ssl upstream config?

[RunxiaWan]

Hi all,
I am trying to use Unbound’s SSL upstream. Cause I am new to Unbound here,
I doubt I might configure them wrong. Both sides use unbound1.5.7
The configuration of Resolver：

server:
	directory: "/etc/unbound"
	username: root
	# make sure unbound can access entropy from inside the chroot.
	# e.g. on linux the use these commands (on BSD, devfs(8) is used):
	#      mount --bind -n /dev/random /etc/unbound/dev/random
	# and  mount --bind -n /dev/log /etc/unbound/dev/log
	chroot: "/etc/unbound"
	# logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
	pidfile: "/etc/unbound/unbound.pid"
	# verbosity: 1      # uncomment and increase to get more logging.
	# listen on all interfaces, answer queries from the local subnet.
	interface: 0.0.0.0
	interface: ::0
	access-control: 10.0.0.0/8 allow
	
The configuration of Forwarder:

# unbound.conf(5) config file for unbound(8).
server:
	directory: "/etc/unbound"
	username: root
	# make sure unbound can access entropy from inside the chroot.
	# e.g. on linux the use these commands (on BSD, devfs(8) is used):
	#      mount --bind -n /dev/random /etc/unbound/dev/random
	# and  mount --bind -n /dev/log /etc/unbound/dev/log
	chroot: "/etc/unbound"
	# logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
	pidfile: "/etc/unbound/unbound.pid"
	# verbosity: 1      # uncomment and increase to get more logging.
	# listen on all interfaces, answer queries from the local subnet.
	interface: 0.0.0.0
	interface: ::0
	access-control: 10.0.0.0/8 allow
	tcp-upstream: yes
	ssl-upstream: yes
	ssl-port: 853
forward-zone:
 name: "."
 forward-addr: 10.4.1.2 at 853
server:
 ssl-upstream: yes
 tcp-upstream: yes
 do-daemonize: no
 logfile: ""
 verbosity: 10

Any help is welcome. Thanks.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20160125/4221bff1/attachment.htm>