<div dir="ltr"><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">Hello all,</div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">
<br></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">I installed stunnel and freetds last August. I use a custom stunnel config file (see below). It runs very well for about 5 minutes, but then receives signal 15 from somewhere and terminates. </div>
<div class="gmail_default" style="font-family:'times new roman',serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">The box OS is CentOS release 6.5 (Final) and CPanel is running on it (I believe CPanel uses its own stunnel for its ssl). Below I have the info for the stunnel software that I installed.</div>
<div class="gmail_default" style="font-family:'times new roman',serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">Do you have any idea what process could be sending this termination signal to my stunnel, or if something else is happening? Thanks in advance for your help -- Jenna</div>
<div class="gmail_default" style="font-family:'times new roman',serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">stunnel info:</div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">
=============================================<br></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small"><div class="gmail_default">stunnel 4.56 on x86_64-unknown-linux-gnu platform</div>
<div class="gmail_default">Compiled/running with OpenSSL 1.0.0-fips 29 Mar 2010</div><div class="gmail_default">Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP</div><div class="gmail_default"> </div>
<div class="gmail_default">Global options:</div><div class="gmail_default">debug = daemon.notice</div><div class="gmail_default">pid = /usr/local/var/run/stunnel/stunnel.pid</div><div class="gmail_default">
RNDbytes = 64</div><div class="gmail_default">RNDfile = /dev/urandom</div><div class="gmail_default">RNDoverwrite = yes</div><div class="gmail_default"> </div><div class="gmail_default">
Service-level options:</div><div class="gmail_default">ciphers = FIPS (with "fips = yes")</div><div class="gmail_default">ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no")</div>
<div class="gmail_default">sessionCacheSize = 1000</div><div class="gmail_default">sessionCacheTimeout = 300 seconds</div><div class="gmail_default">sslVersion = TLSv1 (with "fips = yes")</div>
<div class="gmail_default">sslVersion = TLSv1 for client, all for server (with "fips = no")</div><div class="gmail_default">stack = 65536 bytes</div><div class="gmail_default">TIMEOUTbusy = 300 seconds</div>
<div class="gmail_default">TIMEOUTclose = 60 seconds</div><div class="gmail_default">TIMEOUTconnect = 10 seconds</div><div class="gmail_default">TIMEOUTidle = 43200 seconds</div><div class="gmail_default">
verify = none</div></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">
Config file:</div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">=============================================<br></div><div class="gmail_default" style><div class="gmail_default" style>
<font face="times new roman, serif">cert = /usr/local/etc/stunnel/certs/server.crt</font></div><div class="gmail_default" style><font face="times new roman, serif">key = /usr/local/etc/stunnel/certs/server.key</font></div>
<div class="gmail_default" style><font face="times new roman, serif">CAFile = /usr/local/etc/stunnel/certs/ca.crt</font></div><div class="gmail_default" style><font face="times new roman, serif">CAPath = /usr/local/etc/stunnel/certs</font></div>
<div class="gmail_default" style><font face="times new roman, serif"><br></font></div><div class="gmail_default" style><font face="times new roman, serif">pid = /usr/local/etc/stunnel/stunnel.pid</font></div><div class="gmail_default" style>
<font face="times new roman, serif">options = NO_SSLv2</font></div><div class="gmail_default" style><font face="times new roman, serif">debug = 7</font></div><div class="gmail_default" style><font face="times new roman, serif">output = /usr/local/etc/stunnel/stunnel.log</font></div>
<div class="gmail_default" style><font face="times new roman, serif">foreground = no</font></div><div class="gmail_default" style><font face="times new roman, serif">socket = r:TCP_NODELAY=1</font></div><div class="gmail_default" style>
<br></div><div class="gmail_default" style><font face="times new roman, serif">[njstunnel]</font></div><div class="gmail_default" style><font face="times new roman, serif">accept = njstunnel</font></div><div class="gmail_default" style>
<font face="times new roman, serif">connect = <a href="http://web.mycompanyname.net:61667">web.mycompanyname.net:61667</a></font></div><div class="gmail_default" style><br></div><div class="gmail_default" style><font face="times new roman, serif">retry = yes</font></div>
<div class="gmail_default" style><font face="times new roman, serif">client = yes </font></div><div class="gmail_default" style><font face="times new roman, serif">TIMEOUTconnect = 1 </font></div>
<div class="gmail_default" style><font face="times new roman, serif">verify = 2 </font></div><div class="gmail_default" style><font face="times new roman, serif">TIMEOUTbusy =1</font></div><div class="gmail_default" style>
<font face="times new roman, serif">TIMEOUTidle = 500</font></div><div class="gmail_default" style><font face="times new roman, serif"> </font></div><div class="gmail_default" style><font face="times new roman, serif"><br>
</font></div></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">Here is the output from start up to receiving the signal 15:</div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small">
=============================================<br></div><div class="gmail_default" style="font-family:'times new roman',serif;font-size:small"><div class="gmail_default">2014.08.13 15:47:01 LOG5[25039:140284139354048]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010</div>
<div class="gmail_default">2014.08.13 15:47:01 LOG5[25039:140284139354048]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP</div><div class="gmail_default">2014.08.13 15:47:01 LOG5[25039:140284139354048]: 500 clients allowed</div>
<div class="gmail_default">2014.08.13 15:50:03 LOG5[25045:140284139354048]: Received signal 15; terminating</div><div class="gmail_default">2014.08.13 15:51:02 LOG5[25347:140674811922368]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010</div>
<div class="gmail_default">2014.08.13 15:51:02 LOG5[25347:140674811922368]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP</div><div class="gmail_default">2014.08.13 15:51:02 LOG5[25347:140674811922368]: 500 clients allowed</div>
<div class="gmail_default">2014.08.13 15:51:44 LOG5[25355:140674811922368]: Received signal 15; terminating</div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Snagged 64 random bytes from /dev/urandom</div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: RAND_status claims sufficient entropy for the PRNG</div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: PRNG seeded successfully</div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Configuration SSL options: 0x01000000</div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: SSL options set: 0x01000004</div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Certificate: /usr/local/etc/stunnel/certs/server.crt</div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Certificate loaded </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Key file: /usr/local/etc/stunnel/certs/server.key </div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Private key loaded </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Loaded verify certificates from /usr/local/etc/stunnel/certs/ca.crt</div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Loaded /usr/local/etc/stunnel/certs/ca.crt revocation lookup file </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Verify directory set to /usr/local/etc/stunnel/certs </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: Added /usr/local/etc/stunnel/certs revocation lookup directory </div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: SSL context initialized for service njstunnel </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG5[25419:140090284656576]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010</div><div class="gmail_default">2014.08.13 15:51:46 LOG5[25419:140090284656576]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG6[25419:140090284656576]: file ulimit = 4096 (can be changed with 'ulimit -n') </div><div class="gmail_default">2014.08.13 15:51:46 LOG6[25419:140090284656576]: poll() used - no FD_SETSIZE limit for file descriptors </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG5[25419:140090284656576]: 2000 clients allowed </div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 10 in non-blocking mode </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 11 in non-blocking mode </div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: FD 12 in non-blocking mode </div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: SO_REUSEADDR option set on accept socket</div><div class="gmail_default">2014.08.13 15:51:46 LOG7[25419:140090284656576]: njstunnel bound to <a href="http://0.0.0.0:19770">0.0.0.0:19770</a></div>
<div class="gmail_default">2014.08.13 15:51:46 LOG7[25425:140090284656576]: Created pid file /usr/local/etc/stunnel/stunnel.pid</div><div class="gmail_default">2014.08.13 15:55:03 LOG5[25425:140090284656576]: Received signal 15; terminating</div>
<div class="gmail_default">2014.08.13 15:55:03 LOG7[25425:140090284656576]: removing pid file /usr/local/etc/stunnel/stunnel.pid</div></div><div><br></div>
</div>