<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:black;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-ZA link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I see that you have client = yes in the config file.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>When </span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>client = yes is set outside the service block, it becomes a
global setting that tells all the services that it should tunnel that they are
clients and not servers.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If you specify the client = yes within a service eg. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>[pop3s]<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>client = yes<br>
accept = 995<br>
connect = 110<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>then stunnel knows that the specified service alone is a client.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>What I recommend is that you disable the client = yes in the global
area and change you config file to something like this:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>I have removed the comments to shorten the config for
explanation:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>socket = l:TCP_NODELAY=1<br>
socket = r:TCP_NODELAY=1</span><span style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>CRLpath = crls<br>
CRLfile = certnew.pem</span><span style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>debug = 7<br>
output = stunnel.log</span><span style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>;client = yes</span><span style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>[https]<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>accept = 443<br>
connect = 192.168.0.5:443<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>TIMEOUTclose = 0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Try using this as</span><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> your config and see if it
works or not.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Craig<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Dan Vespa [mailto:dan@sideshow.sytes.net] <br>
<b>Sent:</b> 19 November 2007 05:07 PM<br>
<b>To:</b> Craig Retief<br>
<b>Subject:</b> RE: [stunnel-users] Stunnel and Outlook Web Access Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div id=idOWAReplyText65667>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Craig,</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Here
it is....</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Sample stunnel configuration file by Michal Trojnara 2002-2006<br>
; Some options used here may not be adequate for your particular configuration</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Certificate/key is needed in server mode and optional in client
mode<br>
; The default certificate is provided only for testing and should not<br>
; be used in a production environment<br>
;cert = stunnel.pem<br>
;key = stunnel.pem</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Some performance tunings<br>
socket = l:TCP_NODELAY=1<br>
socket = r:TCP_NODELAY=1</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Workaround for Eudora bug<br>
;options = DONT_INSERT_EMPTY_FRAGMENTS</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Authentication stuff<br>
;verify = 2<br>
; Don't forget to c_rehash CApath<br>
;CApath = crls<br>
; It's often easier to use CAfile<br>
;CAfile = certnew.pem<br>
; Don't forget to c_rehash CRLpath<br>
CRLpath = crls<br>
; Alternatively you can use CRLfile<br>
CRLfile = certnew.pem</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Some debugging stuff useful for troubleshooting<br>
debug = 7<br>
output = stunnel.log</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Use it for client mode<br>
client = yes</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; Service-level configuration</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'><br>
;[pop3s]<br>
;accept = 995<br>
;connect = 110<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>;[imaps]<br>
;accept = 993<br>
;connect = 143<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>;[ssmtp]<br>
;accept = 465<br>
;connect = 25<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>[https]<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>accept = 443<br>
connect = 192.168.0.5:443<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>TIMEOUTclose = 0<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>; vim:ft=dosini</span><o:p></o:p></p>
</div>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=3 width="100%" align=center>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Craig Retief<br>
<b>Sent:</b> Mon 19/11/2007 9:54 AM<br>
<b>To:</b> 'Dan Vespa'<br>
<b>Cc:</b> stunnel-users@mirt.net<br>
<b>Subject:</b> RE: [stunnel-users] Stunnel and Outlook Web Access Problems</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Please Post your stunnel configs.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Makes life easier.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Craig<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Dan Vespa [mailto:dan@sideshow.sytes.net] <br>
<b>Sent:</b> 19 November 2007 03:35 PM<br>
<b>To:</b> Craig<br>
<b>Subject:</b> RE: [stunnel-users] Stunnel and Outlook Web Access Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div id=idOWAReplyText80884>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Craig,</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I
set the debug level higher and this is what my log outputs....</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>2007.11.19 08:25:54 LOG7[1596:2656]: RAND_status claims
sufficient entropy for the PRNG<br>
2007.11.19 08:25:54 LOG7[1596:2656]: PRNG seeded successfully<br>
2007.11.19 08:25:54 LOG7[1596:2656]: SSL context initialized for service https<br>
2007.11.19 08:25:54 LOG5[1596:2656]: stunnel 4.21 on x86-pc-mingw32-gnu with
OpenSSL 0.9.8g 19 Oct 2007<br>
2007.11.19 08:25:54 LOG5[1596:2656]: Threading:WIN32 SSL:ENGINE
Sockets:SELECT,IPv6<br>
2007.11.19 08:25:54 LOG5[1596:3012]: No limit detected for the number of
clients<br>
2007.11.19 08:25:54 LOG7[1596:3012]: FD 188 in non-blocking mode<br>
2007.11.19 08:25:54 LOG7[1596:3012]: SO_REUSEADDR option set on accept socket<br>
2007.11.19 08:25:54 LOG7[1596:3012]: https bound to 0.0.0.0:443<br>
2007.11.19 08:26:32 LOG7[1596:3012]: https accepted FD=236 from 127.0.0.1:1409<br>
2007.11.19 08:26:32 LOG7[1596:3012]: Creating a new thread<br>
2007.11.19 08:26:32 LOG7[1596:3012]: New thread created<br>
2007.11.19 08:26:32 LOG7[1596:2576]: https started<br>
2007.11.19 08:26:32 LOG7[1596:2576]: FD 236 in non-blocking mode<br>
2007.11.19 08:26:32 LOG7[1596:2576]: TCP_NODELAY option set on local socket<br>
2007.11.19 08:26:32 LOG5[1596:2576]: https accepted connection from
127.0.0.1:1409<br>
2007.11.19 08:26:32 LOG7[1596:2576]: FD 260 in non-blocking mode<br>
2007.11.19 08:26:32 LOG7[1596:2576]: https connecting 192.168.0.5:443<br>
2007.11.19 08:26:32 LOG7[1596:2576]: connect_wait: waiting 10 seconds<br>
2007.11.19 08:26:32 LOG7[1596:2576]: connect_wait: connected<br>
2007.11.19 08:26:32 LOG5[1596:2576]: https connected remote server from
192.168.0.24:1410<br>
2007.11.19 08:26:32 LOG7[1596:2576]: Remote FD=260 initialized<br>
2007.11.19 08:26:32 LOG7[1596:2576]: TCP_NODELAY option set on remote socket<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): before/connect
initialization<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write client
hello A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read server
hello A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read server
certificate A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read server
done A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write client
key exchange A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write change
cipher spec A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 write finished
A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 flush data<br>
2007.11.19 08:26:32 LOG7[1596:2576]: SSL state (connect): SSLv3 read finished A<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 1 items in the session
cache<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 1 client connects
(SSL_connect())<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 1 client connects that
finished<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 client renegotiations
requested<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 server connects
(SSL_accept())<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 server connects that
finished<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 server renegotiations
requested<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 session cache hits<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 session cache misses<br>
2007.11.19 08:26:32 LOG7[1596:2576]: 0 session cache timeouts<br>
2007.11.19 08:26:32 LOG6[1596:2576]: SSL connected: new session negotiated<br>
2007.11.19 08:26:32 LOG6[1596:2576]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=MD5 <br>
2007.11.19 08:26:53 LOG7[1596:3012]: https accepted FD=288 from 127.0.0.1:1411<br>
2007.11.19 08:26:53 LOG7[1596:3012]: Creating a new thread<br>
2007.11.19 08:26:53 LOG7[1596:3012]: New thread created<br>
2007.11.19 08:26:53 LOG7[1596:1060]: https started<br>
2007.11.19 08:26:53 LOG7[1596:1060]: FD 288 in non-blocking mode<br>
2007.11.19 08:26:53 LOG7[1596:1060]: TCP_NODELAY option set on local socket<br>
2007.11.19 08:26:53 LOG5[1596:1060]: https accepted connection from
127.0.0.1:1411<br>
2007.11.19 08:26:53 LOG7[1596:1060]: FD 312 in non-blocking mode<br>
2007.11.19 08:26:53 LOG7[1596:1060]: https connecting 192.168.0.5:443<br>
2007.11.19 08:26:53 LOG7[1596:1060]: connect_wait: waiting 10 seconds<br>
2007.11.19 08:26:53 LOG7[1596:1060]: connect_wait: connected<br>
2007.11.19 08:26:53 LOG5[1596:1060]: https connected remote server from
192.168.0.24:1412<br>
2007.11.19 08:26:53 LOG7[1596:1060]: Remote FD=312 initialized<br>
2007.11.19 08:26:53 LOG7[1596:1060]: TCP_NODELAY option set on remote socket<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): before/connect
initialization<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 write client
hello A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 read server hello
A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 read finished A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 write change
cipher spec A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 write finished
A<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL state (connect): SSLv3 flush data<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 1 items in the session
cache<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 2 client connects
(SSL_connect())<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 2 client connects that
finished<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 client renegotiations
requested<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 server connects
(SSL_accept())<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 server connects that
finished<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 server renegotiations
requested<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 1 session cache hits<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 session cache misses<br>
2007.11.19 08:26:53 LOG7[1596:1060]: 0 session cache timeouts<br>
2007.11.19 08:26:53 LOG6[1596:1060]: SSL connected: previous session reused<br>
2007.11.19 08:26:53 LOG7[1596:1060]: SSL socket closed on SSL_read<br>
2007.11.19 08:26:53 LOG7[1596:1060]: Socket write shutdown<br>
2007.11.19 08:26:53 LOG5[1596:1060]: Connection closed: 70 bytes sent to SSL,
164 bytes sent to socket<br>
2007.11.19 08:26:53 LOG7[1596:1060]: https finished (1 left)<br>
2007.11.19 08:27:53 LOG3[1596:2576]: readsocket: Connection reset by peer
(WSAECONNRESET) (10054)<br>
2007.11.19 08:27:53 LOG5[1596:2576]: Connection reset: 1102 bytes sent to SSL,
1241 bytes sent to socket<br>
2007.11.19 08:27:53 LOG7[1596:2576]: https finished (0 left)<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Does
this make any sense to you????</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Dan</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=3 width="100%" align=center>
</div>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Craig<br>
<b>Sent:</b> Mon 19/11/2007 1:34 AM<br>
<b>To:</b> stunnel-users@mirt.net<br>
<b>Subject:</b> Re: [stunnel-users] Stunnel and Outlook Web Access Problems</span><o:p></o:p></p>
</div>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>OWA rewrites the URL when you log in and I have found that it
causes problems when doing that with a Stunnel connection.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What I think might be happening is that your initial connection
says <a href="http://server.tld/" target="_blank">http://server.tld/</a> then
when you log in OWA rewrites the URL to <a href="https://server.tld/"
target="_blank">https://server.tld/</a> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What I think is happening is that your stunnel is listening on
port 80 and when you log in, OWA changes the listening port in the browser to
port 443.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Try running the listening server (stunnel server) to listen on
port 443 instead of port 80 and see if that fixes the problem.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Craig <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> stunnel-users-bounces@mirt.net
[mailto:stunnel-users-bounces@mirt.net] <b>On Behalf Of </b>Dan Vespa<br>
<b>Sent:</b> 17 November 2007 07:21 PM<br>
<b>To:</b> stunnel-users@mirt.net<br>
<b>Subject:</b> [stunnel-users] Stunnel and Outlook Web Access Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<div>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>I am trying to use the latest version of stunnel to connect
to OWA. I set stunnel to listen on port 80 (localhost) and then connect to
myserverip on port 443. I get the login screen but can go no further
after I Enter my credentials and Click OK. Checking the stunnel log screen it
shows that a connect has been made? I don't understand why It won't connect any
further?? OWA is on Exchange Server 2003 and I am using Windows XP SP2. I have
also updated to Open SSL latest version.</span><span lang=EN-US
style='color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'> <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Thanks in Advance.</span><span lang=EN-US style='color:black'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:black'> <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Dan</span><span lang=EN-US style='color:black'><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>