<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>There are other tools for performing port forwarding with less
overhead (I believe tappipe is one), although I make use stunnel
to do this extensively.<br>
</p>
<p>In order forward a secure connection from one port to another is
a two step process with stunnel:</p>
<p>A sample configuration segment would be:</p>
<p>[SFDC reverse in]</p>
<p>client = no</p>
<p>accept = 8008<br>
</p>
connect = localhost:48008<br>
<br>
<br>
[SFDC reverse out]<br>
client = yes<br>
accept = localhost:48008<br>
connect = localhost:8009<br>
<br>
<div class="moz-cite-prefix">On 11/23/2016 10:18 AM, Rodney Lott
wrote:<br>
</div>
<blockquote cite="mid:5835B2F6.8050707@evertz.com" type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Hi, there.<br>
<br>
I'm no stunnel expert, but here's my $0.05 (we have no pennies in
Canada anymore ;-) ):<br>
- I would try including the key as well as the cert in your
stunnel config<br>
- I would enable debug on the openssl s_client call to see if it
will indicate why it is reseting. Same with your SFDC client to
get more info.<br>
- Question: is the "WARNING: can't open config file" message below
indicative of a permissions or path problem?
<br>
- Question: Is the stunnel cert and key compatible with the TIBCO
server's certificate? They need to be using certs generated from
the same key source, don't they?
<br>
- You might want to fix the SSL version in the stunnel config file
(i.e. sslVersion = TLSv1.2)<br>
<br>
Good luck with your debugging. <br>
<br>
Rodney<br>
<br>
<div class="moz-cite-prefix">On 2016-11-22 07:43 PM, <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:jothish.chokkalingam@accenture.com">
jothish.chokkalingam@accenture.com</a> wrote:<br>
</div>
<blockquote
cite="mid:1557ba95699648f0a9017afc27ec45f9@BY2PR42MB056.048d.mgd.msft.net"
type="cite">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">HI all,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-indent:.5in">There is a
problem we have currently connecting tibco client to SFDC
sever via TLS v1.2 and that’s solved by using stunnel in
client mode. And the communication from SFDC client to tibco
server applications w.r.t TLS V1.2 I am unable to solve
using stunnel. Below is the configuration in stunnel in
server end to divert the traffic from 8008 to 8009, can you
help here with the logs is the stunnel configuration is
correct or there any missed/need to alter.<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="text-indent:.5in">[SFDC reverse
proxy test]<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">debug=7<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">;client = yes<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">accept = 8008<span
style="font-family:Wingdings">à</span>port used by sfdc
client to connect to TIBCO server<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">connect =
localhost:8009 <span style="font-family:Wingdings">
à</span>Tibco server that’s running<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">cert =
stunnel.pem<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Service
[SFDC reverse proxy test] started<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Option
TCP_NODELAY set on local socket<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG5[118]: Service
[SFDC reverse proxy test] accepted connection from
101.167.198.14:54477<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG6[118]: Peer
certificate not required<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: SSL state
(accept): before/accept initialization<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG3[118]:
SSL_accept: Peer suddenly disconnected<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG5[118]: Connection
reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Local
descriptor (FD=696) closed<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Service
[SFDC reverse proxy test] finished (0 left)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">PFB the openssl snap shot looks odd <o:p></o:p></p>
<p class="MsoNormal">C:\Program Files
(x86)\stunnel\bin>openssl s_client -connect
localhost:8008 -prexit -showcerts<o:p></o:p></p>
<p class="MsoNormal"><b><span
style="background:yellow;mso-highlight:yellow">WARNING:
can't open config file: /devel/win32/openssl/openssl.cnf</span><o:p></o:p></b></p>
<p class="MsoNormal">CONNECTED(0000016C)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Thanks
and Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Jothish
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">TIBCO
TSD<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Ph.
: +91 44 39263958<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Mobile
: +91 9884040171<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Support
: +91 9962007110</span><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">OC
: jothish.chokkalingam</span><span
style="font-size:9.0pt;color:#17365D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#17365D">Group mail:-
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:Telstra.psm.tsd.tibco@accenture.com">
Telstra.psm.tsd.tibco@accenture.com</a><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise confidential
information. If you have received it in error, please notify
the sender immediately and delete the original. Any other use
of the e-mail by you is prohibited. Where allowed by local
law, electronic communications with Accenture and its
affiliates, including e-mail and instant messaging (including
content), may be scanned by our systems for the purposes of
information security and assessment of internal compliance
with Accenture policy. <br>
______________________________________________________________________________________<br>
<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.accenture.com">www.accenture.com</a><br>
</font><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
stunnel-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
stunnel-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a class="moz-txt-link-freetext" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
</body>
</html>