<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:black;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-ZA link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Please Post your stunnel configs.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Makes life easier.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Craig<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Dan Vespa [mailto:dan@sideshow.sytes.net] <br>
<b>Sent:</b> 19 November 2007 03:35 PM<br>
<b>To:</b> Craig<br>
<b>Subject:</b> RE: [stunnel-users] Stunnel and Outlook Web Access Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div id=idOWAReplyText80884>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Craig,</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I
set the debug level higher and this is what my log outputs....</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>2007.11.19 08:25:54 LOG7[1596:2656]: RAND_status claims
sufficient entropy for the PRNG<br>
2007.11.19 08:25:54 LOG7[1596:2656]: PRNG seeded successfully<br>
2007.11.19 08:25:54 LOG7[1596:2656]: SSL context initialized for service https<br>
2007.11.19 08:25:54 LOG5[1596:2656]: stunnel 4.21 on x86-pc-mingw32-gnu with
OpenSSL 0.9.8g 19 Oct 2007<br>
2007.11.19 08:25:54 LOG5[1596:2656]: Threading:WIN32 SSL:ENGINE
Sockets:SELECT,IPv6<br>
2007.11.19 08:25:54 LOG5[1596:3012]: No limit detected for the number of
clients<br>
2007.11.19 08:25:54 LOG7[1596:3012]: FD 188 in non-blocking mode<br>
2007.11.19 08:25:54 LOG7[1596:3012]: SO_REUSEADDR option set on accept socket<br>
2007.11.19 08:25:54 LOG7[1596:3012]: https bound to 0.0.0.0:443<br>
2007.11.19 08:26:32 LOG7[1596:3012]: https accepted FD=236 from 127.0.0.1:1409<br>
2007.11.19 08:26:32 LOG7[1596:3012]: Creating a new thread<br>
2007.11.19 08:26:32 LOG7[1596:3012]: New thread created<br>
2007.11.19 08:26:32 LOG7[1596:2576]: https started<br>
2007.11.19 08:26:32 LOG7[1596:2576]: FD 236 in non-blocking mode<br>
2007.11.19 08:26:32 LOG7[1596:2576]: TCP_NODELAY option set on local socket<br>
2007.11.19 08:26:32 LOG5[1596:2576]: https accepted connection from
127.0.0.1:1409<br>
2007.11.19 08:26:32 LOG7[1596:2576]: FD 260 in non-blocking mode<br>
2007.11.19 08:26:32 LOG7[1596:2576]: https connecting 192.168.0.5:443<br>
2007.11.19 08:26:32 LOG7[1596:2576]: connect_wait: waiting 10 seconds<br>
2007.11.19 08:26:32 LOG7[1596:2576]: connect_wait: connected<br>
2007.11.19 08:26:32 LOG5[1596:2576]: https connected remote server from
192.168.0.24:1410<br>
2007.11.19 08:26:32 LOG7[1596:2576]: Remote FD=260 initialized<br>
2007.11.19 08:26:32 LOG7[1596:2576]: TCP_NODELAY option set on remote socket<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): before/connect
initialization<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write client
hello A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read server
hello A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read server
certificate A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read server
done A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write client
key exchange A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write change
cipher spec A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write finished
A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 flush data<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read finished A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 1 items in the session
cache<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 1 client connects
(SSL_connect())<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 1 client connects that
finished<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 client renegotiations
requested<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 server connects
(SSL_accept())<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 server connects that
finished<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 server renegotiations
requested<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 session cache hits<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 session cache misses<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 session cache timeouts<br>
2007.11.19 08:26:32 LOG6[1596:2576]: SSL connected: new session negotiated<br>
2007.11.19 08:26:32 LOG6[1596:2576]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=MD5 <br>
2007.11.19 08:26:53 LOG7[1596:3012]: https accepted FD=288 from 127.0.0.1:1411<br>
2007.11.19 08:26:53 LOG7[1596:3012]: Creating a new thread<br>
2007.11.19 08:26:53 LOG7[1596:3012]: New thread created<br>
2007.11.19 08:26:53 LOG7[1596:1060]: https started<br>
2007.11.19 08:26:53 LOG7[1596:1060]: FD 288 in non-blocking mode<br>
2007.11.19 08:26:53 LOG7[1596:1060]: TCP_NODELAY option set on local socket<br>
2007.11.19 08:26:53 LOG5[1596:1060]: https accepted connection from
127.0.0.1:1411<br>
2007.11.19 08:26:53 LOG7[1596:1060]: FD 312 in non-blocking mode<br>
2007.11.19 08:26:53 LOG7[1596:1060]: https connecting 192.168.0.5:443<br>
2007.11.19 08:26:53 LOG7[1596:1060]: connect_wait: waiting 10 seconds<br>
2007.11.19 08:26:53 LOG7[1596:1060]: connect_wait: connected<br>
2007.11.19 08:26:53 LOG5[1596:1060]: https connected remote server from
192.168.0.24:1412<br>
2007.11.19 08:26:53 LOG7[1596:1060]: Remote FD=312 initialized<br>
2007.11.19 08:26:53 LOG7[1596:1060]: TCP_NODELAY option set on remote socket<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): before/connect
initialization<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 write client
hello A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 read server
hello A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 read finished A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 write change
cipher spec A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 write finished
A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 flush data<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 1 items in the session
cache<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 2 client connects
(SSL_connect())<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 2 client connects that
finished<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 client renegotiations
requested<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 server connects
(SSL_accept())<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 server connects that
finished<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 server renegotiations
requested<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 1 session cache hits<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 session cache misses<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 session cache timeouts<br>
2007.11.19 08:26:53 LOG6[1596:1060]: SSL connected: previous session reused<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL socket closed on SSL_read<br>
2007.11.19 08:26:53 LOG7[1596:1060]: Socket write shutdown<br>
2007.11.19 08:26:53 LOG5[1596:1060]: Connection closed: 70 bytes sent to SSL,
164 bytes sent to socket<br>
2007.11.19 08:26:53 LOG7[1596:1060]: https finished (1 left)<br>
2007.11.19 08:27:53 LOG3[1596:2576]: readsocket: Connection reset by peer
(WSAECONNRESET) (10054)<br>
2007.11.19 08:27:53 LOG5[1596:2576]: Connection reset: 1102 bytes sent to SSL,
1241 bytes sent to socket<br>
2007.11.19 08:27:53 LOG7[1596:2576]: https finished (0 left)<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Does
this make any sense to you????</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Dan</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=3 width="100%" align=center>
</div>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Craig<br>
<b>Sent:</b> Mon 19/11/2007 1:34 AM<br>
<b>To:</b> stunnel-users@mirt.net<br>
<b>Subject:</b> Re: [stunnel-users] Stunnel and Outlook Web Access Problems</span><o:p></o:p></p>
</div>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>OWA rewrites the URL when you log in and I have found that it
causes problems when doing that with a Stunnel connection.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What I think might be happening is that your initial connection
says <a href="http://server.tld/" target="_blank">http://server.tld/</a> then
when you log in OWA rewrites the URL to <a href="https://server.tld/"
target="_blank">https://server.tld/</a> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What I think is happening is that your stunnel is listening on
port 80 and when you log in, OWA changes the listening port in the browser to
port 443.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Try running the listening server (stunnel server) to listen on
port 443 instead of port 80 and see if that fixes the problem.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Craig <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> stunnel-users-bounces@mirt.net
[mailto:stunnel-users-bounces@mirt.net] <b>On Behalf Of </b>Dan Vespa<br>
<b>Sent:</b> 17 November 2007 07:21 PM<br>
<b>To:</b> stunnel-users@mirt.net<br>
<b>Subject:</b> [stunnel-users] Stunnel and Outlook Web Access Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<div>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>I am trying to use the latest version of stunnel to connect
to OWA. I set stunnel to listen on port 80 (localhost) and then connect to
myserverip on port 443. I get the login screen but can go no further
after I Enter my credentials and Click OK. Checking the stunnel log screen it
shows that a connect has been made? I don't understand why It won't connect any
further?? OWA is on Exchange Server 2003 and I am using Windows XP SP2. I have
also updated to Open SSL latest version.</span><span lang=EN-US
style='color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'> <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Thanks in Advance.</span><span lang=EN-US style='color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'> <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Dan</span><span lang=EN-US style='color:black'><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>