stunnel-users January 2019

stunnel-users@stunnel.org

11 participants
19 discussions

Requests to cloud server that requires host header
by Lorne Kates 13 Nov '24

13 Nov '24

(related to Akamai message from before-- but I have better troubleshooting information). I'm tying to route traffic through stunnel to a "cloud" based-endpoint. That endpoint has a static server name-- test.authorize.net. (This is the dev sandbox for auth.net). But if you do an nslookup on test.authorize.net, you'll get back a different servername and IP, because it's so wonderfully "cloud". Stunnel apparently tries to connect to the nslookup value. The server rejects the request because it can't route it back to test.authorize.net. I've tried adding "delay = yes" and "sni = test.authorize.net", but neither work. To see this in action, a simple setup with any accept, then connect to test.authorize.net:443 in client = yes mode. This is what a valid response looks like (13 -- give me the darn merchant ID in a POST): https://test.authorize.net/gateway/transact.dll This is what you'll get if you try to use stunnel (400 invalid url) : https://23.195.204.150/gateway/transact.dll So how can I get stunnel to send the proper Request Header (host: test.authorize.net), make sure it's using http/1.1, etc?

4 3

Re: [stunnel-users] CPU 100%
by Eric Eberhard 06 Nov '24

06 Nov '24

Long ago I had a server with a bad network card. Every once in a while it would spew uncontrollable bytes onto the network. If you open a stunnel connection and it does that this could very well be the problem. If it cheap, try changing the network card. If not, you should be able to look in your firewall/router and it will tell you who is sending what bytes to whomever. See if that machine is indeed streaming the bytes in massive quantities. If not, I would suspect your stunnel is getting stuck in it's own loop. There are a million reasons this can happen (well a few less than a million) - such as maybe a bad library in the FreeBSD or a bad choice in the Makefile - such as doing threads or something in a way your O/S does not like (I use threads=fork or whatever it is, instead of actual threading). You might tinker with some of the options that make the stunnel build and try different ones. Especially if stunnel was compiled on a different version of the O/S - could be differences in bytes in things and who knows what. That is all I can suggest beyond setting the debug level to 7 (I think is highest) and then watching the log file. Eric From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Murrey, Brian J. Sent: Wednesday, October 17, 2018 10:57 AM To: stunnel-users(a)stunnel.org Subject: [stunnel-users] CPU 100% We are running stunnel 5.49 on FreeBSD 11.2 and we're running into a problem once in a while. CPU pegs at 100% when we get an stunnel connection from one of our external devices. This affects 100% of all cores and we can't even log in to console. To mitigate this temporarily, we have a script running in the background to watch when stunnel begins to spike and restarts the daemon. It doesn't happen 100% of the time, and so far I have been unable to distinguish what makes the connection do this to the CPU. Have any of you run in to this issue? Sincerely, Brian Murrey System Engineer II, IT Infrastructure _____ NOTICE: This message may contain privileged and confidential information and/or protected health information intended solely for the use of the named recipient and may be privileged or otherwise protected by law. If you are not the intended recipient of this message, you should immediately notify the sender and delete this message. Do not disseminate, reproduce, or review this message or attachments if you are not the intended recipient. The sender or others may have legal rights restricting the dissemination of the information contained in this message and, as a result, remedies against you in the event of the improper dissemination of confidential information, trade secrets, personal information or privileged communications. This message is the work of the sender and does not necessarily reflect the position, views, or policies of TriMedx LLC or its affiliates. WARNING: The integrity and security of this message cannot be guaranteed and may contain or transmit a virus or other illicit code. Neither TriMedx LLC or its affiliates accept liability for any damage attributable to viruses or illicit code transmitted through this message or an attachment.

2 1

older browsers, stunnel and privoxy
by kovacs janos 04 Mar '24

04 Mar '24

sorry to bother, im trying to make older browsers be able to display TLS 1.1 and TLS 1.2 sites. i heard stunnel cant be configured to always forward to the current site address dynamically, thats why i would use privoxy. the browser is configured to send to: 127.0.0.1 443 stunnel config has this at the end: [Tunnel_in] client = yes accept = 127.0.0.1:443 connect = 127.0.0.1:8118 verifyChain = yes CAfile = ca-certs.pem checkHost = localhost 127.0.0.1:8118 is the privoxy address. this is what stunnel writes: LOG5[main]: Configuration successful LOG5[0]: Service [Tunnel_in] accepted connection from 127.0.0.1:3261 LOG5[0]: s_connect: connected 127.0.0.1:8118 LOG5[0]: Service [Tunnel_in] connected remote server from 127.0.0.1:3262 and the browser infinitely loads, and never loads anything or leaves the page. if i remove the last 3 lines, its the same just with this line added: LOG4[main]: Service [Tunnel_in] needs authentication to prevent MITM attacks but it doesnt give an error or anything. with a configuration like: [Tunnel_out] client = no accept = 127.0.0.1:443 connect = 127.0.0.1:8118 cert = stunnel.pem this is what it gives: LOG5[3]: Service [Tunnel_out] accepted connection from 127.0.0.1:3294 LOG3[3]: SSL_accept: 1407609B: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket and browser gives a server not found error immediately. im not even sure if i should use client or server configuration in a case like this, but none of them works anyway. all i would need is for my browser to get the pages decrypted, or at least in less than TLS1.1. like how on newipnow.com i can access sites with any encryption, since they are sent to the browser without encryption. the browser just gives an "unencrypted tunnel" warning, which is how i found stunnel, and which is exactly what i need, just locally.

8 41

Stunnel 4 failing to connect to gmail
by Asif Iqbal 11 Dec '20

11 Dec '20

I am faling to connect to gmail. Not sure what that bind error means. iqbala@ghar:~$ sudo stunnel4 2008.12.15 13:53:17 LOG7[3839:3083650736]: Snagged 64 random bytes from /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: Wrote 1024 new random bytes to /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: RAND_status claims sufficient entropy for the PRNG 2008.12.15 13:53:17 LOG7[3839:3083650736]: PRNG seeded successfully 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: Key file: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Private key loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: SSL context initialized for service ssmtp 2008.12.15 13:53:17 LOG5[3839:3083650736]: stunnel 4.22 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2008.12.15 13:53:17 LOG5[3839:3083650736]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2008.12.15 13:53:17 LOG6[3839:3083650736]: file ulimit = 1024 (can be changed with 'ulimit -n') 2008.12.15 13:53:17 LOG6[3839:3083650736]: poll() used - no FD_SETSIZE limit for file descriptors 2008.12.15 13:53:17 LOG5[3839:3083650736]: 500 clients allowed 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 10 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 11 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 12 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: SO_REUSEADDR option set on accept socket 2008.12.15 13:53:17 LOG3[3839:3083650736]: Error binding ssmtp to 74.125.93.111:587 2008.12.15 13:53:17 LOG3[3839:3083650736]: bind: Cannot assign requested address (99) Here is how my conf file looks like iqbala@ghar:~$ cat /etc/stunnel/stunnel.conf | egrep -v "^;|^$" cert = /etc/stunnel/stunnel.pem foreground = yes sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel4/stunnel.log client = yes [ssmtp] accept = smtp.gmail.com:587 connect = 25 Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu

5 9

Stunnel & Gmail security
by BOXI31 TEST 16 Oct '20

16 Oct '20

Hi all, To make "Stunnel 5.31" work with Gmail, I have to go in security settings of Gmail and "allow less secure apps to access my account". Is it mandatory ? Is it possible to set Stunnel to access Gmail without lowering it security level ? How ? I checked in log file TLS v1.2 is used by Stunnel but Gmail still consider it as a "less secure app." ! Regards, Steve

2 1

Re: [stunnel-users] How can stunnel use openssl HW cryptodev encryption
by Eric Eberhard 28 Jan '19

28 Jan '19

I'll give you two pieces of advice that almost everyone on the list won't agree with :) 1) Make a static openssl and static stunnel and locate them someplace apart from the standard locations (/usr/local/company_name/lib is what I use). This means if anyone messes with openssl or stunnel you won't be affected - and it will always work as it is static - and part of your application - the user does not even need your libraries. I have a personal distaste for dynamic linking . mostly because I have a lot of customers that update a lot of things (including openssl - a lot - and stunnel sometimes) . and then wonder why things stop working. A 10 year old openssl and stunnel - all static - will still run and work fine past all updates and user messing around. I choose when I want to update openssl and stunnel (meaning I look to see if there is something new I need or want). As a result I missed the keep alive and poodle bugs - I did not update until after both were fixed. 2) Forget hardware implementation - geez - modern computers are so darn fast that I cannot imagine you really need that level of "speed up" versus the grief you are handling. I have customers that exchange millions (4+) XML documents a day, all through stunnel, all through inetd (also not efficient supposedly - just reliable and always works and needs no management) - and have no problems. I am using IBM p Series (AIX) and these machines even at the low level are fast . but I also use some SCO and Linux and certainly with lesser volume they are fine as well. 3) OK - 3 is really - use inetd, so much easier and always works (assuming you have Unix). If inetd crashes Unix crashes so . see number 2 for reasons :) Of course, these ideas won't help much if you don't have a Unix variation or if you are really that tight on performance (although if you are I'd suggest hardware upgrades!). Good luck with your project, Eric From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Tamar Pedersen Sent: Wednesday, January 16, 2019 1:06 PM To: stunnel-users(a)stunnel.org Subject: [stunnel-users] How can stunnel use openssl HW cryptodev encryption Hello, I am evaluating stunnel, to see if it is a viable solution for providing encryption in a system that contains an Atmel processor which includes a HW accelerated encryption block. I am just ramping up on stunnel, and figured I should capture what I have done so far. My questions will come towards the end of my email. My research indicates that stunnel incorporates openssl. I have been able to use openssl independently, to access the cryptodev HW encryption engine, in the Linux kernel module located in /lib/modules/4.14.79/extra/cryptodev.ko. When openssl is run without accessing the cryptodev engine (cryptodev module not loaded), I get the pure SW encryption implementation provided by default in openssl. When I run bench mark speed tests using openssl, using SW encryption, I see the following results: # time -v openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 1689887 aes-128-cbc's in 2.95s Doing aes-128-cbc for 3s on 64 size blocks: 568389 aes-128-cbc's in 2.95s Doing aes-128-cbc for 3s on 256 size blocks: 151550 aes-128-cbc's in 2.96s Doing aes-128-cbc for 3s on 1024 size blocks: 38599 aes-128-cbc's in 2.96s Doing aes-128-cbc for 3s on 8192 size blocks: 4845 aes-128-cbc's in 2.95s OpenSSL 1.0.2p-fips 14 Aug 2018 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr) compiler: arm-laird-linux-gnueabi-gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/home/sii/wb50n_space2_legacy_6.0.0.x/wb/buildroot/output/wb50n_space2_leg acy/host/arm-buildroot-linux-gnueabi/sysroot/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 9165.49k 12331.15k 13107.03k 13353.17k 13454.32k Command being timed: "openssl speed -evp aes-128-cbc" User time (seconds): 14.81 System time (seconds): 0.10 Percent of CPU this job got: 99% Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 15.06s Average shared text size (kbytes): 0 Average unshared data size (kbytes): 0 Average stack size (kbytes): 0 Average total size (kbytes): 0 Maximum resident set size (kbytes): 13376 Average resident set size (kbytes): 0 Major (requiring I/O) page faults: 0 Minor (reclaiming a frame) page faults: 145 Voluntary context switches: 0 Involuntary context switches: 721 Swaps: 0 File system inputs: 0 File system outputs: 0 Socket messages sent: 0 Socket messages received: 0 Signals delivered: 0 Page size (bytes): 4096 Exit status: 0 # When I load the cryptodev module, and take advantage of the accelerated hardware encryption the benchmark tests are significantly faster. Here is what those results look like. # modprobe cryptodev # time -v openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 44163 aes-128-cbc's in 0.12s Doing aes-128-cbc for 3s on 64 size blocks: 31345 aes-128-cbc's in 0.15s Doing aes-128-cbc for 3s on 256 size blocks: 18923 aes-128-cbc's in 0.11s Doing aes-128-cbc for 3s on 1024 size blocks: 13847 aes-128-cbc's in 0.13s Doing aes-128-cbc for 3s on 8192 size blocks: 8427 aes-128-cbc's in 0.06s OpenSSL 1.0.2p-fips 14 Aug 2018 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr) compiler: arm-laird-linux-gnueabi-gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/home/sii/wb50n_space2_legacy_6.0.0.x/wb/buildroot/output/wb50n_space2_leg acy/host/arm-buildroot-linux-gnueabi/sysroot/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 5888.40k 13373.87k 44038.98k 109071.75k 1150566.40k Command being timed: "openssl speed -evp aes-128-cbc" User time (seconds): 0.59 System time (seconds): 8.72 Percent of CPU this job got: 61% Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 15.11s Average shared text size (kbytes): 0 Average unshared data size (kbytes): 0 Average stack size (kbytes): 0 Average total size (kbytes): 0 Maximum resident set size (kbytes): 13792 Average resident set size (kbytes): 0 Major (requiring I/O) page faults: 0 Minor (reclaiming a frame) page faults: 144 Voluntary context switches: 41154 Involuntary context switches: 3321 Swaps: 0 File system inputs: 0 File system outputs: 0 Socket messages sent: 0 Socket messages received: 0 Signals delivered: 0 Page size (bytes): 4096 Exit status: 0 # As can be seen in the results (hi-lighted in red), the average speed to do aes-128-cbc encryption jumped from around 2.95 s to 0.10 s. Also of interest is the context switches are significantly higher when running hardware encryption, because of interrupts and overhead to use the hardware engine. I can also look at /proc/interrupts and see significant increases in atmel-aes interrupt counts when using the cryptodev HW acceleration encryption engine. This gives a good indication that the cryptodev module is in use, and is doing encryption. I would like to try to figure out how to allow stunnel to take advantage of the cryptodev HW acceleration encryption engine available in openssl. I have made some attempts, but so far, I have not been able to determine if stunnel is successfully using the cryptodev engine. Here is what I have done with stunnel. I already have a client and server successfully communicating with each other using stunnel. To verify this I used the "nc" utility to send characters back and forth between two different machines. The stunnel.conf file, on the server, is out of the box. I'm interested in encrypting on the client side. Here is my current client.conf file, in /etc/stunnel: # cat client.conf debug = 7 output = /tmp/stunnel-server.log pid = /tmp/stunnel.pid engine = cryptodev [test] verify = 1 client = yes accept = 127.0.0.1:2000 connect = 192.168.0.220:30000 CAfile = /etc/stunnel/certificate.crt engineNum = 1 # I am attempting to set up the cryptodev to be the configured engine for the client. I am able to start stunnel, using client.conf, as follows: # stunnel /etc/stunnel/client.conf # If I do a "ps" command to display processes, I can see that stunnel is running in the background. At this point, I can use "nc" to send data, as follows: # nc 127.0.0.1 2000 < /tmp/long_file.txt I am able to see the text from long_file.txt on the server, which is also running nc. The problem is that I don't see interrupts increasing in /proc/interrupts, which leaves me wondering if I have not configured stunnel correctly to use the cryptodev engine. If I try to remove the cryptodev module as this point, while stunnel is running, I receive a message that it is in use, as follows: # modprobe -r cryptodev modprobe: FATAL: Module cryptodev is in use. # If I kill the stunnel process, I am able to successfully remove the cryptodev module, which seems to suggest stunnel is the process using the cryptodev module. Also, once I have removed the cryptodev module, I can't restart stunnel. Instead, I get the following errors back: # stunnel /etc/stunnel/client.conf [.] stunnel 5.44 on arm-buildroot-linux-gnueabi platform [.] Compiled/running with OpenSSL 1.0.2p-fips 14 Aug 2018 [.] Threading:FORK Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI [ ] errno: (*__errno_location ()) [.] Reading configuration from file /etc/stunnel/client.conf [.] UTF-8 byte order mark not detected [ ] Enabling support for engine "cryptodev" [!] error queue: 2606A074: error:2606A074:engine routines:ENGINE_by_id:no such engine [!] error queue: 260B6084: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found [!] error queue: 25070067: error:25070067:DSO support routines:DSO_load:could not load the shared library [!] ENGINE_by_id: 25066067: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library [!] /etc/stunnel/client.conf:5: "engine = cryptodev": Failed to open the engine # Again, this suggests stunnel is trying to use cryptodev. I just don't know how to prove I am taking advantage of the HW encryption acceleration engine. I never see interrupts updating in /proc/interrupts when using nc, while stunnel is running. So, here are my questions: 1.) Does it look like I have things set up correctly in client.conf, to use the cryptodev engine? 2.) If client.conf is correct, how can I prove that stunnel is using the cryptodev engine, since I don't see the expected interrupts? One idea is that the cryptodev module might not support the type of encryption being requested by the certificate, so openssl falls back to the pure SW encryption implementation. I know the Atmel chip in question supports the following: # openssl engine -t -c (cryptodev) cryptodev engine [RSA, DSA, DH, DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, MD5, SHA1, SHA256, SHA384, SHA512] [ available ] (dynamic) Dynamic engine loading support [ unavailable ] # I was able to decode the contents of the certificate, and it says it is sha256WithRSAEncryption. My engine supports SHA256 and RSA, but does it support combining, like SHA256WithRSA? I'm not sure. I'll keep chasing that one. Thanks for any guidance on how to use the cryptodev in stunnel. Regards, Tamar

2 2

Max Performance of Stunnel
by Luis Monteiro 21 Jan '19

21 Jan '19

I'm testing Stunnel with Ixia traffic generator (Breakingpoint Virtual Edition) and I got a limited performance of 3.5Gbps full duplex even with 6 or 9 cpu in the esxi vm. The processors are fully dedicated as well memory all reserved with passthrough od network cards intel x540 10Gbps, 2 ports. The 2 vm are similar with one running stunnel client and the other as stunnel server. The page performance of Stunnel of 5.5Gbps but doesn't inform if it's half or full since in the operation the stunnel has to deal with 2 flow coming and going. If it was 5.5Gbps total makes sense since I'm using 2 x Scalable Gold 6140 and gave me 7Gbps encryption + decryption with AES-NI I think since we are not a feasible solution to check on the fly only the overall performance. I'm using the same cipher suit of performance information of Stunnel. Does anyone know if the performance numbers is considering the total performance or full duplex? Does someone have any tip to improve the performance? Thanks, Luis Monteiro

1 0

Transparente destination
by Luis Monteiro 17 Jan '19

17 Jan '19

Sirs. I tested the stunnel client connect to a stunnel server to proxy transparent a http traffic. I used a traffic generator from Ixia (BPS), a tap to get the traffic between stunnel´s using ntop license pf_ring (Kernel bypass) with tcpdump accessing their libs and export pcaps from source and destination from Ixia. Transparent source worked flawless easily using the information on man page. Transparent destination didn´t worked. The instructions in the stunnel documentation for each are: /sbin/iptables -I INPUT -i client_interface -p tcp --dport 443 (I´m using default port os https) -j ACCEPT ----- It is filter INPUT that is executed after routing decision after nat to allow packets with destination port 443 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 (Destination port of http in client_interface \ -i client_interface -j DNAT --to-destination 9.0.0.2:443 (connect destination on server Stunnel) The second input in iptables is executed before the routing decision and that is the problem. Looking the hit count of in iptables the nat table PREROUTING always have a hit but the filter table filter INPUT doesn´t. I set a policy routing to delivey packets to 9.0.0.2:443 to local process and the filter table filter INPUT started to receive the hit in the counters as well but stunnel didn´t worked. If I change the connect destination address to local interface 9.0.0.1:443 I do not need the pocily routing since it´s local but Stunnel did not worked too. The stunnel configuration for the client is bellow: #setgid = root #setuid = root debug = 7 log = overwrite syslog = no output = /root/stunnel.log ;engine = ENGINE_ID ;engineCtrl = COMMAND[:PARAMETER] ;engineDefault = TASK_LIST [http] client = yes accept = 6.0.0.1:80 ;connect = 9.0.0.2:443 ciphers = AES128-GCM-SHA256 requireCert = no sslVersion = TLSv1.2 transparent = destination At the end I´d like to use both source and destination but I´m testing separated. Does anyone know if there is a bug related or if there is a version working fine? Even with a lot o resource I don´t have more what to do about and any help would be appreciated. Luis Monteiro

1 0

How can stunnel use openssl HW cryptodev encryption
by Tamar Pedersen 16 Jan '19

16 Jan '19

Hello, I am evaluating stunnel, to see if it is a viable solution for providing encryption in a system that contains an Atmel processor which includes a HW accelerated encryption block. I am just ramping up on stunnel, and figured I should capture what I have done so far. My questions will come towards the end of my email. My research indicates that stunnel incorporates openssl. I have been able to use openssl independently, to access the cryptodev HW encryption engine, in the Linux kernel module located in /lib/modules/4.14.79/extra/cryptodev.ko. When openssl is run without accessing the cryptodev engine (cryptodev module not loaded), I get the pure SW encryption implementation provided by default in openssl. When I run bench mark speed tests using openssl, using SW encryption, I see the following results: # time -v openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 1689887 aes-128-cbc's in 2.95s Doing aes-128-cbc for 3s on 64 size blocks: 568389 aes-128-cbc's in 2.95s Doing aes-128-cbc for 3s on 256 size blocks: 151550 aes-128-cbc's in 2.96s Doing aes-128-cbc for 3s on 1024 size blocks: 38599 aes-128-cbc's in 2.96s Doing aes-128-cbc for 3s on 8192 size blocks: 4845 aes-128-cbc's in 2.95s OpenSSL 1.0.2p-fips 14 Aug 2018 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr) compiler: arm-laird-linux-gnueabi-gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/home/sii/wb50n_space2_legacy_6.0.0.x/wb/buildroot/output/wb50n_space2_legacy/host/arm-buildroot-linux-gnueabi/sysroot/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 9165.49k 12331.15k 13107.03k 13353.17k 13454.32k Command being timed: "openssl speed -evp aes-128-cbc" User time (seconds): 14.81 System time (seconds): 0.10 Percent of CPU this job got: 99% Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 15.06s Average shared text size (kbytes): 0 Average unshared data size (kbytes): 0 Average stack size (kbytes): 0 Average total size (kbytes): 0 Maximum resident set size (kbytes): 13376 Average resident set size (kbytes): 0 Major (requiring I/O) page faults: 0 Minor (reclaiming a frame) page faults: 145 Voluntary context switches: 0 Involuntary context switches: 721 Swaps: 0 File system inputs: 0 File system outputs: 0 Socket messages sent: 0 Socket messages received: 0 Signals delivered: 0 Page size (bytes): 4096 Exit status: 0 # When I load the cryptodev module, and take advantage of the accelerated hardware encryption the benchmark tests are significantly faster. Here is what those results look like. # modprobe cryptodev # time -v openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 44163 aes-128-cbc's in 0.12s Doing aes-128-cbc for 3s on 64 size blocks: 31345 aes-128-cbc's in 0.15s Doing aes-128-cbc for 3s on 256 size blocks: 18923 aes-128-cbc's in 0.11s Doing aes-128-cbc for 3s on 1024 size blocks: 13847 aes-128-cbc's in 0.13s Doing aes-128-cbc for 3s on 8192 size blocks: 8427 aes-128-cbc's in 0.06s OpenSSL 1.0.2p-fips 14 Aug 2018 built on: reproducible build, date unspecified options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr) compiler: arm-laird-linux-gnueabi-gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/home/sii/wb50n_space2_legacy_6.0.0.x/wb/buildroot/output/wb50n_space2_legacy/host/arm-buildroot-linux-gnueabi/sysroot/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 5888.40k 13373.87k 44038.98k 109071.75k 1150566.40k Command being timed: "openssl speed -evp aes-128-cbc" User time (seconds): 0.59 System time (seconds): 8.72 Percent of CPU this job got: 61% Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 15.11s Average shared text size (kbytes): 0 Average unshared data size (kbytes): 0 Average stack size (kbytes): 0 Average total size (kbytes): 0 Maximum resident set size (kbytes): 13792 Average resident set size (kbytes): 0 Major (requiring I/O) page faults: 0 Minor (reclaiming a frame) page faults: 144 Voluntary context switches: 41154 Involuntary context switches: 3321 Swaps: 0 File system inputs: 0 File system outputs: 0 Socket messages sent: 0 Socket messages received: 0 Signals delivered: 0 Page size (bytes): 4096 Exit status: 0 # As can be seen in the results (hi-lighted in red), the average speed to do aes-128-cbc encryption jumped from around 2.95 s to 0.10 s. Also of interest is the context switches are significantly higher when running hardware encryption, because of interrupts and overhead to use the hardware engine. I can also look at /proc/interrupts and see significant increases in atmel-aes interrupt counts when using the cryptodev HW acceleration encryption engine. This gives a good indication that the cryptodev module is in use, and is doing encryption. I would like to try to figure out how to allow stunnel to take advantage of the cryptodev HW acceleration encryption engine available in openssl. I have made some attempts, but so far, I have not been able to determine if stunnel is successfully using the cryptodev engine. Here is what I have done with stunnel. I already have a client and server successfully communicating with each other using stunnel. To verify this I used the "nc" utility to send characters back and forth between two different machines. The stunnel.conf file, on the server, is out of the box. I'm interested in encrypting on the client side. Here is my current client.conf file, in /etc/stunnel: # cat client.conf debug = 7 output = /tmp/stunnel-server.log pid = /tmp/stunnel.pid engine = cryptodev [test] verify = 1 client = yes accept = 127.0.0.1:2000 connect = 192.168.0.220:30000 CAfile = /etc/stunnel/certificate.crt engineNum = 1 # I am attempting to set up the cryptodev to be the configured engine for the client. I am able to start stunnel, using client.conf, as follows: # stunnel /etc/stunnel/client.conf # If I do a "ps" command to display processes, I can see that stunnel is running in the background. At this point, I can use "nc" to send data, as follows: # nc 127.0.0.1 2000 < /tmp/long_file.txt I am able to see the text from long_file.txt on the server, which is also running nc. The problem is that I don't see interrupts increasing in /proc/interrupts, which leaves me wondering if I have not configured stunnel correctly to use the cryptodev engine. If I try to remove the cryptodev module as this point, while stunnel is running, I receive a message that it is in use, as follows: # modprobe -r cryptodev modprobe: FATAL: Module cryptodev is in use. # If I kill the stunnel process, I am able to successfully remove the cryptodev module, which seems to suggest stunnel is the process using the cryptodev module. Also, once I have removed the cryptodev module, I can't restart stunnel. Instead, I get the following errors back: # stunnel /etc/stunnel/client.conf [.] stunnel 5.44 on arm-buildroot-linux-gnueabi platform [.] Compiled/running with OpenSSL 1.0.2p-fips 14 Aug 2018 [.] Threading:FORK Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI [ ] errno: (*__errno_location ()) [.] Reading configuration from file /etc/stunnel/client.conf [.] UTF-8 byte order mark not detected [ ] Enabling support for engine "cryptodev" [!] error queue: 2606A074: error:2606A074:engine routines:ENGINE_by_id:no such engine [!] error queue: 260B6084: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found [!] error queue: 25070067: error:25070067:DSO support routines:DSO_load:could not load the shared library [!] ENGINE_by_id: 25066067: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library [!] /etc/stunnel/client.conf:5: "engine = cryptodev": Failed to open the engine # Again, this suggests stunnel is trying to use cryptodev. I just don't know how to prove I am taking advantage of the HW encryption acceleration engine. I never see interrupts updating in /proc/interrupts when using nc, while stunnel is running. So, here are my questions: 1.) Does it look like I have things set up correctly in client.conf, to use the cryptodev engine? 2.) If client.conf is correct, how can I prove that stunnel is using the cryptodev engine, since I don't see the expected interrupts? One idea is that the cryptodev module might not support the type of encryption being requested by the certificate, so openssl falls back to the pure SW encryption implementation. I know the Atmel chip in question supports the following: # openssl engine -t -c (cryptodev) cryptodev engine [RSA, DSA, DH, DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, MD5, SHA1, SHA256, SHA384, SHA512] [ available ] (dynamic) Dynamic engine loading support [ unavailable ] # I was able to decode the contents of the certificate, and it says it is sha256WithRSAEncryption. My engine supports SHA256 and RSA, but does it support combining, like SHA256WithRSA? I'm not sure. I'll keep chasing that one. Thanks for any guidance on how to use the cryptodev in stunnel. Regards, Tamar

1 0

Stunnel in transparent mode
by Luis Monteiro 15 Jan '19

15 Jan '19

Hi fellows. I´m from Brazil and I´m trying to use Stunnel as a TLS proxy in a bed test environment. I´m using a traffic generator from Ixia (Breakingpoint). The bed test is: |-------------------| 6.0.0.1 |-------------------|9.0.0.1 9.0.0.2|--------------------|7.0.0.2 |--------------------| | Client 6.0.0.2 |>>>>>>>>>>>>| Stunnel Client|>>>>>>>>>>>>>>>>>>| Stunnel Server|>>>>>>>>>>>>>>>>>> | Server 7.0.0.2 | |-------------------| ens224 |-------------------|ens192 ens224|--------------------|ens192 |--------------------| I´m capturing the packets in all 3 points so I can see exactly what is happening. I tested without transparent proxy and worked fine. I test with transparent = source with the additional conf bellow in both Stunnel and worked fine as well. iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter iptables -t nat -A PREROUTING -i ens224 -p tcp --dport 80 -j DNAT --to-destination 6.0.0.1:8080 I tested transparent = destination with several modification from the config bellow without success. No conf delivery packets with 7.0.0.2:443 on the Stunnel Client ens192 via 9.0.0.1 to be accept on Stunnel server 9.0.0.2:443. /sbin/iptables -I INPUT -i ens192 -p tcp --dport 8080 -j ACCEPT /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 \ -i ens192 -j DNAT --to-destination 9.0.0.1:443 Any help to show me what is wrong would be appreciated. Thanks in advanced, Luis Monteiro

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users January 2019