OS: Windows 2003 SP2

SDK: 2003 R2 SDK

 

We have a multithreaded application that uses a REST-style interface to an SSL-enabled UNIX box that only uses AES. I tried using WinHTTP, but unfortunately, AES is broken in the 2003 version of WinHTTP (confirmed by M$).

 

SO, I hook up stunnel, which works fine when I only start one thread, but if I use more than 1 thread, I get the following error in the stunnel.log. Note that the error is on thread 7140, and the connection is immediately closed. I have retry logic that re-starts failed threads, and the restarted thread works the second time. (of course, the first has finished, so it is essentially running by itself.)

 

The other item of interest is that each thread is sending about 500,000 bytes of data in chunks of 16,000 bytes, and my trace shows that it usually fails after having written more than 100,000 bytes successfully.

 

Any suggestions or help would be greatly appreciated…

 

 

2009.04.10 13:17:01 LOG7[3016:7040]: SSL state (connect): SSLv3 flush data

 

2009.04.10 13:17:01 LOG7[3016:7140]: SSL alert (write): fatal: decrypt error  <<<<< ----- NOTE FAILS HERE ON thread 7140

 

2009.04.10 13:17:01 LOG7[3016:7040]: SSL state (connect): SSLv3 read finished A

2009.04.10 13:17:01 LOG7[3016:7040]:    0 items in the session cache

2009.04.10 13:17:01 LOG7[3016:7040]:   20 client connects (SSL_connect())

2009.04.10 13:17:01 LOG7[3016:7040]:   19 client connects that finished

2009.04.10 13:17:01 LOG7[3016:7040]:    0 client renegotiations requested

2009.04.10 13:17:01 LOG7[3016:7040]:    0 server connects (SSL_accept())

2009.04.10 13:17:01 LOG7[3016:7040]:    0 server connects that finished

2009.04.10 13:17:01 LOG7[3016:7040]:    0 server renegotiations requested

2009.04.10 13:17:01 LOG7[3016:7040]:    0 session cache hits

2009.04.10 13:17:01 LOG7[3016:7040]:    0 session cache misses

2009.04.10 13:17:01 LOG7[3016:7040]:    0 session cache timeouts

2009.04.10 13:17:01 LOG6[3016:7040]: SSL connected: new session negotiated

2009.04.10 13:17:01 LOG6[3016:7040]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

 

2009.04.10 13:17:01 LOG3[3016:7140]: SSL_connect: 1408C095: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed

 

2009.04.10 13:17:01 LOG5[3016:7140]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

2009.04.10 13:17:01 LOG7[3016:7140]: bycast-write-1 finished (1 left)

 

 

Configuratation file:

 

;Stunnel configuration for Acuo.

 

; Some performance tunings

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

 

 

; Some debugging stuff useful for troubleshooting

debug = 7

output = stunnel.log

 

; Use it for client mode

client=yes

verify=0

 

; Service-level configuration

 

[bycast-read-1]

accept  = 18080

connect = 10.220.8.100:8080

;ciphers=AES128-SHA:AES256-SHA

TIMEOUTclose = 0

sslVersion = TLSv1

 

Dale Kingsbury

Founder - Lead Software Engineer

Phone: 651-744-9225  << NOTE new number

Fax: 651-730-4231

Cel: 651-592-5204

email: dale@acuotech.com

 

RSNA Booth #4980