stunnel user group,

Thanks Yucong Sun or your help. I have changed the configuration file values to the values that you recommended. I didn't read the documentation careful enough.

[https]

accept = 3600

connect = partnerlogin.advancedmd.com:443

(stopped and started the windows service to get the new configuration)

HOWEVER

I'm still not getting stunnel to provide the interface to the https web server.

I have a http client software which I have tried both GET and POST calls to https://localhost:3600/practicemanager/xmlrpc/processrequest.asp

Every time the interface comes back with the error "The Connection to the Server was Reset while the Page was Loading"

So I decided to try the page using a standard web browser (Firefox and IE) thinking that my client software may have a problem.

I opened the browser and entered the address https://localhost:3600/practicemanager/xmlrpc/processrequest.asp Got the same results.

So I changed the configuration to go to the same web site as gmail with the following configuration.

[https]

accept = 3600

connect = mail.google.com:443

When I try to open the page with the browser to address https://localhost:3600/mail/?hl=en&shva=1#inbox, I get the same error message.

I started WIRESHARK on the network and filtered for packets coming from/to my host computer.

When I enter https://localhost:3600/mail/?hl=en&shva=1#inbox on the browser. The following details were captured by WIRESHARK.

Source Destination Protocol Lenth Info

74.125.225.53 192.168.1.70 TLSV1 107 Application Data Protocol: http

192.168.1.70 74.125.255.53 TCP 54 https [ACK] Seq=1 Ack=54 win=16181 Len=0

74.125.225.53 192.168.1.70 TLSV1 112 Application Data Protocol: http

192.168.1.70 74.125.255.53 TLSV1 81 Encrypted Alert

192.168.1.70 74.125.255.53 TCP 54 60089 > https [FIN, ACK] Seq=28 Ack=112 win=16167 Len=0

192.168.1.70 74.125.255.54 TCP 1484 [TCP segment of a reassembled PDU]

192.168.1.70 74.125.255.53 TLSv1 316 Application Data

74.125.225.53 192.168.1.70 TCP 60 https > 60089 [FIN, ACK] Seq=112 Ack=29 win=196 len=0

192.168.1.70 74.125.255.53 TCP 54 60089 > https [ACK] Seq=29 Ack=113 win=16167 Len=0

74.125.225.54 192.168.1.70 TCP 60 https > 60113 [ACK] Seq=1 Ack=1693 win=285 len=0

74.125.225.54 192.168.1.70 TLSV1 457 Application Data Protocol: http

192.168.1.70 74.125.255.54 TCP 54 60113 > https [ACK] Seq=1693 Ack=404 win=16445 Len=0

SO the packets are being sent and returned, but the protocol is erroring out for GOOGLE MAIL.

When I configure the service for the other https web server. https://localhost:3600/practicemanager/xmlrpc/processrequest.asp

I get a simular exchange, but more reference to change cipher Spec. and http RST for different ip address

Source Destination Protocol Lenth Info

192.168.1.70 74.125.255.54 TCP 66 60840 > https [SYN]

74.125.225.54 192.168.1.70 TCP 66 https > 60840 [SYN, ACK]

192.168.1.70 74.125.255.54 TCP 54 60840 > https [ACK]

192.168.1.70 74.125.255.54 TLSv1 451 client Hello

74.125.225.54 192.168.1.70 TCP 60 https > 60840 [ACK]

74.125.225.54 192.168.1.70 TLSv1 97 change cipher Spec, Encrypted Handshake Message

192.168.1.70 74.125.255.54 TLSv1 162 Application Data

74.125.225.54 192.168.1.70 TCP 60 https > 60840 [ACK]

192.168.1.70 98.137.80.34 TCP 54 60819 > http [RST, ACK]

STUNNEL LOG for partnerlogin.advancedmd.com:443 NO OBVIOUS ERRORS

2011.07.08 21:31:21 LOG7[4960:4568]: No limit detected for the number of clients
2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_socket#1: FD=144 allocated (blocking mode)
2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_socket#2: FD=148 allocated (blocking mode)
2011.07.08 21:31:21 LOG7[4960:4568]: make_sockets: s_accept: FD=152 allocated (non-blocking mode)
2011.07.08 21:31:21 LOG5[4960:4568]: stunnel 4.39 on x86-pc-mingw32-gnu platform
2011.07.08 21:31:21 LOG5[4960:4568]: Compiled/running with OpenSSL 1.0.0d 8 Feb 2011
2011.07.08 21:31:21 LOG5[4960:4568]: Threading:WIN32 SSL:ENGINE Auth:none Sockets:SELECT,IPv6
2011.07.08 21:31:21 LOG5[4960:4568]: Reading configuration from file stunnel.conf
2011.07.08 21:31:21 LOG7[4960:4568]: Snagged 64 random bytes from C:/.rnd
2011.07.08 21:31:22 LOG7[4960:4568]: Wrote 1024 new random bytes to C:/.rnd
2011.07.08 21:31:22 LOG7[4960:4568]: PRNG seeded successfully
2011.07.08 21:31:22 LOG7[4960:4568]: Configuration SSL options: 0x01000000
2011.07.08 21:31:22 LOG7[4960:4568]: SSL options set: 0x01000004
2011.07.08 21:31:22 LOG7[4960:4568]: Certificate: stunnel.pem
2011.07.08 21:31:22 LOG7[4960:4568]: Certificate loaded
2011.07.08 21:31:22 LOG7[4960:4568]: Key file: stunnel.pem
2011.07.08 21:31:22 LOG7[4960:4568]: Private key loaded
2011.07.08 21:31:22 LOG7[4960:4568]: SSL context initialized for service http
2011.07.08 21:31:22 LOG5[4960:4568]: Configuration successful
2011.07.08 21:31:22 LOG7[4960:4568]: accept socket: FD=144 allocated (non-blocking mode)
2011.07.08 21:31:22 LOG7[4960:4568]: Option SO_REUSEADDR set on accept socket
2011.07.08 21:31:22 LOG7[4960:4568]: Service http bound to 0.0.0.0:3600
2011.07.08 21:31:22 LOG7[4960:4568]: Service http opened FD=144

Do I need to have the Public Key Certificate for the remote serve installed in stunnel for it to access the page?

I'm trying to find a simple configuration to prove out that the basic stunnel application is working. Any suggestions?

Is there something basic that I'm missing?

If I send a GET request, I should get a response from the https server that CONNECT is configurred for.

Is there a compatibility issue between OpenSSL and https web server?

Thanks in advance for the help.

Dan