I am running some tests against my stunnel configuration with Nessus.  I am able to get stunnel to exit silently when I run Nessus with the Nessus TCP Scan and Weak Supported SSL Cipher Suites test.  I have played with a few different options but the process consistently ends when these tests are run together.  Here is the config:

 

Linux testssl.capwin.net 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 00:45:16 EST 2007 i686 i686 i386 GNU/Linux

gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)

stunnel 4.20 on i686-pc-linux-gnu with OpenSSL 0.9.8b 04 May 2006

Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP

OpenSSL 0.9.8b 04 May 2006

 

 

Tail of log file during nessus tests

2008.01.15 21:24:30 LOG5[10646:3086605200]: XMPP accepted connection from 10.102.11.250:41781

2008.01.15 21:24:30 LOG7[10646:3086605200]: SSL state (accept): before/accept initialization

2008.01.15 21:24:30 LOG7[10646:3086605200]: SSL alert (write): fatal: handshake failure

2008.01.15 21:24:30 LOG3[10646:3086605200]: SSL_accept: 1408A10B: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number

2008.01.15 21:24:30 LOG5[10646:3086605200]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

2008.01.15 21:24:30 LOG7[10646:3086605200]: XMPP finished (0 left)

2008.01.15 21:24:30 LOG7[10646:3086608080]: XMPP accepted FD=7 from 10.102.11.250:41782

2008.01.15 21:24:30 LOG7[10646:3086605200]: XMPP started

2008.01.15 21:24:30 LOG7[10646:3086605200]: FD 7 in non-blocking mode

2008.01.15 21:24:30 LOG7[10646:3086605200]: TCP_NODELAY option set on local socket

2008.01.15 21:24:30 LOG7[10646:3086605200]: FD 8 in non-blocking mode

2008.01.15 21:24:30 LOG7[10646:3086605200]: FD 9 in non-blocking mode

2008.01.15 21:24:30 LOG7[10646:3086608080]: Cleaning up the signal pipe

2008.01.15 21:24:30 LOG6[10646:3086608080]: Child process 10676 finished with code 0

2008.01.15 21:24:30 LOG7[10646:3086605200]: Connection from 10.102.11.250:41782 permitted by libwrap

2008.01.15 21:24:30 LOG5[10646:3086605200]: XMPP accepted connection from 10.102.11.250:41782

2008.01.15 21:24:30 LOG7[10646:3086605200]: SSL state (accept): before/accept initialization

 

 

Joe A. Kemp

CapWIN Senior Systems Architect

6305 Ivy Lane Suite 300

Greenbelt, MD 20770

(P) 301-614-3727

(F) 301-614-0581