I am attempting to use stunnel to encrypt traffic between our backup client (Window2008R2) and our NetApp filer, but I'm not having any luck We would like to use the stunnel to redirect the port 80 calls to the filer (ubfs2.buffalo.edu) to port 443. Be design, the backup client (IBM Tivoli/TSM V6.2.4) makes a call to the Netapp over http.admin interface to tell it to create a snapshot. The filer listens on https.admin (not http.admin), and we don't want to turn on http.admin for security reasons. I've included the stunnel.config file, hosts file, and the output below. If anyone could give us a hand here it would be much appreciated. We tested this config on a Mac laptop and it works just fine, so I would assume that it has something to do with Windows2008R2
Stunnel.config
debug = 7 client = yes
[snapdiff] accept = localhost:80 connect = 128.205.5.55:443 sslVersion = all
hosts
127.0.0.1 localhost ubfs2.buffalo.edu
output
7[1596:4336]: No limit detected for the number of clients 2012.01.27 15:16:30 LOG5[1596:4336]: stunnel 4.52 on x86-pc-mingw32-gnu platform 2012.01.27 15:16:30 LOG5[1596:4336]: Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012 2012.01.27 15:16:30 LOG5[1596:4336]: Threading:WIN32 SSL:ENGINE,FIPS Auth:none Sockets:SELECT,IPv6 2012.01.27 15:16:30 LOG5[1596:4336]: Reading configuration from file stunnel.conf 2012.01.27 15:16:30 LOG5[1596:4336]: FIPS mode is enabled 2012.01.27 15:16:30 LOG7[1596:4336]: Compression not enabled 2012.01.27 15:16:30 LOG7[1596:4336]: Snagged 64 random bytes from C:/.rnd 2012.01.27 15:16:30 LOG7[1596:4336]: Wrote 1024 new random bytes to C:/.rnd 2012.01.27 15:16:30 LOG7[1596:4336]: PRNG seeded successfully 2012.01.27 15:16:31 LOG6[1596:4336]: Initializing SSL context for service snapdiff 2012.01.27 15:16:31 LOG7[1596:4336]: SSL options set: 0x00000004 2012.01.27 15:16:31 LOG6[1596:4336]: SSL context initialized 2012.01.27 15:16:31 LOG5[1596:4336]: Configuration successful 2012.01.27 15:16:31 LOG7[1596:4336]: Service snapdiff bound FD=396 to 127.0.0.1:80 2012.01.27 15:16:40 LOG7[1596:4336]: Service snapdiff accepted FD=452 from 127.0.0.1:51366 2012.01.27 15:16:40 LOG7[1596:4336]: Creating a new thread 2012.01.27 15:16:40 LOG7[1596:4336]: New thread created 2012.01.27 15:16:40 LOG7[1596:4336]: Service snapdiff accepted FD=460 from 127.0.0.1:51367 2012.01.27 15:16:40 LOG7[1596:4336]: Creating a new thread 2012.01.27 15:16:40 LOG7[1596:4336]: New thread created 2012.01.27 15:16:40 LOG7[1596:5080]: Service snapdiff started 2012.01.27 15:16:40 LOG5[1596:5080]: Service snapdiff accepted connection from 127.0.0.1:51366 2012.01.27 15:16:40 LOG6[1596:5080]: connect_blocking: connecting 128.205.5.55:443 2012.01.27 15:16:40 LOG7[1596:5080]: connect_blocking: s_poll_wait 128.205.5.55:443: waiting 10 seconds 2012.01.27 15:16:40 LOG7[1596:4720]: Service snapdiff started 2012.01.27 15:16:40 LOG5[1596:4720]: Service snapdiff accepted connection from 127.0.0.1:51367 2012.01.27 15:16:40 LOG6[1596:4720]: connect_blocking: connecting 128.205.5.55:443 2012.01.27 15:16:40 LOG7[1596:4720]: connect_blocking: s_poll_wait 128.205.5.55:443: waiting 10 seconds 2012.01.27 15:16:40 LOG5[1596:4720]: connect_blocking: connected 128.205.5.55:443 2012.01.27 15:16:40 LOG5[1596:4720]: Service snapdiff connected remote server from 128.205.4.234:51369 2012.01.27 15:16:40 LOG7[1596:4720]: Remote FD=508 initialized 2012.01.27 15:16:40 LOG3[1596:4720]: SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure 2012.01.27 15:16:40 LOG5[1596:4720]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2012.01.27 15:16:40 LOG7[1596:4720]: Service snapdiff finished (1 left) 2012.01.27 15:16:43 LOG5[1596:5080]: connect_blocking: connected 128.205.5.55:443 2012.01.27 15:16:43 LOG5[1596:5080]: Service snapdiff connected remote server from 128.205.4.234:51368 2012.01.27 15:16:43 LOG7[1596:5080]: Remote FD=480 initialized 2012.01.27 15:16:43 LOG3[1596:5080]: SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure 2012.01.27 15:16:43 LOG5[1596:5080]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2012.01.27 15:16:43 LOG7[1596:5080]: Service snapdiff finished (0 left)