stunnel user group,
Thanks Yucong Sun or your help. I have changed the configuration file values to the values that you recommended. I didn't read the documentation careful enough.
[https] accept = 3600 connect = partnerlogin.advancedmd.com https://partnerlogin.advancedmd.com/practicemanager/xmlrpc/processrequest.a sp :443 (stopped and started the windows service to get the new configuration)
HOWEVER I'm still not getting stunnel to provide the interface to the https web server. I have a http client software which I have tried both GET and POST calls to https://localhost:3600/practicemanager/xmlrpc/processrequest.asp blocked::https://localhost:3600/practicemanager/xmlrpc/processrequest.asp
Every time the interface comes back with the error "The Connection to the Server was Reset while the Page was Loading"
So I decided to try the page using a standard web browser (Firefox and IE) thinking that my client software may have a problem. I opened the browser and entered the address https://localhost:3600/practicemanager/xmlrpc/processrequest.asp blocked::https://localhost:3600/practicemanager/xmlrpc/processrequest.asp Got the same results.
So I changed the configuration to go to the same web site as gmail with the following configuration.
[https] accept = 3600 connect = mail.google.com:443
When I try to open the page with the browser to address https://localhost:3600/mail/?hl=en blocked::https://localhost:3600/mail/?hl=en&shva=1#inbox &shva=1#inbox, I get the same error message.
NEXT I started WIRESHARK on the network and filtered for packets coming from/to my host computer. When I enter https://localhost:3600/mail/?hl=en blocked::https://localhost:3600/mail/?hl=en&shva=1#inbox &shva=1#inbox on the browser. The following details were captured by WIRESHARK. Source Destination Protocol Lenth Info 74.125.225.53 192.168.1.70 TLSV1 107 Application Data Protocol: http 192.168.1.70 74.125.255.53 TCP 54 https [ACK] Seq=1 Ack=54 win=16181 Len=0 74.125.225.53 192.168.1.70 TLSV1 112 Application Data Protocol: http 192.168.1.70 74.125.255.53 TLSV1 81 Encrypted Alert 192.168.1.70 74.125.255.53 TCP 54 60089 > https [FIN, ACK] Seq=28 Ack=112 win=16167 Len=0 192.168.1.70 74.125.255.54 TCP 1484 [TCP segment of a reassembled PDU] 192.168.1.70 74.125.255.53 TLSv1 316 Application Data 74.125.225.53 192.168.1.70 TCP 60 https > 60089 [FIN, ACK] Seq=112 Ack=29 win=196 len=0 192.168.1.70 74.125.255.53 TCP 54 60089 > https [ACK] Seq=29 Ack=113 win=16167 Len=0 74.125.225.54 192.168.1.70 TCP 60 https > 60113 [ACK] Seq=1 Ack=1693 win=285 len=0 74.125.225.54 192.168.1.70 TLSV1 457 Application Data Protocol: http 192.168.1.70 74.125.255.54 TCP 54 60113 > https [ACK] Seq=1693 Ack=404 win=16445 Len=0 SO the packets are being sent and returned, but the protocol is erroring out for GOOGLE MAIL.
NEXT When I configure the service for the other https web server. https://localhost:3600/practicemanager/xmlrpc/processrequest.asp blocked::https://localhost:3600/practicemanager/xmlrpc/processrequest.asp I get a simular exchange, but more reference to change cipher Spec. and http RST for different ip address Source Destination Protocol Lenth Info 192.168.1.70 74.125.255.54 TCP 66 60840 > https [SYN] 74.125.225.54 192.168.1.70 TCP 66 https > 60840 [SYN, ACK] 192.168.1.70 74.125.255.54 TCP 54 60840 > https [ACK] 192.168.1.70 74.125.255.54 TLSv1 451 client Hello 74.125.225.54 192.168.1.70 TCP 60 https > 60840 [ACK] 74.125.225.54 192.168.1.70 TLSv1 97 change cipher Spec, Encrypted Handshake Message 192.168.1.70 74.125.255.54 TLSv1 162 Application Data 74.125.225.54 192.168.1.70 TCP 60 https > 60840 [ACK] 192.168.1.70 98.137.80.34 TCP 54 60819 > http [RST, ACK]
STUNNEL LOG for partnerlogin.advancedmd.com:443 NO OBVIOUS ERRORS 2011.07.08 21:31:21 LOG7[4960:4568]: No limit detected for the number of clients 2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_socket#1: FD=144 allocated (blocking mode) 2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_socket#2: FD=148 allocated (blocking mode) 2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_accept: FD=152 allocated (non-blocking mode) 2011.07.08 21:31:21 LOG5[4960:4568]: stunnel 4.39 on x86-pc-mingw32-gnu platform 2011.07.08 21:31:21 LOG5[4960:4568]: Compiled/running with OpenSSL 1.0.0d 8 Feb 2011 2011.07.08 21:31:21 LOG5[4960:4568]: Threading:WIN32 SSL:ENGINE Auth:none Sockets:SELECT,IPv6 2011.07.08 21:31:21 LOG5[4960:4568]: Reading configuration from file stunnel.conf 2011.07.08 21:31:21 LOG7[4960:4568]: Snagged 64 random bytes from C:/.rnd 2011.07.08 21:31:22 LOG7[4960:4568]: Wrote 1024 new random bytes to C:/.rnd 2011.07.08 21:31:22 LOG7[4960:4568]: PRNG seeded successfully 2011.07.08 21:31:22 LOG7[4960:4568]: Configuration SSL options: 0x01000000 2011.07.08 21:31:22 LOG7[4960:4568]: SSL options set: 0x01000004 2011.07.08 21:31:22 LOG7[4960:4568]: Certificate: stunnel.pem 2011.07.08 21:31:22 LOG7[4960:4568]: Certificate loaded 2011.07.08 21:31:22 LOG7[4960:4568]: Key file: stunnel.pem 2011.07.08 21:31:22 LOG7[4960:4568]: Private key loaded 2011.07.08 21:31:22 LOG7[4960:4568]: SSL context initialized for service http 2011.07.08 21:31:22 LOG5[4960:4568]: Configuration successful 2011.07.08 21:31:22 LOG7[4960:4568]: accept socket: FD=144 allocated (non-blocking mode) 2011.07.08 21:31:22 LOG7[4960:4568]: Option SO_REUSEADDR set on accept socket 2011.07.08 21:31:22 LOG7[4960:4568]: Service http bound to 0.0.0.0:3600 2011.07.08 21:31:22 LOG7[4960:4568]: Service http opened FD=144
Do I need to have the Public Key Certificate for the remote serve installed in stunnel for it to access the page?
I'm trying to find a simple configuration to prove out that the basic stunnel application is working. Any suggestions?
Is there something basic that I'm missing? If I send a GET request, I should get a response from the https server that CONNECT is configurred for. Is there a compatibility issue between OpenSSL and https web server?
Thanks in advance for the help. Dan