<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:756247635;
mso-list-type:hybrid;
mso-list-template-ids:1359493502 -1169624564 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:2008;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Hi,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I’m running Hybrid-7.2 on two PCs, one of which has a dynamic
IP, as Hybrid wants a static IP and not hostname in its connect section, we are
trying to use stunnel to encrypt server<->server communication.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Server 1 specs (To which I’m connecting) running
FreeBSD 6.3:<o:p></o:p></p>
<p class=MsoNormal>***********************************************<o:p></o:p></p>
<p class=MsoNormal>#stunnel -version<o:p></o:p></p>
<p class=MsoNormal>stunnel 4.05 on amd64-unknown-freebsd5.3 PTHREAD+LIBWRAP
with OpenSSL 0.9.7e 25 Oct 2004<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Global options<o:p></o:p></p>
<p class=MsoNormal>cert
= /usr/local/etc/stunnel/stunnel.pem<o:p></o:p></p>
<p class=MsoNormal>ciphers =
ALL:!ADH:+RC4:@STRENGTH<o:p></o:p></p>
<p class=MsoNormal>debug
= 5<o:p></o:p></p>
<p class=MsoNormal>key
= /usr/local/etc/stunnel/stunnel.pem<o:p></o:p></p>
<p class=MsoNormal>pid
= /var/tmp/stunnel.pid<o:p></o:p></p>
<p class=MsoNormal>RNDbytes = 64<o:p></o:p></p>
<p class=MsoNormal>RNDfile =
/dev/urandom<o:p></o:p></p>
<p class=MsoNormal>RNDoverwrite = yes<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#gcc –v<o:p></o:p></p>
<p class=MsoNormal>Using built-in specs.<o:p></o:p></p>
<p class=MsoNormal>Configured with: FreeBSD/amd64 system compiler<o:p></o:p></p>
<p class=MsoNormal>Thread model: posix<o:p></o:p></p>
<p class=MsoNormal>gcc version 3.4.6 [FreeBSD] 20060305<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#uname <o:p></o:p></p>
<p class=MsoNormal>FreeBSD 6.3-STABLE FreeBSD 6.3-STABLE #6: Tue Jan 22
13:23:51 GMT 2008<o:p></o:p></p>
<p class=MsoNormal>root@:/usr/obj/usr/src/sys/SVR1 amd64<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Server 2 specs (From which I’m connecting via stunnel
as a client) running OpenBSD 4.2:<o:p></o:p></p>
<p class=MsoNormal>******************************************************************<o:p></o:p></p>
<p class=MsoNormal>#stunnel -version<o:p></o:p></p>
<p class=MsoNormal>stunnel 4.20 on i386-unknown-openbsd4.2 with OpenSSL 0.9.7j
04 May 2006<o:p></o:p></p>
<p class=MsoNormal>Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Global options<o:p></o:p></p>
<p class=MsoNormal>debug
= 5<o:p></o:p></p>
<p class=MsoNormal>pid
= /usr/local/var/run/stunnel/stunnel.pid<o:p></o:p></p>
<p class=MsoNormal>RNDbytes = 64<o:p></o:p></p>
<p class=MsoNormal>RNDfile =
/dev/arandom<o:p></o:p></p>
<p class=MsoNormal>RNDoverwrite = yes<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Service-level options<o:p></o:p></p>
<p class=MsoNormal>cert
= /etc/stunnel/stunnel.pem<o:p></o:p></p>
<p class=MsoNormal>ciphers =
ALL:!ADH:+RC4:@STRENGTH<o:p></o:p></p>
<p class=MsoNormal>key
= /etc/stunnel/stunnel.pem<o:p></o:p></p>
<p class=MsoNormal>session =
300 seconds<o:p></o:p></p>
<p class=MsoNormal>sslVersion = SSLv3 for client,
all for server<o:p></o:p></p>
<p class=MsoNormal>TIMEOUTbusy = 300 seconds<o:p></o:p></p>
<p class=MsoNormal>TIMEOUTclose = 60 seconds<o:p></o:p></p>
<p class=MsoNormal>TIMEOUTconnect = 10 seconds<o:p></o:p></p>
<p class=MsoNormal>TIMEOUTidle = 43200 seconds<o:p></o:p></p>
<p class=MsoNormal>verify
= none<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># gcc -v<o:p></o:p></p>
<p class=MsoNormal>Reading specs from
/usr/lib/gcc-lib/i386-unknown-openbsd4.2/3.3.5/specs<o:p></o:p></p>
<p class=MsoNormal>Configured with:<o:p></o:p></p>
<p class=MsoNormal>Thread model: single<o:p></o:p></p>
<p class=MsoNormal>gcc version 3.3.5 (propolice)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># cat stunnel.conf:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>cert = /etc/ssl/private/stunnel.pem<o:p></o:p></p>
<p class=MsoNormal>key = /etc/ssl/private/rsa.key<o:p></o:p></p>
<p class=MsoNormal>setuid = _stunnel<o:p></o:p></p>
<p class=MsoNormal>setgid = _stunnel<o:p></o:p></p>
<p class=MsoNormal>pid = /var/run/stunnel.pid<o:p></o:p></p>
<p class=MsoNormal>socket = l:TCP_NODELAY=1<o:p></o:p></p>
<p class=MsoNormal>socket = r:TCP_NODELAY=1<o:p></o:p></p>
<p class=MsoNormal>debug = 7<o:p></o:p></p>
<p class=MsoNormal>foreground = yes<o:p></o:p></p>
<p class=MsoNormal>[irc]<o:p></o:p></p>
<p class=MsoNormal>client = yes<o:p></o:p></p>
<p class=MsoNormal>accept = localhost:994<o:p></o:p></p>
<p class=MsoNormal>connect = xxx.xxx.xxx.xxx:994<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Here’s the debug logged to stderr:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># stunnel<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: Snagged 64
random bytes from /dev/arandom<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: RAND_status
claims sufficient entropy for the PRNG<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: PRNG seeded
successfully<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: Certificate:
/etc/ssl/private/stunnel.pem<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: Certificate
loaded<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: Key file:
/etc/ssl/private/rsa.key<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: Private key
loaded<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: SSL context
initialized for service irc<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG5[11904:2237644800]: stunnel 4.20 on
i386-unknown-openbsd4.2 with OpenSSL 0.9.7j 04 May 2006<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG5[11904:2237644800]:
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG6[11904:2237644800]: file ulimit =
128 (can be changed with 'ulimit -n')<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG6[11904:2237644800]: poll() used - no
FD_SETSIZE limit for file descriptors<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG5[11904:2237644800]: 61 clients
allowed<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: FD 6 in
non-blocking mode<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: FD 7 in
non-blocking mode<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: FD 8 in
non-blocking mode<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: SO_REUSEADDR
option set on accept socket<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: irc bound to
127.0.0.1:994<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:34:54 LOG7[11904:2237644800]: Created pid file
/var/run/stunnel.pid<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2237644800]: irc accepted
FD=9 from 127.0.0.1:8579<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: irc started<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: FD 9 in
non-blocking mode<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: TCP_NODELAY
option set on local socket<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: FD 10 in
non-blocking mode<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: FD 11 in
non-blocking mode<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: Connection from
127.0.0.1:8579 permitted by libwrap<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG5[11904:2336256000]: irc accepted
connection from 127.0.0.1:8579<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: FD 10 in
non-blocking mode<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: irc connecting
69.50.175.50:994<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: connect_wait:
waiting 10 seconds<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2237644800]: Cleaning up the
signal pipe<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG6[11904:2237644800]: Child process
26562 finished with code 0<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: connect_wait:
connected<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG5[11904:2336256000]: irc connected
remote server from 192.168.1.101:42954<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: Remote FD=10
initialized<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: TCP_NODELAY
option set on remote socket<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): before/connect initialization<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 write client hello A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 read server hello A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 read server certificate A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 read server done A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 write client key exchange A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 write change cipher spec A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 write finished A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 flush data<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: SSL state
(connect): SSLv3 read finished A<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 1 items in the session cache<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 1 client connects (SSL_connect())<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 1 client connects that finished<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 0 client renegotiations requested<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 0 server connects (SSL_accept())<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 0 server connects that finished<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 0 server renegotiations requested<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 0 session cache hits<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: 0
session cache misses<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15
LOG7[11904:2336256000]: 0 session cache timeouts<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG6[11904:2336256000]: SSL connected:
new session negotiated<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG6[11904:2336256000]: Negotiated
ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG3[11904:2336256000]: SSL_read:
Connection reset by peer (54)<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG5[11904:2336256000]: Connection
reset: 0 bytes sent to SSL, 0 bytes sent to socket<o:p></o:p></p>
<p class=MsoNormal>2008.02.08 19:35:15 LOG7[11904:2336256000]: irc finished (0
left)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>What is going on here with “SSL_read: Connection reset
by peer (54)”?<o:p></o:p></p>
<p class=MsoNormal>This process keeps repeating itself without the ircd’s
linking.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>S<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>