<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hi, Dheeraj,<o:p></o:p></span></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Are you testing the connection with Telnet? Or are you testing with the application. What I noticed in testing the connection is
that once the command is completed, the connection is closed.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">However, when I test from my application, its only closed once all transactions in that session are completed, and will show how
much data was passed on (following from my logs at the end of a non-telnet test session.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2017.06.13 10:16:08 LOG6[1]: Negotiated TLSv1.2 ciphersuite AES256-GCM-SHA384 (256-bit encryption)<o:p></o:p></span></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2017.06.13 10:16:18 LOG6[1]: Read socket closed (readsocket)<o:p></o:p></span></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2017.06.13 10:16:18 LOG6[1]: SSL_shutdown successfully sent close_notify alert<o:p></o:p></span></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2017.06.13 10:16:18 LOG6[1]: TLS closed (SSL_read)<o:p></o:p></span></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2017.06.13 10:16:18 LOG5[1]: Connection closed: 2791 byte(s) sent to TLS, 1641 byte(s) sent to socket<o:p></o:p></span></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Liz Turi</span></b></span><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Sr. Consultant<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Massachusetts
</span></span><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:red">e</span></span><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Health
Collaborative</span></span><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">860 Winter Street, Waltham, MA 02451<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">(m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"></span><a href="http://www.maehc.org"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">www.maehc.org</span></span><span style="mso-bookmark:_MailEndCompose"></span></a><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"></span><a href="https://www.facebook.com/massachusettsehealthcollab?fref=nf"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;text-decoration:none"><img border="0" width="24" height="24" style="width:.25in;height:.25in" id="Picture_x0020_1" src="cid:image004.png@01D2E43B.12499020" alt="fb_icon"></span></span><span style="mso-bookmark:_MailEndCompose"></span></a><span style="mso-bookmark:_MailEndCompose"></span><a href="https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;text-decoration:none"><img border="0" width="24" height="24" style="width:.25in;height:.25in" id="Picture_x0020_2" src="cid:image005.png@01D2E43B.12499020" alt="li_icon"></span></span><span style="mso-bookmark:_MailEndCompose"></span></a><span style="mso-bookmark:_MailEndCompose"></span><a href="https://twitter.com/MAeHC_org"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;text-decoration:none"><img border="0" width="24" height="24" style="width:.25in;height:.25in" id="Picture_x0020_3" src="cid:image006.png@01D2E43B.12499020" alt="tw_icon"></span></span><span style="mso-bookmark:_MailEndCompose"></span></a><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></span></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> stunnel-users [mailto:stunnel-users-bounces@stunnel.org]
<b>On Behalf Of </b>Dheeraj Gautam<br>
<b>Sent:</b> Tuesday, June 13, 2017 11:41 AM<br>
<b>To:</b> Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org><br>
<b>Cc:</b> stunnel-users@stunnel.org<br>
<b>Subject:</b> Re: [stunnel-users] Stunnel Connectivity Issue<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">HI Guys,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">below is the config which i have configured with TLSv1.2, but still connection establishing only for while when i telnet telnet 127.0.0.1 9233. and just after connection closed.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">[TCP]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">client=yes<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">cert = BBG_cert.pem<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">key = BBG_key.pem<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">verifyChain = yes<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">CAfile = BBG_CACerts.pem<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">connect = <a href="http://69.191.198.34:8228">69.191.198.34:8228</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">accept = <a href="http://127.0.0.1:9233">127.0.0.1:9233</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">sslVersion = TLSv1.2<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">below the logs:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">2017.06.13 11:57:49 LOG5[main]: Reading configuration from file stunnel.conf<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 11:57:49 LOG5[main]: UTF-8 byte order mark detected<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 11:57:49 LOG5[main]: FIPS mode disabled<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must define two endpoints<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 11:57:49 LOG3[main]: Failed to reload the configuration file<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:37:16 LOG5[main]: Reading configuration from file stunnel.conf<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark detected<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:37:16 LOG4[main]: Service [TCP] uses "verifyChain" without subject checks<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted certificates<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:37:16 LOG5[main]: Configuration successful<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:38:38 LOG5[11]: Service [TCP] accepted connection from
<a href="http://127.0.0.1:62736">127.0.0.1:62736</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:38:38 LOG5[11]: s_connect: connected <a href="http://69.191.198.34:8228">
69.191.198.34:8228</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote server from
<a href="http://172.16.1.23:62737">172.16.1.23:62737</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:38:39 LOG5[11]: Certificate accepted at depth=0: C=US, ST=NEW YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA, CN=<a href="http://fixbeta.bloomberg.com">fixbeta.bloomberg.com</a>, emailAddress=<a href="mailto:caadmin@bloomberg.com">caadmin@bloomberg.com</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2017.06.13 16:39:10 LOG5[11]: Connection closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">i want connection remained connected every time so that i can run the application.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">application can be work only if the connection remain connected.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">please help me to sort this out.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Dheeraj Gautam<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 25 May 2017 at 12:29, Małgorzata Olszówka <<a href="mailto:Malgorzata.Olszowka@stunnel.org" target="_blank">Malgorzata.Olszowka@stunnel.org</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">Could you please let us know what parameters we are missing here due to which connection is not establishing with remote server.<br>
<br>
Although, stunnel logs indicating that configuration successful, but in logs no where is mentioned about the connection is it connected or not,
<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
Hello Dheeraj,<br>
<br>
You should set the verifyChain option in order to verify the certificate stored in the file specified with CAfile:<br>
verifyChain = yes<br>
<br>
Then you can test your connection:<br>
telnet 127.0.0.1 9233<br>
the stunnel logs will show information about the connection attempt.<br>
<br>
Regards,<br>
Małgorzata<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span style="font-size:7.5pt"><a href="http://www.arborfs.com" target="_blank">www.arborfs.com</a></span><o:p></o:p></p>
<p><span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:gray">This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged.</span><o:p></o:p></p>
<p><span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:gray">It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, please notify the author immediately by telephone or by
replying to this e-mail, and then delete all copies of the e-mail on your system. If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail.</span><o:p></o:p></p>
<p><span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:gray">Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept
liability for any damage sustained as a result of software viruses. We would advise that you carry out your own virus checks, especially before opening an attachment.</span><o:p></o:p></p>
</div>
<p><br>
CONFIDENTIALITY NOTICE<br>
The information contained in this email transmission is legally privileged and confidential information intended only for the use of the addressee named above. If the reader of this message is not the intended recipient you are hereby notified that any dissemination,
distribution or copying of this email transmission is strictly prohibited. If you have received this email transmission in error, please notify us immediately. Thank you.</p>
</body>
</html>