On 2/7/06, Michal Trojnara Michal.Trojnara@mobi-com.net wrote:
sergei wrote:
Is there any way to make stunnel without "client = yes" close connection "normal way" with FIN instead of RST ?
Stunnel resets connections for a reason. Probably it was reset by the other peer. Check your stunnel log files for details.
One reason I can think of is that load-balancer does not speak SSL and just tries to monitor SSL-speaking stunnel by opening a tcp connection. Its just like if you telnet to SSL-speaking end of stunnel and immediately close connection. After receiving FIN from you - stunnel will send RST back. Telnet does not care but this F5 BigIP does and takes it as a failure nevermind tha it was actually able to open connection. On the other hand, say, Apache with mod-ssl does not behave like that.
2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=4, (IN)->() 2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=6, (IN)->() 2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=7, (IN)->(IN) 2006.02.07 11:03:15 LOG7[12097:1]: Context set: 135 (dropped) -> 1 2006.02.07 11:03:15 LOG7[12097:1]: Current context: 1 2006.02.07 11:03:15 LOG7[12097:1]: Releasing context 135 2006.02.07 11:03:15 LOG7[12097:1]: a_service accepted FD=0 from load_balancer:61681 2006.02.07 11:03:15 LOG7[12097:1]: Creating a new context 2006.02.07 11:03:15 LOG7[12097:1]: Context 136 created 2006.02.07 11:03:15 LOG7[12097:136]: Context swap: 1 -> 136 2006.02.07 11:03:15 LOG7[12097:136]: a_service started 2006.02.07 11:03:15 LOG7[12097:136]: FD 0 in non-blocking mode 2006.02.07 11:03:15 LOG5[12097:136]: a_service connected from load_balancer:61681 2006.02.07 11:03:15 LOG7[12097:136]: SSL state (accept): before/accept initialization 2006.02.07 11:03:15 LOG3[12097:136]: SSL_accept: Peer suddenly disconnected 2006.02.07 11:03:15 LOG7[12097:136]: a_service finished (0 left) 2006.02.07 11:03:15 LOG5[12097:136]: stack_info: size=65536, current=4348 (6%), maximum=10472 (15%) 2006.02.07 11:03:15 LOG7[12097:136]: Context 136 closed 2006.02.07 11:03:15 LOG7[12097:0]: Waiting -1 second(s) for 3 file descriptor(s) 2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=4, (IN)->() 2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=6, (IN)->(IN) 2006.02.07 11:03:15 LOG7[12097:0]: CONTEXT 1, FD=7, (IN)->() 2006.02.07 11:03:15 LOG7[12097:1]: Context set: 136 (dropped) -> 1 2006.02.07 11:03:15 LOG7[12097:1]: Current context: 1 2006.02.07 11:03:15 LOG7[12097:1]: Releasing context 136 2006.02.07 11:03:15 LOG7[12097:1]: snapws accepted FD=0 from load_balancer:61683 2006.02.07 11:03:15 LOG7[12097:1]: Creating a new context 2006.02.07 11:03:15 LOG7[12097:1]: Context 137 created 2006.02.07 11:03:15 LOG7[12097:137]: Context swap: 1 -> 137 2006.02.07 11:03:15 LOG7[12097:137]: snapws started 2006.02.07 11:03:15 LOG7[12097:137]: FD 0 in non-blocking mode 2006.02.07 11:03:15 LOG5[12097:137]: snapws connected from load_balancer:61683 2006.02.07 11:03:15 LOG7[12097:137]: SSL state (accept): before/accept initialization 2006.02.07 11:03:15 LOG3[12097:137]: SSL_accept: Peer suddenly disconnected 2006.02.07 11:03:15 LOG7[12097:137]: snapws finished (0 left) 2006.02.07 11:03:15 LOG5[12097:137]: stack_info: size=65536, current=4348 (6%), maximum=10472 (15%) 2006.02.07 11:03:15 LOG7[12097:137]: Context 137 closed 2006.02.07 11:03:15 LOG7[12097:0]: Waiting -1 second(s) for 3 file descriptor(s)