Ditty,
Does this happen a lot? Is it always 30 seconds (exactly)? 30 seconds sounds suspiciously like an IO read timeout. Is the connection with the client a fast and reliable one?
-chris
On 12/21/20 13:09, dittyadler@gmail.com wrote:
Hi,
I'm running stunnel version 5.58 on Windows, everything works perfectly besides that sometimes stunnel gets stuck for 30 seconds - Nothing special in stunnel log, except for the 30 seconds delay:
2020.12.21 14:48:36 LOG6[8]: TLS connected: previous session reused 2020.12.21 14:48:36 LOG6[8]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2020.12.21 14:48:36 LOG6[8]: Peer temporary key: X25519, 253 bits 2020.12.21 14:48:36 LOG7[8]: Compression: null, expansion: null 2020.12.21 14:48:36 LOG6[8]: Session id: 8E62D0D8EB6359FEA7370E64AA7CC58EF9DB68059A5E01417E7038B773CE60D3 2020.12.21 14:48:36 LOG7[8]: TLS state (connect): SSL negotiation finished successfully 2020.12.21 14:48:36 LOG7[8]: TLS state (connect): SSL negotiation finished successfully 2020.12.21 14:48:36 LOG7[8]: Initializing application specific data for session authenticated 2020.12.21 14:48:36 LOG7[8]: New session callback 2020.12.21 14:48:36 LOG7[8]: Deallocating application specific data for session connect address 2020.12.21 14:48:36 LOG6[8]: Session id: AF8ED185555C6734403C71B514A3F6B75F8484A5AC4EAE6058CFF4D35D929B36 2020.12.21 14:48:36 LOG7[8]: TLS state (connect): SSLv3/TLS read server session ticket 30 sec delay 2020.12.21 14:49:06 LOG6[8]: Read socket closed (readsocket) 2020.12.21 14:49:06 LOG7[8]: Sending close_notify alert 2020.12.21 14:49:06 LOG7[8]: TLS alert (write): warning: close notify 2020.12.21 14:49:06 LOG6[8]: SSL_shutdown successfully sent close_notify alert 2020.12.21 14:49:06 LOG3[8]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing 2020.12.21 14:49:06 LOG7[8]: FD=4540 ifds=--x ofds=--- 2020.12.21 14:49:06 LOG7[8]: FD=4792 ifds=r-x ofds=--- 2020.12.21 14:49:06 LOG5[8]: Connection closed: 64 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.12.21 14:49:06 LOG7[8]: Remote descriptor (FD=4792) closed 2020.12.21 14:49:06 LOG7[8]: Local descriptor (FD=4540) closed 2020.12.21 14:49:06 LOG7[8]: Service [SLNP pem file] finished (0 left) log example when stunnel doesn't get stuck: 2020.12.21 14:49:06 LOG6[9]: TLS connected: previous session reused 2020.12.21 14:49:06 LOG6[9]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2020.12.21 14:49:06 LOG6[9]: Peer temporary key: X25519, 253 bits 2020.12.21 14:49:06 LOG7[9]: Compression: null, expansion: null 2020.12.21 14:49:06 LOG6[9]: Session id: AF8ED185555C6734403C71B514A3F6B75F8484A5AC4EAE6058CFF4D35D929B36 2020.12.21 14:49:06 LOG7[9]: TLS state (connect): SSL negotiation finished successfully 2020.12.21 14:49:06 LOG7[9]: TLS state (connect): SSL negotiation finished successfully 2020.12.21 14:49:06 LOG7[9]: Initializing application specific data for session authenticated 2020.12.21 14:49:06 LOG7[9]: New session callback 2020.12.21 14:49:06 LOG7[9]: Deallocating application specific data for session connect address 2020.12.21 14:49:06 LOG6[9]: Session id: 44E9010787EFDBC0FCA92724415AD30EF9EDB626D734D894061606C79CD26402 2020.12.21 14:49:06 LOG7[9]: TLS state (connect): SSLv3/TLS read server session ticket 2020.12.21 14:49:06 LOG6[9]: Read socket closed (readsocket) 2020.12.21 14:49:06 LOG7[9]: Sending close_notify alert 2020.12.21 14:49:06 LOG7[9]: TLS alert (write): warning: close notify 2020.12.21 14:49:06 LOG6[9]: SSL_shutdown successfully sent close_notify alert 2020.12.21 14:49:06 LOG3[9]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing 2020.12.21 14:49:06 LOG7[9]: FD=2464 ifds=r-x ofds=--- 2020.12.21 14:49:06 LOG7[9]: FD=2788 ifds=--x ofds=--- 2020.12.21 14:49:06 LOG5[9]: Connection closed: 64 byte(s) sent to TLS, 108 byte(s) sent to socket 2020.12.21 14:49:06 LOG7[9]: Remote descriptor (FD=2464) closed 2020.12.21 14:49:06 LOG7[9]: Local descriptor (FD=2788) closed 2020.12.21 14:49:06 LOG7[9]: Service [SLNP pem file] finished (0 left)
My stunnel conf: debug = 7 output = stunnel.log fips = no options = NO_SSLv2 [SLNP pem file] key = SLNP_urmsand01_new.pem cert = SLNP_urmsand01_new.pem client = yes accept = 8003 connect = host:6443 TIMEOUTbusy = 30 TIMEOUTclose = 0 TIMEOUTconnect = 60 TIMEOUTidle = 86400 With the old stunnel(5.14) it doesn’t happen.
Thanks,
Ditty. _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org