<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Oformaterad text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.OformateradtextChar
{mso-style-name:"Oformaterad text Char";
mso-style-priority:99;
mso-style-link:"Oformaterad text";
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="SV" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText"><span lang="EN-US">Thanks Peter, I really appriciate your support.<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">The config file is just a little edited by me, but I think that you can see how it's set up:<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">[SOS_SYNGO_HL7_BFT_client]<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">client = yes<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">accept = 46161<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">connect = Xn1.x1.x2.se:6161<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">cert = ds3000-03.x3.x2.se.pem<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">verify = 2<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">CAfile = CAFile.pem<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">[SOS_SYNGO_DICOM_BFT_client]<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">client = yes<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">accept = 46162<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">connect = Xn2.x1.x2.se:6162<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">cert = ds3000-03.x3.x2.se.pem<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">verify = 2<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">CAfile = CAFile.pem<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">Is there a way to copy inhold of opensll shell-window and make it anonymos before I make it public?<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">It ends as this screenshot at least:<o:p></o:p></span></p>
<p class="MsoPlainText"><img width="1209" height="438" style="width:12.5937in;height:4.5625in" id="Bildobjekt_x0020_1" src="cid:image001.png@01D5F93C.54C1D200"><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">//Janne<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">Jan Falk<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">MTA <o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">08 616 1721<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span style="mso-fareast-language:SV">-----Ursprungligt meddelande-----<br>
Fr�n: Peter Pentchev <roam@ringlet.net> <br>
Skickat: den 13 mars 2020 12:53<br>
Till: Jan Falk <jan.falk@sll.se><br>
Kopia: stunnel-users@stunnel.org<br>
�mne: Re: SV: [stunnel-users] S-tunnel will not send TLS</span></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">On Fri, Mar 13, 2020 at 11:19:16AM +0000, Jan Falk wrote:<o:p></o:p></p>
<p class="MsoPlainText">[format recovered]<o:p></o:p></p>
<p class="MsoPlainText">> Peter Pentchev wrote:<o:p></o:p></p>
<p class="MsoPlainText">> > On Fri, Mar 13, 2020 at 09:42:27AM +0000, Jan Falk wrote:<o:p></o:p></p>
<p class="MsoPlainText">> > > Hi.<o:p></o:p></p>
<p class="MsoPlainText">> > > Can someone tell me why Stunnel stops at wating 10s? Log:<o:p></o:p></p>
<p class="MsoPlainText">> > > <o:p></o:p></p>
<p class="MsoPlainText">> > > 2020.03.12 09:43:36 LOG6[main]: Initializing service
<o:p></o:p></p>
<p class="MsoPlainText">> > > [x3_x4_DICOM_BFT_client]<o:p></o:p></p>
<p class="MsoPlainText">> > [snip]<o:p></o:p></p>
<p class="MsoPlainText">> > > 2020.03.12 09:44:37 LOG7[0]: Service [x3_x4_HL7_BFT_client]
<o:p></o:p></p>
<p class="MsoPlainText">> > > started<o:p></o:p></p>
<p class="MsoPlainText">> > > 2020.03.12 09:44:37 LOG7[0]: Setting local socket options (FD=508)<o:p></o:p></p>
<p class="MsoPlainText">> > > 2020.03.12 09:44:37 LOG7[0]: Option TCP_NODELAY set on local
<o:p></o:p></p>
<p class="MsoPlainText">> > > socket<o:p></o:p></p>
<p class="MsoPlainText">> > > 2020.03.12 09:44:37 LOG5[0]: Service [x3_x4_HL7_BFT_client]
<o:p></o:p></p>
<p class="MsoPlainText">> > > accepted connection from 127.0.0.1:50299<o:p></o:p></p>
<p class="MsoPlainText">> > > 2020.03.12 09:44:37 LOG6[0]: s_connect: connecting <o:p>
</o:p></p>
<p class="MsoPlainText">> > > 10.67.6.106:6161<o:p></o:p></p>
<p class="MsoPlainText">> > > 2020.03.12 09:44:37 LOG7[0]: s_connect: s_poll_wait 10.67.6.106:6161:
<o:p></o:p></p>
<p class="MsoPlainText">> > > waiting 10 seconds<o:p></o:p></p>
<p class="MsoPlainText">> > <o:p></o:p></p>
<p class="MsoPlainText">> > Have you made sure that there is something listening on port 6161 of
<o:p></o:p></p>
<p class="MsoPlainText">> > the<o:p></o:p></p>
<p class="MsoPlainText">> > 10.67.6.106 host and that the host that stunnel is running on can
<o:p></o:p></p>
<p class="MsoPlainText">> > establish a connection to it? No firewalls, no routing problems or
<o:p></o:p></p>
<p class="MsoPlainText">> > anything like that?<o:p></o:p></p>
<p class="MsoPlainText">> > <o:p></o:p></p>
<p class="MsoPlainText">> > What happens if you run - on the host that stunnel runs on - this:<o:p></o:p></p>
<p class="MsoPlainText">> > <o:p></o:p></p>
<p class="MsoPlainText">> > nc -v -z 10.67.6.106 6161<o:p></o:p></p>
<p class="MsoPlainText">> > <o:p></o:p></p>
<p class="MsoPlainText">> > ...and also, if stunnel is supposed to establish a secure connection
<o:p></o:p></p>
<p class="MsoPlainText">> > to that host (that is, if stunnel is working in client mode):<o:p></o:p></p>
<p class="MsoPlainText">> > <o:p></o:p></p>
<p class="MsoPlainText">> > openssl s_client -connect 10.67.6.106:6161<o:p></o:p></p>
<p class="MsoPlainText">> > <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> > The first command should exit immediately and tell you that a TCP
<o:p></o:p></p>
<p class="MsoPlainText">> > connection was established successfully; the second one should also
<o:p></o:p></p>
<p class="MsoPlainText">> > try to negotiate a TLS connection and show you what the server on
<o:p></o:p></p>
<p class="MsoPlainText">> > the other side tells you after the connection has been established.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Thanks Peter for a quick reply.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Yes we have a connection with reciving server, in wireshark I can see
<o:p></o:p></p>
<p class="MsoPlainText">> that vi get three ack:s on establishment. As I understand it, on third
<o:p></o:p></p>
<p class="MsoPlainText">> Ack the TLS is supposed to be sent, but instead my Stunnel halts on 10
<o:p></o:p></p>
<p class="MsoPlainText">> sek. And there I stand.....<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> The reciving server is not reply to non-crypted communication.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">OK, so at least the network troubles may be ruled out... to some extent.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Can you show us your stunnel configuration file? Is stunnel supposed to connect to this service in its client mode (stunnel accepts a plaintext connection and connects to a TLS service), or in server mode (stunnel accepts a TLS connection,
connects to a plaintext service)?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">If stunnel is supposed to run in client mode, that means that whatever is listening for incoming TCP connections on 10.67.6.106:6161 should not only accept the connection, but also start a TLS negotiation, and the "openssl s_client"
command I posted above should show you this TLS negotiation. If this does not happen - if s_client does not show you a TLS negotiation, server names, certificates, etc - then something is wrong with the service running at 10.67.6.106:6161; you should make
sure that this is fixed before attempting to get stunnel to talk to it.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">G'luck,<o:p></o:p></p>
<p class="MsoPlainText">Peter<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">--<o:p></o:p></p>
<p class="MsoPlainText">Peter Pentchev <a href="mailto:roam@%7bringlet.net,debian.org,FreeBSD.org%7d">
<span style="color:windowtext;text-decoration:none">roam@{ringlet.net,debian.org,FreeBSD.org}</span></a>
<a href="mailto:pp@storpool.com"><span style="color:windowtext;text-decoration:none">pp@storpool.com</span></a><o:p></o:p></p>
<p class="MsoPlainText">PGP key: <a href="http://people.FreeBSD.org/~roam/roam.key.asc">
<span style="color:windowtext;text-decoration:none">http://people.FreeBSD.org/~roam/roam.key.asc</span></a><o:p></o:p></p>
<p class="MsoPlainText">Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13<o:p></o:p></p>
</div>
</body>
</html>