When I use either of these two versions of stunnel the round-robin for “connect” only sends connections to the first host listed on the configuration file.  However the round-robin works in Stunnel 4.56,4.55,4.54 and 4.53.  Anyone else have this issue? 

 

Thank you,

Pete Sangas

 

 

./stunnel -version

stunnel 5.00 on x86_64-unknown-linux-gnu platform

Compiled/running with OpenSSL 1.0.1g 7 Apr 2014

Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS

 

Global options:

debug                  = daemon.notice

RNDbytes               = 64

RNDfile                = /dev/urandom

RNDoverwrite           = yes

 

Service-level options:

ciphers                = FIPS (with "fips = yes")

ciphers                = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")

curve                  = prime256v1

sessionCacheSize       = 1000

sessionCacheTimeout    = 300 seconds

sslVersion             = TLSv1 (with "fips = yes")

sslVersion             = TLSv1 for client, all for server (with "fips = no")

stack                  = 65536 bytes

TIMEOUTbusy            = 300 seconds

TIMEOUTclose           = 60 seconds

TIMEOUTconnect         = 10 seconds

TIMEOUTidle            = 43200 seconds

verify                 = none

 

 

Config file  :

 

CApath = /xxx/certs/trusted

CAfile = /yyy/cacert.pem

ciphers = RC4-SHA

debug = daemon.7 

pid = /zzz/stunnel.pid

options = NO_SSLv2

foreground = yes

setgid = gid1

setuid = uid1

delay = no

fips=no

 

[stunnel]

TIMEOUTidle=86400

verify = 3

cert = /path/servercert.pem

 

accept = 443

failover=rr

connect = 10.1.1.50:23

connect = 10.1.1.60:23