I have a personal webserver running on Win2K Pro SP4 that listens on port 17875. This server is accessible through my NAT and software firewall (ZoneAlarm Pro). I then installed STunnel with the following conf:
[https] accept=4430 connect=17875 TIMEOUTclose=0
Now, when I access https://<server>:4430, I get a HTTP 400 (Bad Request) error message, with both Internet Explorer 6 and FireFox 1.01. However, if I change the accept port from 4430 to 443 (and make the appropriate changes on the NAT for port forwarding), and use https://<server>, it works. I don't want to use the standard port. What am I doing wrong?
Here's the log that STunnel generated:
2005.03.16 08:33:26 LOG5[1044:288]: stunnel 4.08 on x86-pc-mingw32-gnu WIN32+IPv4 with OpenSSL 0.9.7e 25 Oct 2004 2005.03.16 08:33:26 LOG7[1044:1096]: RAND_status claims sufficient entropy for the PRNG 2005.03.16 08:33:26 LOG6[1044:1096]: PRNG seeded successfully 2005.03.16 08:33:26 LOG7[1044:1096]: Certificate: stunnel.pem 2005.03.16 08:33:26 LOG7[1044:1096]: Key file: stunnel.pem 2005.03.16 08:33:26 LOG5[1044:1096]: No limit detected for the number of clients 2005.03.16 08:33:26 LOG7[1044:1096]: FD 168 in non-blocking mode 2005.03.16 08:33:26 LOG7[1044:1096]: SO_REUSEADDR option set on accept socket 2005.03.16 08:33:26 LOG7[1044:1096]: https bound to 0.0.0.0:4430 2005.03.16 08:34:08 LOG7[1044:1096]: https accepted FD=180 from 192.168.0.2:4864 2005.03.16 08:34:08 LOG7[1044:1096]: FD 180 in non-blocking mode 2005.03.16 08:34:08 LOG7[1044:1096]: Creating a new thread 2005.03.16 08:34:08 LOG7[1044:1096]: New thread created 2005.03.16 08:34:08 LOG7[1044:896]: https started 2005.03.16 08:34:08 LOG5[1044:896]: https connected from 192.168.0.2:4864 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): before/accept initialization 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read client hello A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write server hello A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write certificate A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write server done A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 flush data 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read client key exchange A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 read finished A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write change cipher spec A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 write finished A 2005.03.16 08:34:08 LOG7[1044:896]: SSL state (accept): SSLv3 flush data 2005.03.16 08:34:08 LOG7[1044:896]: 1 items in the session cache 2005.03.16 08:34:08 LOG7[1044:896]: 0 client connects (SSL_connect()) 2005.03.16 08:34:08 LOG7[1044:896]: 0 client connects that finished 2005.03.16 08:34:08 LOG7[1044:896]: 0 client renegotiatations requested 2005.03.16 08:34:08 LOG7[1044:896]: 1 server connects (SSL_accept()) 2005.03.16 08:34:08 LOG7[1044:896]: 1 server connects that finished 2005.03.16 08:34:08 LOG7[1044:896]: 0 server renegotiatiations requested 2005.03.16 08:34:08 LOG7[1044:896]: 0 session cache hits 2005.03.16 08:34:08 LOG7[1044:896]: 1 session cache misses 2005.03.16 08:34:08 LOG7[1044:896]: 0 session cache timeouts 2005.03.16 08:34:08 LOG6[1044:896]: SSL accepted: new session negotiated 2005.03.16 08:34:08 LOG6[1044:896]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2005.03.16 08:34:08 LOG7[1044:896]: FD 200 in non-blocking mode 2005.03.16 08:34:08 LOG7[1044:896]: https connecting 127.0.0.1:17875 2005.03.16 08:34:08 LOG7[1044:896]: connect_wait: waiting 10 seconds 2005.03.16 08:34:08 LOG7[1044:896]: connect_wait: connected 2005.03.16 08:34:08 LOG7[1044:896]: Remote FD=200 initialized 2005.03.16 08:34:08 LOG7[1044:896]: Socket closed on read 2005.03.16 08:34:08 LOG7[1044:896]: SSL write shutdown 2005.03.16 08:34:08 LOG7[1044:896]: SSL alert (write): warning: close notify 2005.03.16 08:34:08 LOG7[1044:896]: SSL_shutdown retrying 2005.03.16 08:34:08 LOG7[1044:896]: s_poll_wait timeout waiting for SSL close_notify 2005.03.16 08:34:08 LOG5[1044:896]: Connection closed: 208 bytes sent to SSL, 389 bytes sent to socket 2005.03.16 08:34:08 LOG7[1044:896]: https finished (0 left)
Any help much appreciated.
Thanks.