Hi

 

I have a strange issue with stunnel 5.09 – which connects up to a F5 loadbalancer/SSL-offloading engine. In my config, I specify that the protocol must be TLSv1 – from Linux, I can connect – but it does not work from Windows..

 

 

Linux log:

 

2015.02.10 15:58:29 LOG7[22779]: Service [rb20] accepted (FD=3) from 127.0.0.1:33247

2015.02.10 15:58:29 LOG7[22887]: Service [rb20] started

2015.02.10 15:58:29 LOG5[22887]: Service [rb20] accepted connection from 127.0.0.1:33247

2015.02.10 15:58:29 LOG6[22887]: s_connect: connecting A.B.C.D:443

2015.02.10 15:58:29 LOG7[22887]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds

2015.02.10 15:58:29 LOG5[22887]: s_connect: connected A.B.C.D:443

2015.02.10 15:58:29 LOG5[22887]: Service [rb20] connected remote server from 10.11.12.101:33477

2015.02.10 15:58:29 LOG7[22887]: Remote socket (FD=11) initialized

2015.02.10 15:58:29 LOG6[22887]: SNI: sending servername: host.domain.com

2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): before/connect initialization

2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write client hello A

2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 read server hello A

2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 read finished A

2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write change cipher spec A

2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 write finished A

2015.02.10 15:58:29 LOG7[22887]: SSL state (connect): SSLv3 flush data

2015.02.10 15:58:29 LOG7[22887]:    1 items in the session cache

2015.02.10 15:58:29 LOG7[22887]:    5 client connects (SSL_connect())

2015.02.10 15:58:29 LOG7[22887]:    5 client connects that finished

2015.02.10 15:58:29 LOG7[22887]:    0 client renegotiations requested

2015.02.10 15:58:29 LOG7[22887]:    0 server connects (SSL_accept())

2015.02.10 15:58:29 LOG7[22887]:    0 server connects that finished

2015.02.10 15:58:29 LOG7[22887]:    0 server renegotiations requested

2015.02.10 15:58:29 LOG7[22887]:    4 session cache hits

2015.02.10 15:58:29 LOG7[22887]:    0 external session cache hits

2015.02.10 15:58:29 LOG7[22887]:    0 session cache misses

2015.02.10 15:58:29 LOG7[22887]:    0 session cache timeouts

2015.02.10 15:58:29 LOG6[22887]: SSL connected: previous session reused

2015.02.10 15:58:29 LOG7[22779]: Service [rb20] accepted (FD=12) from 127.0.0.1:33249

2015.02.10 15:58:29 LOG6[22887]: Read socket closed (read hangup)

2015.02.10 15:58:29 LOG7[22887]: Sending close_notify alert

2015.02.10 15:58:29 LOG7[22887]: SSL alert (write): warning: close notify

2015.02.10 15:58:29 LOG6[22887]: SSL_shutdown successfully sent close_notify alert

2015.02.10 15:58:29 LOG7[22888]: Service [rb20] started

2015.02.10 15:58:29 LOG5[22888]: Service [rb20] accepted connection from 127.0.0.1:33249

2015.02.10 15:58:29 LOG6[22888]: s_connect: connecting A.B.C.D:443

2015.02.10 15:58:29 LOG7[22888]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds

2015.02.10 15:58:29 LOG5[22888]: s_connect: connected A.B.C.D:443

2015.02.10 15:58:29 LOG5[22888]: Service [rb20] connected remote server from 10.11.12.101:33479

2015.02.10 15:58:29 LOG7[22888]: Remote socket (FD=13) initialized

2015.02.10 15:58:29 LOG6[22888]: SNI: sending servername: ssl39.dmsave.com

2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): before/connect initialization

2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write client hello A

2015.02.10 15:58:29 LOG6[22887]: SSL socket closed (SSL_read)

2015.02.10 15:58:29 LOG7[22887]: Sent socket write shutdown

2015.02.10 15:58:29 LOG5[22887]: Connection closed: 136 byte(s) sent to SSL, 52 byte(s) sent to socket

2015.02.10 15:58:29 LOG7[22887]: Remote socket (FD=11) closed

2015.02.10 15:58:29 LOG7[22887]: Local socket (FD=3) closed

2015.02.10 15:58:29 LOG7[22887]: Service [rb20] finished (1 left)

2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 read server hello A

2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 read finished A

2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write change cipher spec A

2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 write finished A

2015.02.10 15:58:29 LOG7[22888]: SSL state (connect): SSLv3 flush data

2015.02.10 15:58:29 LOG7[22888]:    1 items in the session cache

2015.02.10 15:58:29 LOG7[22888]:    6 client connects (SSL_connect())

2015.02.10 15:58:29 LOG7[22888]:    6 client connects that finished

2015.02.10 15:58:29 LOG7[22888]:    0 client renegotiations requested

2015.02.10 15:58:29 LOG7[22888]:    0 server connects (SSL_accept())

2015.02.10 15:58:29 LOG7[22888]:    0 server connects that finished

2015.02.10 15:58:29 LOG7[22888]:    0 server renegotiations requested

2015.02.10 15:58:29 LOG7[22888]:    5 session cache hits

2015.02.10 15:58:29 LOG7[22888]:    0 external session cache hits

2015.02.10 15:58:29 LOG7[22888]:    0 session cache misses

2015.02.10 15:58:29 LOG7[22888]:    0 session cache timeouts

2015.02.10 15:58:29 LOG6[22888]: SSL connected: previous session reused

 

 

Windows log:

 

2015.02.10 16:07:36 LOG7[9528]: Service [rb20] accepted (FD=1128) from 127.0.0.1:50353

2015.02.10 16:07:36 LOG7[9528]: Creating a new thread

2015.02.10 16:07:36 LOG7[9528]: New thread created

2015.02.10 16:07:36 LOG7[7056]: Service [rb20] started

2015.02.10 16:07:36 LOG5[7056]: Service [rb20] accepted connection from 127.0.0.1:50353

2015.02.10 16:07:36 LOG6[7056]: s_connect: connecting A.B.C.D:443

2015.02.10 16:07:36 LOG7[7056]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds

2015.02.10 16:07:36 LOG5[7056]: s_connect: connected A.B.C.D:443

2015.02.10 16:07:36 LOG5[7056]: Service [rb20] connected remote server from 192.168.225.103:50354

2015.02.10 16:07:36 LOG7[7056]: Remote socket (FD=1124) initialized

2015.02.10 16:07:36 LOG6[7056]: SNI: sending servername: host.domain.com

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): before/connect initialization

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write client hello A

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server hello A

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server certificate A

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read server done A

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write client key exchange A

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write change cipher spec A

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 write finished A

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 flush data

2015.02.10 16:07:36 LOG7[7056]: SSL state (connect): SSLv3 read finished A

2015.02.10 16:07:36 LOG7[7056]:    1 items in the session cache

2015.02.10 16:07:36 LOG7[7056]:    1 client connects (SSL_connect())

2015.02.10 16:07:36 LOG7[7056]:    1 client connects that finished

2015.02.10 16:07:36 LOG7[7056]:    0 client renegotiations requested

2015.02.10 16:07:36 LOG7[7056]:    0 server connects (SSL_accept())

2015.02.10 16:07:36 LOG7[7056]:    0 server connects that finished

2015.02.10 16:07:36 LOG7[7056]:    0 server renegotiations requested

2015.02.10 16:07:36 LOG7[7056]:    0 session cache hits

2015.02.10 16:07:36 LOG7[7056]:    0 external session cache hits

2015.02.10 16:07:36 LOG7[7056]:    0 session cache misses

2015.02.10 16:07:36 LOG7[7056]:    0 session cache timeouts

2015.02.10 16:07:36 LOG7[7056]: Peer certificate was cached (1521 bytes)

2015.02.10 16:07:36 LOG6[7056]: SSL connected: new session negotiated

2015.02.10 16:07:36 LOG6[7056]: Negotiated TLSv1 ciphersuite RC4-MD5 (128-bit encryption)

2015.02.10 16:07:36 LOG7[7056]: Compression: null, expansion: null

2015.02.10 16:07:36 LOG6[7056]: Read socket closed (readsocket)

2015.02.10 16:07:36 LOG7[7056]: Sending close_notify alert

2015.02.10 16:07:36 LOG7[7056]: SSL alert (write): warning: close notify

2015.02.10 16:07:36 LOG6[7056]: SSL_shutdown successfully sent close_notify alert

2015.02.10 16:07:36 LOG7[9528]: Service [rb20] accepted (FD=1132) from 127.0.0.1:50355

2015.02.10 16:07:36 LOG7[9528]: Creating a new thread

2015.02.10 16:07:36 LOG7[9528]: New thread created

2015.02.10 16:07:36 LOG7[2164]: Service [rb20] started

2015.02.10 16:07:36 LOG5[2164]: Service [rb20] accepted connection from 127.0.0.1:50355

2015.02.10 16:07:36 LOG6[2164]: s_connect: connecting A.B.C.D:443

2015.02.10 16:07:36 LOG7[2164]: s_connect: s_poll_wait A.B.C.D:443: waiting 10 seconds

2015.02.10 16:07:36 LOG5[2164]: s_connect: connected A.B.C.D:443

2015.02.10 16:07:36 LOG5[2164]: Service [rb20] connected remote server from 192.168.225.103:50356

2015.02.10 16:07:36 LOG7[2164]: Remote socket (FD=1152) initialized

2015.02.10 16:07:36 LOG6[2164]: SNI: sending servername: host.domain.com

2015.02.10 16:07:36 LOG7[2164]: SSL state (connect): before/connect initialization

2015.02.10 16:07:36 LOG7[2164]: SSL state (connect): SSLv3 write client hello A

2015.02.10 16:07:36 LOG6[7056]: SSL socket closed (SSL_read)

2015.02.10 16:07:36 LOG7[7056]: Sent socket write shutdown

2015.02.10 16:07:36 LOG5[7056]: Connection closed: 89 byte(s) sent to SSL, 52 byte(s) sent to socket

2015.02.10 16:07:36 LOG7[7056]: Remote socket (FD=1124) closed

2015.02.10 16:07:36 LOG7[7056]: Local socket (FD=1128) closed

2015.02.10 16:07:36 LOG7[7056]: Service [rb20] finished (1 left)

 

 

The main difference I can see, is that on Linux I get:

 

2015.02.10 15:58:29 LOG6[22887]: SSL connected: previous session reused

 

Whereas Windows gives me:

 

2015.02.10 16:07:36 LOG7[7056]: Peer certificate was cached (1521 bytes)

2015.02.10 16:07:36 LOG6[7056]: SSL connected: new session negotiated

 

Any idea why this happens ? The final result is that connections are possible from linux – but not Windows – and this is a problem for me…

 

Regards

/Brian