OS: Windows 2003 SP2
SDK: 2003 R2 SDK
We have a multithreaded application that uses a REST-style
interface to an SSL-enabled UNIX box that only uses AES. I tried using WinHTTP,
but unfortunately, AES is broken in the 2003 version of WinHTTP (confirmed by
M$).
SO, I hook up stunnel, which works fine when I only start
one thread, but if I use more than 1 thread, I get the following error in the
stunnel.log. Note that the error is on thread 7140, and the connection is
immediately closed. I have retry logic that re-starts failed threads, and the
restarted thread works the second time. (of course, the first has finished, so
it is essentially running by itself.)
The other item of interest is that each thread is sending
about 500,000 bytes of data in chunks of 16,000 bytes, and my trace shows that
it usually fails after having written more than 100,000 bytes successfully.
Any suggestions or help would be greatly appreciated…
2009.04.10 13:17:01 LOG7[3016:7040]: SSL state
(connect): SSLv3 flush data
2009.04.10 13:17:01 LOG7[3016:7140]: SSL alert
(write): fatal: decrypt error <<<<< ----- NOTE FAILS HERE
ON thread 7140
2009.04.10 13:17:01 LOG7[3016:7040]: SSL state
(connect): SSLv3 read finished A
2009.04.10 13:17:01
LOG7[3016:7040]: 0 items in the session cache
2009.04.10 13:17:01 LOG7[3016:7040]: 20
client connects (SSL_connect())
2009.04.10 13:17:01 LOG7[3016:7040]: 19
client connects that finished
2009.04.10 13:17:01
LOG7[3016:7040]: 0 client renegotiations requested
2009.04.10 13:17:01
LOG7[3016:7040]: 0 server connects (SSL_accept())
2009.04.10 13:17:01
LOG7[3016:7040]: 0 server connects that finished
2009.04.10 13:17:01
LOG7[3016:7040]: 0 server renegotiations requested
2009.04.10 13:17:01
LOG7[3016:7040]: 0 session cache hits
2009.04.10 13:17:01
LOG7[3016:7040]: 0 session cache misses
2009.04.10 13:17:01
LOG7[3016:7040]: 0 session cache timeouts
2009.04.10 13:17:01 LOG6[3016:7040]: SSL connected:
new session negotiated
2009.04.10 13:17:01 LOG6[3016:7040]: Negotiated
ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2009.04.10 13:17:01 LOG3[3016:7140]: SSL_connect:
1408C095: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed
2009.04.10 13:17:01 LOG5[3016:7140]: Connection
reset: 0 bytes sent to SSL, 0 bytes sent to socket
2009.04.10 13:17:01 LOG7[3016:7140]: bycast-write-1
finished (1 left)
Configuratation file:
;Stunnel configuration for Acuo.
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log
; Use it for client mode
client=yes
verify=0
; Service-level configuration
[bycast-read-1]
accept = 18080
connect = 10.220.8.100:8080
;ciphers=AES128-SHA:AES256-SHA
TIMEOUTclose = 0
sslVersion = TLSv1
Founder - Lead Software Engineer
Phone: 651-744-9225 << NOTE new number
Fax: 651-730-4231
Cel: 651-592-5204
email: dale@acuotech.com
RSNA Booth #4980