stunnel-users April 2017

stunnel-users@stunnel.org

9 participants
10 discussions

Requests to cloud server that requires host header
by Lorne Kates 13 Nov '24

13 Nov '24

(related to Akamai message from before-- but I have better troubleshooting information). I'm tying to route traffic through stunnel to a "cloud" based-endpoint. That endpoint has a static server name-- test.authorize.net. (This is the dev sandbox for auth.net). But if you do an nslookup on test.authorize.net, you'll get back a different servername and IP, because it's so wonderfully "cloud". Stunnel apparently tries to connect to the nslookup value. The server rejects the request because it can't route it back to test.authorize.net. I've tried adding "delay = yes" and "sni = test.authorize.net", but neither work. To see this in action, a simple setup with any accept, then connect to test.authorize.net:443 in client = yes mode. This is what a valid response looks like (13 -- give me the darn merchant ID in a POST): https://test.authorize.net/gateway/transact.dll This is what you'll get if you try to use stunnel (400 invalid url) : https://23.195.204.150/gateway/transact.dll So how can I get stunnel to send the proper Request Header (host: test.authorize.net), make sure it's using http/1.1, etc?

4 3

Stunnel 4 failing to connect to gmail
by Asif Iqbal 11 Dec '20

11 Dec '20

I am faling to connect to gmail. Not sure what that bind error means. iqbala@ghar:~$ sudo stunnel4 2008.12.15 13:53:17 LOG7[3839:3083650736]: Snagged 64 random bytes from /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: Wrote 1024 new random bytes to /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: RAND_status claims sufficient entropy for the PRNG 2008.12.15 13:53:17 LOG7[3839:3083650736]: PRNG seeded successfully 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: Key file: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Private key loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: SSL context initialized for service ssmtp 2008.12.15 13:53:17 LOG5[3839:3083650736]: stunnel 4.22 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2008.12.15 13:53:17 LOG5[3839:3083650736]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2008.12.15 13:53:17 LOG6[3839:3083650736]: file ulimit = 1024 (can be changed with 'ulimit -n') 2008.12.15 13:53:17 LOG6[3839:3083650736]: poll() used - no FD_SETSIZE limit for file descriptors 2008.12.15 13:53:17 LOG5[3839:3083650736]: 500 clients allowed 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 10 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 11 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 12 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: SO_REUSEADDR option set on accept socket 2008.12.15 13:53:17 LOG3[3839:3083650736]: Error binding ssmtp to 74.125.93.111:587 2008.12.15 13:53:17 LOG3[3839:3083650736]: bind: Cannot assign requested address (99) Here is how my conf file looks like iqbala@ghar:~$ cat /etc/stunnel/stunnel.conf | egrep -v "^;|^$" cert = /etc/stunnel/stunnel.pem foreground = yes sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel4/stunnel.log client = yes [ssmtp] accept = smtp.gmail.com:587 connect = 25 Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu

5 9

Stunnel & Gmail security
by BOXI31 TEST 17 Oct '20

17 Oct '20

Hi all, To make "Stunnel 5.31" work with Gmail, I have to go in security settings of Gmail and "allow less secure apps to access my account". Is it mandatory ? Is it possible to set Stunnel to access Gmail without lowering it security level ? How ? I checked in log file TLS v1.2 is used by Stunnel but Gmail still consider it as a "less secure app." ! Regards, Steve

2 1

Re: [stunnel-users] Help in setting stunnel in client mode to connect webservice in mutual authentication
by Chokkalingam, Jothish 28 Apr '17

28 Apr '17

Hi Can you help in sorting it out below scenario We have a URL whose TLS is 1.0 and now it is being upgraded to 1.2. Since the current application doesn't support V1.0 I am planning to use stunnel in between to fix the gap. Can you help if my below config is correct or not. The communication between client and server is MASSL(mutual authentication SSL) [Billpay46200] client = yes CApath = /apps/bss/CCBTrustStore-->trust store where the remote webservice certificates are stored in cert format accept = 46200-->port configured from client machine to connect using http connect = xxx.in.xxx.com.au:46200-->port where the incoming http request need to be changed from http to https cert = /stunnel/bin/client.pem-->identity certificate used for client key = /stunnel/bin/key.pem-->corresponding key for the above identity certificate. While hitting using the URL http://localhost:46200 it is shown in stunnel log as below 2017.04.28 17:17:51 LOG5[2627:3]: Billpay46200 accepted connection from 127.0.0.1:58382 2017.04.28 17:17:51 LOG5[2627:3]: Billpay46200 connected remote server from 10.116.194.24:58383 2017.04.28 17:17:51 LOG3[2627:3]: SSL_connect: Peer suddenly disconnected 2017.04.28 17:17:51 LOG5[2627:3]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket Thanks and Regards, Jothish TIBCO TSD Ph. : +91 44 39263958 Mobile : +91 9884040171 Support : +91 9962007110 OC : jothish.chokkalingam Group mail:- Telstra.psm.tsd.tibco(a)accenture.com ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com

1 0

Remove session callback
by Florian Gossin 19 Apr '17

19 Apr '17

Hi, I have updated to the latest 5.41 version. I was troubleshooting another problem and I discovered dozens of lines in the log file with "Remove session callback, Deallocating application specific data for session connect address": 2017.04.19 14:49:49 LOG7[17483]: Service [pgbouncer-client] started 2017.04.19 14:49:49 LOG7[17483]: Option TCP_NODELAY set on local socket 2017.04.19 14:49:49 LOG5[17483]: Service [pgbouncer-client] accepted connection from x.x.x.x:36018 2017.04.19 14:49:49 LOG6[17483]: Peer certificate required 2017.04.19 14:49:49 LOG7[17483]: TLS state (accept): before/accept initialization 2017.04.19 14:49:49 LOG7[17483]: SNI: no virtual services defined 2017.04.19 14:49:49 LOG7[17483]: TLS state (accept): SSLv3 read client hello A 2017.04.19 14:49:49 LOG7[17483]: TLS state (accept): SSLv3 write server hello A 2017.04.19 14:49:49 LOG7[17483]: TLS state (accept): SSLv3 write change cipher spec A 2017.04.19 14:49:49 LOG7[17483]: TLS state (accept): SSLv3 write finished A 2017.04.19 14:49:49 LOG7[17483]: TLS state (accept): SSLv3 flush data 2017.04.19 14:49:49 LOG7[17483]: TLS state (accept): SSLv3 read finished A 2017.04.19 14:49:49 LOG7[17483]: Remove session callback 2017.04.19 14:49:49 LOG7[17483]: Deallocating application specific data for session connect address 2017.04.19 14:49:49 LOG7[17483]: Remove session callback 2017.04.19 14:49:49 LOG7[17483]: Deallocating application specific data for session connect address ... Can anyone explain me what it is about ? Thank you, Florian

1 0

Windows Server 2012 stunnel service
by Adam Shackleton 18 Apr '17

18 Apr '17

Hi All I'm running stunnel on Windows Server 2012 R2 with the following config: [test-qa] client = yes accept = 127.0.0.1:8080 connect = webaddress.com:443 cert = API-q-response.pfx CAfile = ca-certs.pem OCSPaia = yes When I start the GUI I'm prompted for the certificate password then and then stunnel works fine, but I need it to run as a service. I've tried using the start menu stunnel Service Install button, I've also tried opening a command prompt in C:\Program Files (x86)\stunnel\config and running C:\Program Files (x86)\stunnel\bin\stunnel.exe -install, and I've also tried moving the config file and certs to the \bin directory and running stunnel -install there as well. In all case the service installs ok, and when you run it, it starts (I can see it in the services tool), you can click the stunnel Configuration File Reload button in the start menu and it says the configuration was successfully reloaded, but it doesn't work when I try to use it. I've noticed two things that might be relevant: 1. At no point does it prompt me for the certificate password like it does when I load the GUI 2. The dialog boxes that open when the service is installed or started say "stunnel 5.40 on Win32 (not configured) [cid:image001.png@01D2B81E.BD3E6BC0] If anyone has any advice that would be greatly appreciated. Thanks Adam

2 1

SOCKS connection to the IPv4 loopback rejected.
by Robert de Bath 15 Apr '17

15 Apr '17

Hi everyone, How do I get rid of this message? I have a stunnel server setup on a remote machine using the socks protocol. I use two keys plus the certificates and a private CA to protect the SSL link. On a local machine I have an stunnel client running without a protocol option set. If I try to make a socks connection to an interface IP of the remote server it works perfectly, bypassing the intervening firewalls through the protected tunnel. But the interface IP changes and I only want to allow connections to the remote server through the tunnel. I could setup traditional tunnels, but while one of the services (remote desktop to the Windows server) is constant the others are dynamically configurable. I have even considered using SNI to distinguish the incoming connections to the various services but while this allows there to be just one tunnel port it will still need a remote reconfiguration of stunnel every time a service port is added or removed. The best way to express this limit is that the socks server should ONLY connect to localhost; but it's "rejected". In actual operation I will probably need to allow the local network too which will probably be an rfc1597 address. Looking at the source it appears that this condition is hard coded into the "validate" function so my question becomes: can you please remove this or add a flag to turn it off? -- Robert de Bath robert(a)tvisiontech.co.uk

1 0

Configure Error
by Kenway Ng 12 Apr '17

12 Apr '17

Hi I am running into an issue when I go into the src directory and I run the configure command, I get configure: error: Could not find your TLS library installation dir Use --with-ssl option to fix this problem I am trying to upgrade our version of stunnel. Our SME left and now I am trying to upgrade stunnel to fix a vulnerability . I am being told to use TLS1.1 or higher Here is our current version of stunnel $ ./stunnel -version stunnel 4.15 on x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP Any help would be appreciated. Kenway

1 0

PSK, verifying the client
by Mike 05 Apr '17

05 Apr '17

Is it possible to verify the client using PSK? On the stunnel server I specify a PSKsecrets file with two lines in it, one for client01 and one for client02. The secret is about 36 characters long. On a client, I have a similar PSKsecrets file, but only containing the client01 line. Now, if I try to connect with, say, a client03, i.e., any client that does not have a matching line in the server's PSKsecrets file, how can I assure that the client connection will be rejected? What I'd like to see would be the following: any client that tries to connect, and does not present a PSK that is present in the server's PSKsecrets file, then that client's connection request is rejected, with an appropriate message logged. Can I do that with the current stunnel? thx.

1 0

Scan to email failure: RapbianPi3 to Office365
by Graeme Ellisson 03 Apr '17

03 Apr '17

Hi. I recently bought a Pi3 and have loaded Raspbian with Doobs (Previously I had this running faultlessly under a Windows Server for my Canon multi function printer that does not support SSL/TLS but only authentication). After about 8 attempts to get Stunnel4 working (there doesn't seem to be a later version to install via the command line) I eventually found that Stunnel4 works fine as long as one doesn't update Dabian from the initial Doobs install. So, I now have the service running and listening on port 25 with the following config file: debug=7 output=/etc/stunnel/stunnel.log client=yes options=NO_SSLv2 (I added this last night after reading a blog) [SMTP OUT] sslVersion=TLSv1 (I added this last night after reading a blog) protocol=smtp accept=25 connect=smtp.office365.com:587 On restarting the service I see the following which looks okay to my untrained eye: 2017.04.03 09:42:09 LOG7[3570]: Dispatching signals from the signal pipe 2017.04.03 09:42:09 LOG7[3570]: Processing SIGNAL_TERMINATE 2017.04.03 09:42:09 LOG5[3570]: Terminated 2017.04.03 09:42:09 LOG7[3570]: Closing service [SMTP OUT] 2017.04.03 09:42:09 LOG7[3570]: Service [SMTP OUT] closed (FD=7) 2017.04.03 09:42:09 LOG7[3570]: Service [SMTP OUT] closed 2017.04.03 09:42:09 LOG7[3570]: removing pid file /var/run/stunnel4.pid 2017.04.03 09:42:09 LOG7[3926]: Clients allowed=500 2017.04.03 09:42:09 LOG5[3926]: stunnel 5.06 on arm-unknown-linux-gnueabihf platform 2017.04.03 09:42:09 LOG5[3926]: Compiled with OpenSSL 1.0.1k 8 Jan 2015 2017.04.03 09:42:09 LOG5[3926]: Running with OpenSSL 1.0.1t 3 May 2016 2017.04.03 09:42:09 LOG5[3926]: Update OpenSSL shared libraries or rebuild stunnel 2017.04.03 09:42:09 LOG5[3926]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIB$ 2017.04.03 09:42:09 LOG7[3926]: errno: (*__errno_location ()) 2017.04.03 09:42:09 LOG5[3926]: Reading configuration from file /etc/stunnel/stunnel4.conf 2017.04.03 09:42:09 LOG5[3926]: FIPS mode disabled 2017.04.03 09:42:09 LOG7[3926]: Compression disabled 2017.04.03 09:42:09 LOG7[3926]: Snagged 64 random bytes from /dev/urandom 2017.04.03 09:42:09 LOG7[3926]: PRNG seeded successfully 2017.04.03 09:42:09 LOG6[3926]: Initializing service [SMTP OUT] 2017.04.03 09:42:09 LOG7[3926]: No private key specified 2017.04.03 09:42:09 LOG7[3926]: SSL options: 0x03000004 (+0x03000000, -0x00000000) 2017.04.03 09:42:09 LOG5[3926]: Configuration successful 2017.04.03 09:42:09 LOG7[3926]: Listening file descriptor created (FD=7) 2017.04.03 09:42:09 LOG7[3926]: Service [SMTP OUT] (FD=7) bound to 0.0.0.0:25 2017.04.03 09:42:09 LOG7[3927]: Created pid file /var/run/stunnel4.pid When sending a scan from the printer to an email address I see the following in the log file: 2017.04.03 10:00:05 LOG7[3927]: Service [SMTP OUT] accepted (FD=3) from 192.168.8.99:1085 2017.04.03 10:00:05 LOG7[3960]: Service [SMTP OUT] started 2017.04.03 10:00:05 LOG5[3960]: Service [SMTP OUT] accepted connection from 192.168.8.99:1085 2017.04.03 10:00:05 LOG6[3960]: s_connect: connecting 40.101.73.162:587 2017.04.03 10:00:05 LOG7[3960]: s_connect: s_poll_wait 40.101.73.162:587: waiting 10 seconds 2017.04.03 10:00:05 LOG5[3960]: s_connect: connected 40.101.73.162:587 2017.04.03 10:00:05 LOG5[3960]: Service [SMTP OUT] connected remote server from 192.168.8.33:59792 2017.04.03 10:00:05 LOG7[3960]: Remote socket (FD=9) initialized 2017.04.03 10:00:05 LOG7[3960]: <- 220 DB6PR07CA0179.outlook.office365.com Microsoft ESMTP MAIL Service $ 2017.04.03 10:00:05 LOG7[3960]: -> 220 DB6PR07CA0179.outlook.office365.com Microsoft ESMTP MAIL Service $ 2017.04.03 10:00:05 LOG7[3960]: -> EHLO localhost 2017.04.03 10:00:05 LOG7[3960]: <- 250-DB6PR07CA0179.outlook.office365.com Hello [46.208.253.189] 2017.04.03 10:00:05 LOG7[3960]: <- 250-SIZE 157286400 2017.04.03 10:00:05 LOG7[3960]: <- 250-PIPELINING 2017.04.03 10:00:05 LOG7[3960]: <- 250-DSN 2017.04.03 10:00:05 LOG7[3960]: <- 250-ENHANCEDSTATUSCODES 2017.04.03 10:00:05 LOG7[3960]: <- 250-STARTTLS 2017.04.03 10:00:05 LOG7[3960]: <- 250-8BITMIME 2017.04.03 10:00:05 LOG7[3960]: <- 250-BINARYMIME 2017.04.03 10:00:05 LOG7[3960]: <- 250-CHUNKING 2017.04.03 10:00:05 LOG7[3960]: <- 250 SMTPUTF8 2017.04.03 10:00:05 LOG7[3960]: -> STARTTLS 2017.04.03 10:00:05 LOG7[3960]: <- 220 2.0.0 SMTP server ready 2017.04.03 10:00:05 LOG6[3960]: SNI: sending servername: outlook.office365.com 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): before/connect initialization 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: SSL state (connect): unknown state 2017.04.03 10:00:05 LOG7[3960]: 0 items in the session cache 2017.04.03 10:00:05 LOG7[3960]: 2 client connects (SSL_connect()) 2017.04.03 10:00:05 LOG7[3960]: 2 client connects that finished 2017.04.03 10:00:05 LOG7[3960]: 0 client renegotiations requested 2017.04.03 10:00:05 LOG7[3960]: 0 server connects (SSL_accept()) 2017.04.03 10:00:05 LOG7[3960]: 0 server connects that finished 2017.04.03 10:00:05 LOG7[3960]: 0 server renegotiations requested 2017.04.03 10:00:05 LOG7[3960]: 0 session cache hits 2017.04.03 10:00:05 LOG7[3960]: 0 external session cache hits 2017.04.03 10:00:05 LOG7[3960]: 0 session cache misses 2017.04.03 10:00:05 LOG7[3960]: 0 session cache timeouts 2017.04.03 10:00:05 LOG6[3960]: SSL connected: new session negotiated 2017.04.03 10:00:05 LOG6[3960]: Negotiated TLSv1 ciphersuite ECDHE-RSA-AES128-SHA (128-bit encryption) 2017.04.03 10:00:05 LOG6[3960]: Compression: null, expansion: null 2017.04.03 10:00:10 LOG6[3960]: SSL socket closed (SSL_read) 2017.04.03 10:00:10 LOG7[3960]: Sent socket write shutdown 2017.04.03 10:00:10 LOG5[3960]: Connection closed: 23 byte(s) sent to SSL, 79 byte(s) sent to socket 2017.04.03 10:00:10 LOG7[3960]: Remote socket (FD=9) closed 2017.04.03 10:00:10 LOG7[3960]: Local socket (FD=3) closed 2017.04.03 10:00:10 LOG7[3960]: Service [SMTP OUT] finished (0 left) 2017.04.03 10:00:20 LOG7[3927]: Service [SMTP OUT] accepted (FD=3) from 192.168.8.99:1086 2017.04.03 10:00:20 LOG7[3961]: Service [SMTP OUT] started 2017.04.03 10:00:20 LOG5[3961]: Service [SMTP OUT] accepted connection from 192.168.8.99:1086 2017.04.03 10:00:20 LOG6[3961]: s_connect: connecting 40.101.72.194:587 2017.04.03 10:00:20 LOG7[3961]: s_connect: s_poll_wait 40.101.72.194:587: waiting 10 seconds 2017.04.03 10:00:20 LOG5[3961]: s_connect: connected 40.101.72.194:587 2017.04.03 10:00:20 LOG5[3961]: Service [SMTP OUT] connected remote serve from 192.168.8.33:57422 2017.04.03 10:00:20 LOG7[3961]: Remote socket (FD=9) initialized 2017.04.03 10:00:21 LOG7[3961]: <- 220 DB6PR07CA0014.outlook.office365.com Microsoft ESMTP MAIL Service $ 2017.04.03 10:00:21 LOG7[3961]: -> 220 DB6PR07CA0014.outlook.office365.com Microsoft ESMTP MAIL Service $ 2017.04.03 10:00:21 LOG7[3961]: -> EHLO localhost 2017.04.03 10:00:21 LOG7[3961]: <- 250-DB6PR07CA0014.outlook.office365.com Hello [46.208.253.189] 2017.04.03 10:00:21 LOG7[3961]: <- 250-SIZE 157286400 2017.04.03 10:00:21 LOG7[3961]: <- 250-PIPELINING 2017.04.03 10:00:21 LOG7[3961]: <- 250-DSN 2017.04.03 10:00:21 LOG7[3961]: <- 250-ENHANCEDSTATUSCODES 2017.04.03 10:00:21 LOG7[3961]: <- 250-STARTTLS 2017.04.03 10:00:21 LOG7[3961]: <- 250-8BITMIME 2017.04.03 10:00:21 LOG7[3961]: <- 250-BINARYMIME 2017.04.03 10:00:21 LOG7[3961]: <- 250-CHUNKING 2017.04.03 10:00:21 LOG7[3961]: <- 250 SMTPUTF8 2017.04.03 10:00:21 LOG7[3961]: -> STARTTLS 2017.04.03 10:00:21 LOG7[3961]: <- 220 2.0.0 SMTP server ready 2017.04.03 10:00:21 LOG6[3961]: SNI: sending servername: outlook.office365.com 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): before/connect initialization 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: SSL state (connect): unknown state 2017.04.03 10:00:21 LOG7[3961]: 0 items in the session cache 2017.04.03 10:00:21 LOG7[3961]: 3 client connects (SSL_connect()) 2017.04.03 10:00:21 LOG7[3961]: 3 client connects that finished 2017.04.03 10:00:21 LOG7[3961]: 0 client renegotiations requested 2017.04.03 10:00:21 LOG7[3961]: 0 server connects (SSL_accept()) 2017.04.03 10:00:21 LOG7[3961]: 0 server connects that finished 2017.04.03 10:00:21 LOG7[3961]: 0 server renegotiations requested 2017.04.03 10:00:21 LOG7[3961]: 0 session cache hits 2017.04.03 10:00:21 LOG7[3961]: 0 external session cache hits 2017.04.03 10:00:21 LOG7[3961]: 0 session cache misses 2017.04.03 10:00:21 LOG7[3961]: 0 session cache timeouts 2017.04.03 10:00:21 LOG6[3961]: SSL connected: new session negotiated 2017.04.03 10:00:21 LOG6[3961]: Negotiated TLSv1 ciphersuite ECDHE-RSA-AES128-SHA (128-bit encryption) 2017.04.03 10:00:21 LOG6[3961]: Compression: null, expansion: null 2017.04.03 10:00:26 LOG6[3961]: SSL socket closed (SSL_read) 2017.04.03 10:00:26 LOG7[3961]: Sent socket write shutdown 2017.04.03 10:00:26 LOG5[3961]: Connection closed: 23 byte(s) sent to SSL, 79 byte(s) sent to socket 2017.04.03 10:00:26 LOG7[3961]: Remote socket (FD=9) closed 2017.04.03 10:00:26 LOG7[3961]: Local socket (FD=3) closed 2017.04.03 10:00:26 LOG7[3961]: Service [SMTP OUT] finished (0 left) At the end of this, no email is received. I can't tell from the above if the document is not being received by Stunnel from the printer or if Stunnel can not pass the document to Office365. It looks like TLSv1 is being negotiated and some data is being sent but then it closes the connection. Any help would be much appreciated. Regards, Graeme

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users April 2017