stunnel-users January 2012

stunnel-users@stunnel.org

23 participants
33 discussions

stunnel+memoq error | urgent feedback needed
by Bob Makovei 27 Jan '12

27 Jan '12

Hello there! I am a new stunnel user, working as a translator. Please, find attached a log report about a connection error. I've tried everything I could to make stunnel work for memoq. What's wrong? I would much appreciate your quck input... Kind regards, Bob Bob Makovei Economist, Certified Translator, Investment Consultant | <http://www.makovei.me/> www.makovei.me | <mailto:bob@makovei.me> bob(a)makovei.me Exim Pro Ltd., 25 Draga Street, Bekes H-5630, Hungary | +36.70.324.7424 (t) | +36.70.908.7704 (f) US: +1.512.682.0817 (vm) | +1.781.723.5861 (f) | UK: +44.871.526.2661 (f) | mr19740809 (skype)

1 0

stunnel and socat
by John A. Wallace 26 Jan '12

26 Jan '12

Hello. I use socat to connect stunnel to a socks proxy on my client workstation running windows. the socks proxy then connects to a news server on the internet. The initial connection works just fine and it appears to stay connected while I am transferring data and for a while afterwards; but after a period of idle connection say five or ten minutes, I get a message from my network adaptor popup saying that the connection stunnel had to my localhost has failed. Any ideas on how I can make the connection between stunnel and localhost persist longer during periods of inactivity? I would like it to stay connected until I purposely stop it. Below is the relevant section of "stunnel.conf". [newsreader_to_newsserver] accept = 127.0.0.1:120 connect = 127.0.0.1:5630 CAfile = peer-news_certificate.pem verify = 3

1 0

stunnel+memoq error
by Bob Makovei 26 Jan '12

26 Jan '12

Hello there! I am a new stunnel user, working as a translator. Please, find attached a log report about a connection error. I've tried everything I could to make stunnel work for memoq. What's wrong? Kind regards, Bob Bob Makovei Economist, Certified Translator, Investment Consultant | <http://www.makovei.me/> www.makovei.me | <mailto:bob@makovei.me> bob(a)makovei.me Exim Pro Ltd., 25 Draga Street, Bekes H-5630, Hungary | +36.70.324.7424 (t) | +36.70.908.7704 (f) US: +1.512.682.0817 (vm) | +1.781.723.5861 (f) | UK: +44.871.526.2661 (f) | mr19740809 (skype)

1 0

Strange Log
by Hamid.Shahid＠sungard.com 26 Jan '12

26 Jan '12

Hi Jose, I am getting the following log, when I am trying connect my program with Stunnel, which is connected to a remote server using SSL. Can you please have a look and help me understand what is happening and what can be the reason? Many thanks! 2012.01.25 18:50:12 LOG5[8384:2416]: Reading configuration from file stunnel.conf 2012.01.25 18:50:12 LOG7[8384:2416]: Snagged 64 random bytes from C:/.rnd 2012.01.25 18:50:12 LOG7[8384:2416]: Wrote 1024 new random bytes to C:/.rnd 2012.01.25 18:50:12 LOG7[8384:2416]: PRNG seeded successfully 2012.01.25 18:50:12 LOG6[8384:2416]: Initializing SSL context for service SSLHOST 2012.01.25 18:50:12 LOG7[8384:2416]: Certificate: ABC_Cert.pem 2012.01.25 18:50:12 LOG7[8384:2416]: Certificate loaded 2012.01.25 18:50:12 LOG7[8384:2416]: Key file: ABC_Cert_key.pem 2012.01.25 18:50:30 LOG7[8384:2416]: Private key loaded 2012.01.25 18:50:30 LOG7[8384:2416]: SSL options set: 0x00180004 2012.01.25 18:50:30 LOG6[8384:2416]: SSL context initialized 2012.01.25 18:50:30 LOG5[8384:2416]: Configuration successful 2012.01.25 18:50:30 LOG7[8384:2416]: accept socket: FD=652 allocated (non-blocking mode) 2012.01.25 18:50:30 LOG7[8384:2416]: Option SO_REUSEADDR set on accept socket 2012.01.25 18:50:30 LOG7[8384:2416]: Service SSLHOST bound to 127.0.0.1:2525 2012.01.25 18:50:30 LOG7[8384:2416]: Service SSLHOST opened FD=652 2012.01.25 18:50:46 LOG7[8384:2416]: local socket: FD=752 allocated (non-blocking mode) 2012.01.25 18:50:46 LOG7[8384:2416]: Service SSLHOST accepted FD=752 from 127.0.0.1:52075 2012.01.25 18:50:46 LOG7[8384:2416]: Creating a new thread 2012.01.25 18:50:46 LOG7[8384:2416]: New thread created 2012.01.25 18:50:46 LOG7[8384:12664]: Service SSLHOST started 2012.01.25 18:50:46 LOG7[8384:12664]: Option TCP_NODELAY set on local socket 2012.01.25 18:50:46 LOG5[8384:12664]: Service SSLHOST accepted connection from 127.0.0.1:52075 2012.01.25 18:50:46 LOG7[8384:12664]: remote socket: FD=768 allocated (non-blocking mode) 2012.01.25 18:50:46 LOG6[8384:12664]: connect_blocking: connecting <server_ip : port> 2012.01.25 18:50:46 LOG7[8384:12664]: connect_blocking: s_poll_wait <server_ip : port>: waiting 10 seconds 2012.01.25 18:50:46 LOG5[8384:12664]: connect_blocking: connected <server_ip : port> 2012.01.25 18:50:46 LOG5[8384:12664]: Service SSLHOST connected remote server from <server_ip : port> 2012.01.25 18:50:46 LOG7[8384:12664]: Remote FD=768 initialized 2012.01.25 18:50:46 LOG7[8384:12664]: Option TCP_NODELAY set on remote socket 2012.01.25 18:50:46 LOG7[8384:12664]: SNI: host name: <ip> 2012.01.25 18:50:46 LOG7[8384:12664]: Peer certificate was cached (1976 bytes) 2012.01.25 18:50:46 LOG6[8384:12664]: SSL connected: new session negotiated 2012.01.25 18:50:46 LOG6[8384:12664]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2012.01.25 18:50:46 LOG7[8384:12664]: SSL closed on SSL_read 2012.01.25 18:50:46 LOG7[8384:12664]: Sending socket write shutdown 2012.01.25 18:50:46 LOG7[8384:12664]: Socket closed on read 2012.01.25 18:50:46 LOG7[8384:12664]: Sending SSL write shutdown 2012.01.25 18:50:46 LOG6[8384:12664]: SSL_shutdown successfully sent close_notify 2012.01.25 18:50:46 LOG5[8384:12664]: Connection closed: 133 bytes sent to SSL, 8 bytes sent to socket 2012.01.25 18:50:46 LOG7[8384:12664]: Service SSLHOST finished (0 left) Kind Regards, Hamid Shahid

2 1

Stunnel without certificate
by VANDOOREN, Pascal 25 Jan '12

25 Jan '12

Hello, I have a question, is it possible to use Stunnel without a certification but with a passphrase ? because a use a generated certificate that expired after one year and it's not possible to generate a certificate more than one year .... Kind regards Pascal -- This e-mail is confidential. If you are not the addressee or an authorized recipient of this message, any distribution, copying, publication or use of this information for any purpose is prohibited. Please notify the sender immediately by e-mail and then delete this message. Ce message est confidentiel. Si vous n'etes pas le destinataire designe de ce message ou une personne autorisee a l'utiliser, toute distribution, copie, publication ou usage a quelques fins que ce soit des informations contenues dans ce message sont interdits. Merci d'informer immediatement l'expediteur par messagerie electronique et d'ensuite detruire ce message. --

1 0

certificate authentications
by John A. Wallace 21 Jan '12

21 Jan '12

I have two questions, which I think may be related, regarding how to use the information from stunnel log. I use stunnel to connect to an SMTP server on the internet from my home network, and in particular from my Windows laptop. My stunnel version is this: stunnel 4.50 on x86-pc-mingw32-gnu platform Compiled/running with OpenSSL 0.9.8r-fips 8 Feb 2011 It works well for my purposes, and I can see, by using a program for monitoring process and network connections, that the connections are now secured as expected. However, I believe it can be made more secure if I can utilize the certificate that is offered by the server, but I am not sure how to make that happen. In my stunnel log for the connection, I get this message: Client-mode smtp protocol negotiations started Client-mode smtp protocol negotiations succeeded No peer certificate received SSL connected: new session negotiated Negotiated ciphers: ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 My first question is, how should I go about getting that "No peer certificate received" issue corrected and how do I install it? Secondly, when I issue this command at the cmd shell prompt: openssl s_client -starttls smtp -connect host.server:port The output is lengthy and it includes, among other things, clearly what is identified as a certificate. I have been told that this is a good certificate, and one that I should utilize for an authenticated connection. So, my question is, is this the same certificate that I saw referenced in the log as the "peer certificate", and how do I go about putting this certificate where it belongs in my directory? I know how to copy it and save it as a file, but where do I put it and should it have a special name? If someone wants to direct me to the correct instruction for doing this, that would be fine too. I am just looking for some pointers for assistance. Thanks.

3 5

Re: [stunnel-users] ver 4.5 VS 4.2: running single process now, how to close when all client apps closed?
by Jose Alf. 21 Jan '12

21 Jan '12

All right. I just recompiled against the latest OpenSSL 0.9.8t. Still not enought to tempt you? :) Regards, Jose ________________________________ From: Larisa <larisaka(a)yahoo.com> To: Jose Alf. <josealf(a)rocketmail.com> Sent: Friday, January 20, 2012 5:20 PM Subject: Re: [stunnel-users] ver 4.5 VS 4.2: running single process now, how to close when all client apps closed? Jose, I am thinking to stay with the old version for a little bit longer, though hoping to get newer one 4.5_ soon. Thank you for the offer. Larisa --- On Thu, 1/19/12, Jose Alf. <josealf(a)rocketmail.com> wrote: >From: Jose Alf. <josealf(a)rocketmail.com> >Subject: Re: [stunnel-users] ver 4.5 VS 4.2: running single process now, how to close when all client apps closed? >To: "Stunnel Users Mailing List" <stunnel-users(a)mirt.net>, "larisa_y" <larisaka(a)yahoo.com> >Date: Thursday, January 19, 2012, 8:01 AM > > >Larisa, >I compiled stunnel-4.39 against OpenSSL 0.9.8s. Let me know if you are interested in the binaries. > >Regards >Jose > >________________________________ >From: Michal Trojnara <Michal.Trojnara(a)mirt.net> >To: Stunnel Users Mailing List <stunnel-users(a)mirt.net> >Sent: Tuesday, January 17, 2012 5:08 PM >Subject: Re: [stunnel-users] ver 4.5 VS 4.2: running single process now, how to close when all client apps closed? >larisa_y wrote:> Could you tell me starting which version the new behaviour was implemented?> (single process architecture) I tried the changelog but could not really> identify the item.The implementation of this change started with stunnel 4.40 with new "stunnel -exit" option. The last version fully supporting multiple processes is 4.39.Please be aware of security risks related to using obsolete versions of OpenSSL. Some Win32 GUI features are also unstable until version 4.50.Mike_______________________________________________stunnel-users mailing liststunnel-users@stunnel.orghttp://stunnel.mirt.net/mailman/listinfo/stunnel-users

1 0

Re: [stunnel-users] STARTTLS
by James Devine 20 Jan '12

20 Jan '12

http and smtp are two different birds, https runs on a different port, whereas an smtp connection running on port 25 can be upgraded to secure with starttls On Fri, Jan 20, 2012 at 12:29 AM, Michal Trojnara <Michal.Trojnara(a)mirt.net>wrote: > James Devine <fxmulder(a)gmail.com> wrote: > > >I've setup stunnel to tunnel port 25 to a few backend smtp servers, it > >appears that it only works with starttls, is there a way to make it > >work if > >no starttls is issued also? > >_______________________________________________ > >stunnel-users mailing list > >stunnel-users(a)stunnel.org > >http://stunnel.mirt.net/mailman/listinfo/stunnel-users > > Do you also have problems with https on port 80? > > Mike >

1 0

STARTTLS
by James Devine 19 Jan '12

19 Jan '12

I've setup stunnel to tunnel port 25 to a few backend smtp servers, it appears that it only works with starttls, is there a way to make it work if no starttls is issued also?

1 0

ver 4.5 VS 4.2: running single process now, how to close when all client apps closed?
by larisa_y 19 Jan '12

19 Jan '12

I have several client applications running on win machine, connecting to the same server, or sometimes to different servers. ver. 4.2 allowed me to do the following: modify .conf file to [my_section] accept=5566 connect 123.22.33.44:5005; then run stunnel.exe; modify .conf file to [my_section] accept=5567 connect 456.22.33.44:5006; then run stunnel.exe. That would start 2 stunnel.exe processes, each one handling its own connection; which were easy to close when each respective client app closed - each one would close the one it started. Now with 4.5 version: the single stunnel.exe process runs and is able to handle all communications perfectly, provided I prepare .conf file for all possible connections in advance, before starting stunnel. The problem I cannot solve easily is how not to leave stunnel running after client logged out of all the applications. Without building something to keep track of "stunnels users" count, how could I do it? Is there some way to switch to multiple instances mode? Please advise. Larisa -- View this message in context: http://old.nabble.com/ver-4.5-VS-4.2%3A-running-single-process-now%2C-how-t… Sent from the Stunnel - Users mailing list archive at Nabble.com.

3 7

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users January 2012