connection.

This current case is for https.
I can not find the http/s option for protocol, should I use the "connect" option?

Thanks,

Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570

From: stunnel-users [mailto:stunnel-users-***@stunnel.org] On Behalf Of Vincent Deschenes
Sent: Monday, August 1, 2016 1:10 PM
To: stunnel-***@stunnel.org
Subject: [stunnel-users] Client-side SNI

Hi,

Anyone know if there is anything special to do to get ServerName sent when using stunnel in client mode to be able to connect to SNI enabled server?
Using latest version of stunnel and openssl.

Will stunnel use the name specified in the "connect=" config ?

Thanks,
Regards,

Vincent Deschenes Ing. PMP
Director of Operations
Stelvio Inc.
(+1) 514-281-8570

Loading...