<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">HI all,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-indent:.5in">There is a problem we have currently connecting tibco client to SFDC sever via TLS v1.2 and that’s solved by using stunnel in client mode. And the communication from SFDC client to tibco server applications w.r.t
TLS V1.2 I am unable to solve using stunnel. Below is the configuration in stunnel in server end to divert the traffic from 8008 to 8009, can you help here with the logs is the stunnel configuration is correct or there any missed/need to alter.<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="text-indent:.5in">[SFDC reverse proxy test]<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">debug=7<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">;client = yes<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">accept = 8008<span style="font-family:Wingdings">à</span>port used by sfdc client to connect to TIBCO server<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">connect = localhost:8009 <span style="font-family:Wingdings">
à</span>Tibco server that’s running<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">cert = stunnel.pem<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] started<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Option TCP_NODELAY set on local socket<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG5[118]: Service [SFDC reverse proxy test] accepted connection from 101.167.198.14:54477<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG6[118]: Peer certificate not required<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: SSL state (accept): before/accept initialization<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG3[118]: SSL_accept: Peer suddenly disconnected<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG5[118]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Local descriptor (FD=696) closed<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] finished (0 left)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">PFB the openssl snap shot looks odd <o:p></o:p></p>
<p class="MsoNormal">C:\Program Files (x86)\stunnel\bin>openssl s_client -connect localhost:8008 -prexit -showcerts<o:p></o:p></p>
<p class="MsoNormal"><b><span style="background:yellow;mso-highlight:yellow">WARNING: can't open config file: /devel/win32/openssl/openssl.cnf</span><o:p></o:p></b></p>
<p class="MsoNormal">CONNECTED(0000016C)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Thanks and Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Jothish
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">TIBCO TSD<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Ph. : +91 44 39263958<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Mobile : +91 9884040171<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Support : +91 9962007110</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">OC : jothish.chokkalingam</span><span style="font-size:9.0pt;color:#17365D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#17365D">Group mail:- Telstra.psm.tsd.tibco@accenture.com<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by
you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of
internal compliance with Accenture policy. <br>
______________________________________________________________________________________<br>
<br>
www.accenture.com<br>
</font>
</body>
</html>