<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br>Can you please elaborate? If you want us to help, you need to provide enough information. <br><br></div><div>Regards</div><div>Jose</div><div><br></div><div><br>El 24/11/2016, a las 5:03 a.m., <<a href="mailto:jothish.chokkalingam@accenture.com">jothish.chokkalingam@accenture.com</a>> <<a href="mailto:jothish.chokkalingam@accenture.com">jothish.chokkalingam@accenture.com</a>> escribió:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Jose,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:Wingdings;color:#1F497D">J</span><span style="color:#1F497D"> you are right.i was trying but I thought it will work as a client and it worked as a workaround. But will check for the dh key small error while forwarding
the traffic with SSL from intermediate port to another port.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Thanks and Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Jothish
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">TIBCO TSD<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Ph. : +91 44 39263958<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Mobile : +91 9884040171<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Support : +91 9962007110</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">OC : jothish.chokkalingam</span><span style="font-size:9.0pt;color:#17365D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#17365D">Group mail:- <a href="mailto:Telstra.psm.tsd.tibco@accenture.com">Telstra.psm.tsd.tibco@accenture.com</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> Josealf.rm [<a href="mailto:josealf@rocketmail.com">mailto:josealf@rocketmail.com</a>]
<br>
<b>Sent:</b> Thursday, November 24, 2016 2:48 PM<br>
<b>To:</b> Chokkalingam, Jothish <<a href="mailto:jothish.chokkalingam@accenture.com">jothish.chokkalingam@accenture.com</a>><br>
<b>Cc:</b> <a href="mailto:cbrowne@cbcs-usa.com">cbrowne@cbcs-usa.com</a>; <a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<b>Subject:</b> Re: [stunnel-users] Help in setting stunnel in server mode to over come TLSV2 compatibility<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Jothish,<br>
<br>
Stunnel in server mode is what you need, with 99.9% confidence.<span style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">When you write:<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">[https]<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Accept=443<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Connect=local host:80<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Client=no<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Stunnnel will expect TLS connections on port 443 and will forward then to your normal web server running on loopback port 80.<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Is that clear?<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Regards,<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Jose<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
El 24/11/2016, a las 2:29 a.m., <<a href="mailto:jothish.chokkalingam@accenture.com">jothish.chokkalingam@accenture.com</a>> <<a href="mailto:jothish.chokkalingam@accenture.com">jothish.chokkalingam@accenture.com</a>> escribió:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Is there a way to forward a Secure connection from one port to non secure port using stunnel. I am googling but unable to find. If you have can you let me know</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Thanks and Regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Jothish
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">TIBCO TSD</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Ph. : +91 44 39263958</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Mobile : +91 9884040171</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Support : +91 9962007110</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">OC : jothish.chokkalingam</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#17365D">Group mail:- <a href="mailto:Telstra.psm.tsd.tibco@accenture.com">
Telstra.psm.tsd.tibco@accenture.com</a></span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> stunnel-users [<a href="mailto:stunnel-users-bounces@stunnel.org">mailto:stunnel-users-bounces@stunnel.org</a>]
<b>On Behalf Of </b>Carter Browne<br>
<b>Sent:</b> Wednesday, November 23, 2016 9:30 PM<br>
<b>To:</b> <a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<b>Subject:</b> Re: [stunnel-users] Help in setting stunnel in server mode to over come TLSV2 compatibility</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p>There are other tools for performing port forwarding with less overhead (I believe tappipe is one), although I make use stunnel to do this extensively.<o:p></o:p></p>
<p>In order forward a secure connection from one port to another is a two step process with stunnel:<o:p></o:p></p>
<p>A sample configuration segment would be:<o:p></o:p></p>
<p>[SFDC reverse in]<o:p></o:p></p>
<p>client = no<o:p></o:p></p>
<p>accept = 8008<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">connect = localhost:48008<br>
<br>
<br>
[SFDC reverse out]<br>
client = yes<br>
accept = localhost:48008<br>
connect = localhost:8009<o:p></o:p></p>
<div>
<p class="MsoNormal">On 11/23/2016 10:18 AM, Rodney Lott wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi, there.<br>
<br>
I'm no stunnel expert, but here's my $0.05 (we have no pennies in Canada anymore ;-) ):<br>
- I would try including the key as well as the cert in your stunnel config<br>
- I would enable debug on the openssl s_client call to see if it will indicate why it is reseting. Same with your SFDC client to get more info.<br>
- Question: is the "WARNING: can't open config file" message below indicative of a permissions or path problem?
<br>
- Question: Is the stunnel cert and key compatible with the TIBCO server's certificate? They need to be using certs generated from the same key source, don't they?
<br>
- You might want to fix the SSL version in the stunnel config file (i.e. sslVersion = TLSv1.2)<br>
<br>
Good luck with your debugging. <br>
<br>
Rodney<o:p></o:p></p>
<div>
<p class="MsoNormal">On 2016-11-22 07:43 PM, <a href="mailto:jothish.chokkalingam@accenture.com">
jothish.chokkalingam@accenture.com</a> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">HI all,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">There is a problem we have currently connecting tibco client to SFDC sever via TLS v1.2 and that’s solved by using stunnel in client mode. And the communication from SFDC client to tibco server applications w.r.t
TLS V1.2 I am unable to solve using stunnel. Below is the configuration in stunnel in server end to divert the traffic from 8008 to 8009, can you help here with the logs is the stunnel configuration is correct or there any missed/need to alter.<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">[SFDC reverse proxy test]<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">debug=7<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">;client = yes<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">accept = 8008<span style="font-family:Wingdings">à</span>port used by sfdc client to connect to TIBCO server<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">connect = localhost:8009 <span style="font-family:Wingdings">
à</span>Tibco server that’s running<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:.5in">cert = stunnel.pem<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] started<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Option TCP_NODELAY set on local socket<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG5[118]: Service [SFDC reverse proxy test] accepted connection from 101.167.198.14:54477<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG6[118]: Peer certificate not required<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: SSL state (accept): before/accept initialization<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG3[118]: SSL_accept: Peer suddenly disconnected<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG5[118]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Local descriptor (FD=696) closed<o:p></o:p></p>
<p class="MsoNormal">2016.11.23 08:31:56 LOG7[118]: Service [SFDC reverse proxy test] finished (0 left)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">PFB the openssl snap shot looks odd <o:p></o:p></p>
<p class="MsoNormal">C:\Program Files (x86)\stunnel\bin>openssl s_client -connect localhost:8008 -prexit -showcerts<o:p></o:p></p>
<p class="MsoNormal"><b><span style="background:yellow;mso-highlight:yellow">WARNING: can't open config file: /devel/win32/openssl/openssl.cnf</span></b><o:p></o:p></p>
<p class="MsoNormal">CONNECTED(0000016C)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Thanks and Regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Jothish
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">TIBCO TSD</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Ph. : +91 44 39263958</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">Mobile : +91 9884040171</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">Support : +91 9962007110</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#17365D">OC : jothish.chokkalingam</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#17365D">Group mail:- <a href="mailto:Telstra.psm.tsd.tibco@accenture.com">
Telstra.psm.tsd.tibco@accenture.com</a></span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span><o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:gray"><br>
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by
you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of
internal compliance with Accenture policy. <br>
______________________________________________________________________________________<br>
<br>
<a href="http://www.accenture.com">www.accenture.com</a><br>
</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>stunnel-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><o:p></o:p></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.stunnel.org_cgi-2Dbin_mailman_listinfo_stunnel-2Dusers&d=DgMDaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=MqNUOU_xr_CQWlW-GqRdBeY3oxru560GTYsOPa0RQctKABtP4l_SCfWLL8Ex9w7w&m=4huWq-QNmeb8U731CD550mFem3fJi1V_h32_3NnDWgc&s=VpkrTsuWKtX284qEcR4zgE-0ZQcbC5mQrBA5w0wCSME&e=">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>stunnel-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><o:p></o:p></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.stunnel.org_cgi-2Dbin_mailman_listinfo_stunnel-2Dusers&d=DgMDaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=MqNUOU_xr_CQWlW-GqRdBeY3oxru560GTYsOPa0RQctKABtP4l_SCfWLL8Ex9w7w&m=4huWq-QNmeb8U731CD550mFem3fJi1V_h32_3NnDWgc&s=VpkrTsuWKtX284qEcR4zgE-0ZQcbC5mQrBA5w0wCSME&e=">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span><o:p></o:p></p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:windowtext">_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.stunnel.org_cgi-2Dbin_mailman_listinfo_stunnel-2Dusers&d=DgMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=MqNUOU_xr_CQWlW-GqRdBeY3oxru560GTYsOPa0RQctKABtP4l_SCfWLL8Ex9w7w&m=KpBOyF3X4pqPRFpbMzToAN2UwmN88FLptOWAJPygwvQ&s=8kvXlMhEoeJRHu_UCqWbs7nMCzviuGbvo4jzH9pJDuc&e=">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><o:p></o:p></span></p>
</div>
</blockquote>
</div>
</div></blockquote></body></html>