- stunnel-users - stunnel.org

Number of tunnels open in Stunnel
by Moti Berger 21 Jun '21

21 Jun '21

Hi Is there a command I can run to get the current number of opened tunnels? I'm running Stunnel version 5.57. Thanks, Moti

1 0

Help needed for email client
by Ian Huysman 15 Jun '21

15 Jun '21

Hi, I just tried to configure stunnel as proxy between an email client (Outlook Express) and the email server (SMTP and IMAP). The problem is that the connection times out in the client while synchronising the IMAP folders. But I can send emails from the client. This is my relatively basic configuration: [SMTP] client = yes accept = 25 connect = smtp.office365.com:587 protocol = smtp [IMAP] client = yes accept = 143 connect = outlook.office365.com:993 protocol = imap Any help would be greatly appreciated! Regards, Ian.

3 2

SFTP over stunnel
by sameer_rm90＠hotmail.com 13 Jun '21

13 Jun '21

Hi, Is SFTP works over stunnel? If yes, how can configure it ?

2 1

connect with hostname obtains incorrect IP address
by stunnel＠dsbconsulting.com 11 Jun '21

11 Jun '21

Hello everyone. I'm trying to use stunnel to forward smtp traffic from an old webcam to an smtp server that requires TLS. Everything works fine if I put the IP address of the smtp server in the connect= line, but if I put the hostname there, stunnel tries to connect to a seemingly random IP address. This happens using stunnel on Windows 10 and also on my router with OpenWrt (linux) Here is the config file: [smtp] client = yes accept = 192.0.0.1:25 ;connect = 199.193.7.228:465 connect = smtp.privateemil.com:465 And here is the failing part of the stunnel log file: 2021.06.11 18:24:54 LOG5[0]: Service [smtp] accepted connection from 192.0.0.111:49334 2021.06.11 18:24:54 LOG6[0]: s_connect: connecting 47.91.170.222:465 2021.06.11 18:24:54 LOG7[0]: s_connect: s_poll_wait 47.91.170.222:465: waiting 10 seconds 2021.06.11 18:24:54 LOG7[0]: FD=6 events=0x2001 revents=0x0 2021.06.11 18:24:54 LOG7[0]: FD=10 events=0x2005 revents=0x0 2021.06.11 18:25:04 LOG3[0]: s_connect: s_poll_wait 47.91.170.222:465: TIMEOUTconnect exceeded Here is the result of ping for the smtp server: PING smtp.privateemail.com (199.193.7.228): 56 data bytes 64 bytes from 199.193.7.228: seq=0 ttl=237 time=103.059 ms

2 1

encrypted connection between application server and db server drops exactly after 300
by simona vittori 09 Jun '21

09 Jun '21

Hello, the encrypted connection between application server and db server drops exactly after 300 seconds. why? without stunnel this does not happen. we cannot understand why Thank a lot Simona

1 0

How to get high-precision timestamps in the stunnel logs
by jori.gielis＠telenetgroup.be 27 May '21

27 May '21

Hi, I want to use more accurate timestamps in the logs of stunnel. It would be nice to have milliseconds. Current format: 2021.05.27 19:00:59 LOG7[3]: Remote descriptor (FD=70) closed Needed format: 2021.05.27 19:00:59,718 LOG7[3]: Remote descriptor (FD=70) closed Is it possible to accomplish this in stunnel version 5.56? Thanks! Best regards

1 0

stunnel.pem Failure
by waynesmith philosophical-vistas.net 27 May '21

27 May '21

I preface this message to alert the reader that I remain a novice both in use of STunnel and Linux. I am trying to generate an SSL/TLS certificate for use w/ my various e-mail clients. I downloaded and extracted STunnel 5.59 on my Linux Mint Debian box. After perusing the files I issued the following command sudo ./configure --enable-fips Without repeating all the verbiage, it seemed to run properly. I then issued the following command make cert It returned the usual information requests (though it didn't ask for an e-mail address) but returned the following: /usr/bin/install -c -b -m 600 stunnel.pem /usr/local/etc/stunnel/stunnel.pem /usr/bin/install: cannot create regular file ‘/usr/local/etc/stunnel/stunnel.pem’: No such file or directory Makefile:549: recipe for target 'cert' failed make[1]: *** [cert] Error 1 make[1]: Leaving directory '/home/was/stunnel-5.59/tools' Makefile:883: recipe for target 'cert' failed make: *** [cert] Error 2 I negotiated through </usr/local/etc> and ascertained there was no </stunnel> folder. Unfortunately the permissions prevent me from creating this folder. I am thus stumped. Suggestions?

2 2

fixes for Solaris
by Pavel Heimlich 25 May '21

25 May '21

Hi, please find attached two patches that make stunnel 5.59 work better with Oracle Solaris. The first one fixes a few issues with the tests* - it removes unnecessary warning/error messages and adjusts the calls to netcat and ifconfig to what works on Solaris. The second one adds the location of 64 bit shared libraries for linking OpenSSL, similar to what has been added for Fedora. best regards P. * test result: test 010_require_cert ok test 011_verify_peer ok test 012_verify_chain ok test 013_CRL_file ok test 014_PSK_secrets ok test 015_p12_cert ok test 020_IPv6 ok test 021_FIPS skipped test 022_bind ok test 028_redirect_chain ok test 029_no_redirect_chain ok test 030_simple_execute ok test 031_redirect ok test 032_no_redirect ok test 033_redirect_exec ok test 034_no_redirect_exec ok test 035_SNI ok test 036_no_SNI ok test 037_failover_prio1 ok test 038_failover_prio2 ok test 039_failover_rr ok test 040_reload ok test 041_exec_connect ok test 042_inetd ok test 043_session_delay ok test 044_session_nodelay ok test 045_include ok test 046_resume_PSK ok test 047_resume_redirect ok test 048_resume_noredirect ok test 049_redirect_nocert ok test 050_ticket_secrets ok test 051_resume_cache_old skipped test 052_resume_cache ok test 053_resume_ticket ok test 054_resume_TLSv1_3 ok test 055_socket_close ok test 110_failure_require_cert ok test 111_failure_verify_peer ok test 112_failure_verify_chain ok test 113_failure_CRL_file ok test 114_failure_PSK_secrets ok test 115_failure_wrong_config ok test 121_failure_FIPS_ciphers skipped test 122_failure_FIPS_curves skipped summary: success 41, skip 4, fail 0 -- Pavel Heimlich | SW Developer Security Compliance & Globalization Oracle Czech s. r. o., U Trezorky 921/2, 158 00 Praha 5, Czech Republic

1 0

Stunnel stopped working..
by Alastair ＠ Expert Geeks 23 May '21

23 May '21

Hi all, I've been happily using stunnel for the same purpose and the same config for over year but it's suddenly stopped working. I was using it to wrap http shoutcast (port 8000) to https (port 8444). I'm using a letsencrypt cert. config: client = no [shoutcast] accept = 8444 connect = 127.0.0.1:8000 cert = /etc/letsencrypt/live/*server name*/fullchain.pem key = /etc/letsencrypt/live/*server name*/privkey.pem This keeps getting repeated in the log: 2021.05.22 22:18:27 LOG7[main]: Found 1 ready file descriptor(s) 2021.05.22 22:18:27 LOG7[main]: FD=4 events=0x2001 revents=0x0 2021.05.22 22:18:27 LOG7[main]: FD=9 events=0x2001 revents=0x1 2021.05.22 22:18:27 LOG7[main]: Service [shoutcast] accepted (FD=3) from *server ip*:40506 2021.05.22 22:18:27 LOG7[4]: Service [shoutcast] started 2021.05.22 22:18:27 LOG7[4]: Setting local socket options (FD=3) 2021.05.22 22:18:27 LOG7[4]: Option TCP_NODELAY set on local socket 2021.05.22 22:18:27 LOG5[4]: Service [shoutcast] accepted connection from *server ip*:40506 2021.05.22 22:18:27 LOG6[4]: Peer certificate not required 2021.05.22 22:18:27 LOG7[4]: TLS state (accept): before SSL initialization 2021.05.22 22:18:27 LOG3[4]: SSL_accept: ../ssl/record/ssl3_record.c:322: error:1408F09C:SSL routines:ssl3_get_record:http request 2021.05.22 22:18:27 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2021.05.22 22:18:27 LOG7[4]: Local descriptor (FD=3) closed 2021.05.22 22:18:27 LOG7[4]: Service [shoutcast] finished (0 left) (server ip & server name removed) Suggestions and recommendations gratefully received! Thanks.

2 1

Re: stunnel in Citrix Environment
by Eberhard 21 May '21

21 May '21

It is pretty much impossible for users to hijack each other. The connections are persistent and if a user drops it is gone. It won’t hijack or share. Having said that, if your app works like a Web browser (not persistent) then of course they will interleave and of course you need to use the same technique as browsers – cookies, hidden fields, whatever. E VICS, LLC Eric S Eberhard 2933 W Middle Verde Rd Camp Verde, AZ 86322 928-567-3727 (land line) 928-301-7537 (cell phone) <http://www.vicsmba.com/> http://www.vicsmba.com <https://www.facebook.com/groups/286143052248115> https://www.facebook.com/groups/286143052248115 From: Bruce Liptak <bliptakjr(a)gmail.com> Sent: Friday, May 21, 2021 10:35 AM To: stunnel-users(a)stunnel.org Subject: [stunnel-users] stunnel in Citrix Environment Hello stunnel-users, Currently we have an application using stunnel being presented by a Citrix presentation server. The first user authenticates over stunnel with a PKI cert and every user thereafter creates a prompt for the first user again and again for each user that also tries to get into the app. Is there a way for stunnel to be separated based on something that pertains to the user trying to get access? We are using a PKI solution based on certificates. It's like every new user is hijacking the first users' stunnel session. Any help would be appreciated! Thank you, Bruce Liptak <mailto:bliptakjr@gmail.com> bliptakjr(a)gmail.com CCNA R&S | VCA-DCV | Linux+ | Security+ | Network+

1 0