suyashkumar / ssl-proxy

:lock: Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
MIT License
744 stars 87 forks source link

Use this as a proxy to old SSL/TLS server? #50

Open parkerlreed opened 1 year ago

parkerlreed commented 1 year ago

I have a Wyse thin client running a web management console on https 443

Nothing in the modern age will talk to it as it's using a very old SSL/TLS self-signed cert from 2011.

I tried using ssl-proxy to connect but still run into issues with the old ciphers not being accepted. Is there any way to do this?

(130)(deck@steamdeck Documents)$ ./ssl-proxy-linux-amd64 -from 127.0.0.1:4430 -to https://192.168.100.37:443
2023/06/16 19:27:37 No existing cert or key specified, generating some self-signed certs for use (cert.pem, key.pem)
2023/06/16 19:27:37 SHA256 Fingerprint: DE 64 E7 91 F8 AE 49 4C C9 5A 11 3E 78 5E 17 BD A4 F1 8F 30 CB 6E 8B AD 87 86 9A 87 F5 CC 14 8A
2023/06/16 19:27:37 Proxying calls from https://127.0.0.1:4430 (SSL/TLS) to https://192.168.100.37:443
2023/06/16 19:27:48 http: TLS handshake error from 127.0.0.1:44164: remote error: tls: unknown certificate
2023/06/16 19:27:50 http: TLS handshake error from 127.0.0.1:58938: remote error: tls: unknown certificate
2023/06/16 19:27:50 http: proxy error: tls: server selected unsupported protocol version 300
suyashkumar commented 1 year ago

Can you run the web management console without those self signed certs on a non-public localhost port and use ssl-proxy on the same machine to add SSL for incoming requests?

parkerlreed commented 1 year ago

The web console is contained to the unit on the local network.

It supports SSLv3 and TLS 1.0

I don't have a way of running it on the same machine. ssl-proxy is running on my laptop on the same network.