Hi,
We need to implement SNI functionality to connect to a web service hosted on Akamai. Can anyone share a process and config on how they manage it?
My stunnel config is the following:
[plivo-sni] client = yes accept = :23443 connect = api-ak.plivo.com:443 sni = *.plivo.com
I have a hosts file entry that redirects api-ak.plivo.com to 127.0.0.1.
Below is the stunnel log file:
2021.10.06 16:17:12 LOG6[main]: Initializing inetd mode configuration 2021.10.06 16:17:12 LOG7[main]: Running on Windows 6.2 2021.10.06 16:17:12 LOG7[main]: No limit detected for the number of clients 2021.10.06 16:17:12 LOG5[main]: stunnel 5.60 on x64-pc-mingw32-gnu platform 2021.10.06 16:17:12 LOG5[main]: Compiled/running with OpenSSL 1.1.1k 25 Mar 2021 2021.10.06 16:17:12 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI 2021.10.06 16:17:12 LOG7[main]: errno: (*_errno()) 2021.10.06 16:17:12 LOG7[service]: GUI message loop initialized 2021.10.06 16:17:12 LOG6[main]: Initializing inetd mode configuration 2021.10.06 16:17:12 LOG7[main]: Running on Windows 6.2 2021.10.06 16:17:12 LOG5[main]: Reading configuration from file stunnel.conf 2021.10.06 16:17:12 LOG5[main]: UTF-8 byte order mark detected 2021.10.06 16:17:12 LOG5[main]: FIPS mode disabled 2021.10.06 16:17:12 LOG6[main]: Compression enabled: 0 methods 2021.10.06 16:17:12 LOG7[main]: No PRNG seeding was required 2021.10.06 16:17:12 LOG6[main]: Initializing service [plivo] 2021.10.06 16:17:13 LOG6[main]: stunnel default security level set: 2 2021.10.06 16:17:13 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2021.10.06 16:17:13 LOG7[main]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2021.10.06 16:17:13 LOG7[main]: TLS options: 0x02100004 (+0x00000000, -0x00000000) 2021.10.06 16:17:13 LOG6[main]: Session resumption enabled 2021.10.06 16:17:13 LOG6[main]: Loading certificate from file: stunnel.pem 2021.10.06 16:17:13 LOG6[main]: Certificate loaded from file: stunnel.pem 2021.10.06 16:17:13 LOG6[main]: Loading private key from file: stunnel.pem 2021.10.06 16:17:13 LOG6[main]: Private key loaded from file: stunnel.pem 2021.10.06 16:17:13 LOG7[main]: Private key check succeeded 2021.10.06 16:17:13 LOG6[main]: DH initialization skipped: client section 2021.10.06 16:17:13 LOG7[main]: ECDH initialization 2021.10.06 16:17:13 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2021.10.06 16:17:13 LOG6[main]: Initializing service [plivo-sni] 2021.10.06 16:17:13 LOG6[main]: stunnel default security level set: 2 2021.10.06 16:17:13 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2021.10.06 16:17:13 LOG7[main]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2021.10.06 16:17:13 LOG7[main]: TLS options: 0x02100004 (+0x00000000, -0x00000000) 2021.10.06 16:17:13 LOG6[main]: Session resumption enabled 2021.10.06 16:17:13 LOG7[main]: No certificate or private key specified 2021.10.06 16:17:13 LOG4[main]: Service [plivo-sni] needs authentication to prevent MITM attacks 2021.10.06 16:17:13 LOG6[main]: DH initialization skipped: client section 2021.10.06 16:17:13 LOG7[main]: ECDH initialization 2021.10.06 16:17:13 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2021.10.06 16:17:13 LOG5[main]: Configuration successful 2021.10.06 16:17:13 LOG7[main]: Deallocating deployed section defaults 2021.10.06 16:17:13 LOG7[main]: Binding service [plivo] 2021.10.06 16:17:13 LOG7[main]: Listening file descriptor created (FD=668) 2021.10.06 16:17:13 LOG7[main]: Setting accept socket options (FD=668) 2021.10.06 16:17:13 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket 2021.10.06 16:17:13 LOG6[main]: Service [plivo] (FD=668) bound to 127.0.0.1:32443 2021.10.06 16:17:13 LOG7[main]: Binding service [plivo-sni] 2021.10.06 16:17:13 LOG7[main]: Listening file descriptor created (FD=672) 2021.10.06 16:17:13 LOG7[main]: Setting accept socket options (FD=672) 2021.10.06 16:17:13 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket 2021.10.06 16:17:13 LOG6[main]: Service [plivo-sni] (FD=672) bound to 127.0.0.1:23443 2021.10.06 16:17:18 LOG7[cron]: Cron thread initialized 2021.10.06 16:17:18 LOG6[cron]: Executing cron jobs 2021.10.06 16:17:18 LOG6[cron]: Cron jobs completed in 0 seconds 2021.10.06 16:17:18 LOG7[cron]: Waiting 86400 seconds 2021.10.06 16:23:40 LOG7[main]: Found 1 ready file descriptor(s) 2021.10.06 16:23:40 LOG7[main]: FD=580 ifds=r-x ofds=--- 2021.10.06 16:23:40 LOG7[main]: FD=668 ifds=r-x ofds=--- 2021.10.06 16:23:40 LOG7[main]: FD=672 ifds=r-x ofds=r-- 2021.10.06 16:23:40 LOG7[main]: Service [plivo-sni] accepted (FD=656) from 127.0.0.1:64364 2021.10.06 16:23:40 LOG7[main]: Creating a new thread 2021.10.06 16:23:40 LOG7[main]: New thread created 2021.10.06 16:23:40 LOG7[0]: Service [plivo-sni] started 2021.10.06 16:23:40 LOG7[0]: Setting local socket options (FD=656) 2021.10.06 16:23:40 LOG7[0]: Option TCP_NODELAY set on local socket 2021.10.06 16:23:40 LOG5[0]: Service [plivo-sni] accepted connection from 127.0.0.1:64364 2021.10.06 16:23:40 LOG6[0]: s_connect: connecting 127.0.0.1:443 2021.10.06 16:23:40 LOG7[0]: s_connect: s_poll_wait 127.0.0.1:443: waiting 10 seconds 2021.10.06 16:23:40 LOG7[0]: FD=700 ifds=rwx ofds=--- 2021.10.06 16:23:42 LOG3[0]: s_connect: connect 127.0.0.1:443: Connection refused (WSAECONNREFUSED) (10061) 2021.10.06 16:23:42 LOG3[0]: No more addresses to connect 2021.10.06 16:23:42 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2021.10.06 16:23:42 LOG7[0]: Local descriptor (FD=656) closed 2021.10.06 16:23:42 LOG7[0]: Service [plivo-sni] finished (0 left)
Thanks in anticipation.
Regards, AC