<div dir="ltr">HI Guys,<div><br></div><div>below is the config which i have configured with TLSv1.2, but still connection establishing only for while when i telnet telnet 127.0.0.1 9233. and just after connection closed.</div><div><br></div><div><div>[TCP]</div><div>client=yes</div><div>cert = BBG_cert.pem</div><div>key = BBG_key.pem</div><div>verifyChain = yes</div><div>CAfile = BBG_CACerts.pem</div><div>connect = <a href="http://69.191.198.34:8228">69.191.198.34:8228</a></div><div>accept = <a href="http://127.0.0.1:9233">127.0.0.1:9233</a></div><div>sslVersion = TLSv1.2</div></div><div><br></div><div>below the logs:</div><div><br></div><div><div>2017.06.13 11:57:49 LOG5[main]: Reading configuration from file stunnel.conf</div><div>2017.06.13 11:57:49 LOG5[main]: UTF-8 byte order mark detected</div><div>2017.06.13 11:57:49 LOG5[main]: FIPS mode disabled</div><div>2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must define two endpoints</div><div>2017.06.13 11:57:49 LOG3[main]: Failed to reload the configuration file</div><div>2017.06.13 16:37:16 LOG5[main]: Reading configuration from file stunnel.conf</div><div>2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark detected</div><div>2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled</div><div>2017.06.13 16:37:16 LOG4[main]: Service [TCP] uses "verifyChain" without subject checks</div><div>2017.06.13 16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted certificates</div><div>2017.06.13 16:37:16 LOG5[main]: Configuration successful</div><div>2017.06.13 16:38:38 LOG5[11]: Service [TCP] accepted connection from <a href="http://127.0.0.1:62736">127.0.0.1:62736</a></div><div>2017.06.13 16:38:38 LOG5[11]: s_connect: connected <a href="http://69.191.198.34:8228">69.191.198.34:8228</a></div><div>2017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote server from <a href="http://172.16.1.23:62737">172.16.1.23:62737</a></div><div>2017.06.13 16:38:39 LOG5[11]: Certificate accepted at depth=0: C=US, ST=NEW YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA, CN=<a href="http://fixbeta.bloomberg.com">fixbeta.bloomberg.com</a>, emailAddress=<a href="mailto:caadmin@bloomberg.com">caadmin@bloomberg.com</a></div><div>2017.06.13 16:39:10 LOG5[11]: Connection closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket</div></div><div><br></div><div>i want connection remained connected every time so that i can run the application.</div><div><br></div><div>application can be work only if the connection remain connected.</div><div><br></div><div>please help me to sort this out.</div><div><br></div><div>Regards,</div><div><br></div><div>Dheeraj Gautam</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 25 May 2017 at 12:29, Małgorzata Olszówka <span dir="ltr"><<a href="mailto:Malgorzata.Olszowka@stunnel.org" target="_blank">Malgorzata.Olszowka@stunnel.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Could you please let us know what parameters we are missing here due to which connection is not establishing with remote server.<br>
<br>
Although, stunnel logs indicating that configuration successful, but in logs no where is mentioned about the connection is it connected or not, <br>
</blockquote>
<br>
<br></span>
Hello Dheeraj,<br>
<br>
You should set the verifyChain option in order to verify the certificate stored in the file specified with CAfile:<br>
verifyChain = yes<br>
<br>
Then you can test your connection:<br>
telnet 127.0.0.1 9233<br>
the stunnel logs will show information about the connection attempt.<br>
<br>
Regards,<br>
Małgorzata<br>
______________________________<wbr>_________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" rel="noreferrer" target="_blank">https://www.stunnel.org/cgi-bi<wbr>n/mailman/listinfo/stunnel-use<wbr>rs</a><br>
</blockquote></div><br></div>
<br>
<p><font size="1"><span style="font-family:"Arial","sans-serif""><span style="font-family:"Times New Roman","serif""><a href="http://www.arborfs.com" target="_blank">www.arborfs.com</a></span></span><span style="font-family:"Arial","sans-serif";color:gray"><br></span></font></p><p><font size="1"><span style="font-family:"Arial","sans-serif";color:gray">This e-mail and any attachment are
confidential and contain proprietary information, some or all of which may be
legally privileged.</span></font></p><p><font size="1"><span style="font-family:"Arial","sans-serif";color:gray">It is intended solely for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient, please notify the author immediately by telephone or by
replying to this e-mail, and then delete all copies of the e-mail on your
system. If you are not the intended recipient, you must not use,
disclose, distribute, copy, print or rely on this e-mail.</span></font></p><p><font size="1"><span style="font-family:"Arial","sans-serif";color:gray">Whilst we have taken reasonable
precautions to ensure that this e-mail and any attachment has been checked for
viruses, we cannot guarantee that they are virus free and we cannot accept
liability for any damage sustained as a result of software viruses. We
would advise that you carry out your own virus checks, especially before
opening an attachment.</span></font><span></span></p>