Issue:
Old Windows Server cannot be upgraded, but needs TLS 1.2
encryption. Stunnel looks like a solution, but I'm having issues
configuring it to work (It is "running" successfully with a pem
file and port 442). In IIS Manager btw, the website SSL Port is
set to 443.
I've tried searching (i.e. google "site: https://www.stunnel.org/pipermail/stunnel-users/
server 2003") and have found a few leads, but nothing that
addresses my issues in a way I understand. My ignorance I'm sure.
Server details:
Working Log with Port 442:
2020.02.24 15:24:37 LOG7[main]: Running on Windows 5.2
2020.02.24 15:24:37 LOG7[main]: No limit detected for the
number of clients
2020.02.24 15:24:37 LOG5[main]: stunnel 5.49 on
x86-pc-msvc-1500 platform
2020.02.24 15:24:37 LOG5[main]: Compiled/running with
OpenSSL 1.0.2p-fips 14 Aug 2018
2020.02.24 15:24:37 LOG5[main]: Threading:WIN32
Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2020.02.24 15:24:37 LOG7[main]: errno: (*_errno())
2020.02.24 15:24:37 LOG7[ui]: GUI message loop
initialized
2020.02.24 15:24:37 LOG7[main]: Running on Windows 5.2
2020.02.24 15:24:37 LOG5[main]: Reading configuration
from file stunnel.conf
2020.02.24 15:24:37 LOG5[main]: UTF-8 byte order mark
detected
2020.02.24 15:24:37 LOG5[main]: FIPS mode disabled
2020.02.24 15:24:37 LOG7[main]: Compression disabled
2020.02.24 15:24:37 LOG7[main]: No PRNG seeding was
required
2020.02.24 15:24:37 LOG6[main]: Initializing service
[https]
2020.02.24 15:24:37 LOG7[main]: Ciphers:
HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2020.02.24 15:24:37 LOG7[main]: TLS options: 0x03004004
(+0x00004000, -0x00000000)
2020.02.24 15:24:37 LOG6[main]: Loading certificate from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG6[main]: Certificate loaded from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG6[main]: Loading private key from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG6[main]: Private key loaded from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG7[main]: Private key check
succeeded
2020.02.24 15:24:37 LOG7[main]: ECDH initialization
2020.02.24 15:24:37 LOG7[main]: ECDH initialized with
curve prime256v1
2020.02.24 15:24:37 LOG6[main]: Initializing service
[domain]
2020.02.24 15:24:37 LOG7[main]: Ciphers:
HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2020.02.24 15:24:37 LOG7[main]: TLS options: 0x03014004
(+0x00014000, -0x00000000)
2020.02.24 15:24:37 LOG6[main]: Loading certificate from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG6[main]: Certificate loaded from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG6[main]: Loading private key from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG6[main]: Private key loaded from
file: C:\Program Files\stunnel\config\mywebsite.pem
2020.02.24 15:24:37 LOG7[main]: Private key check
succeeded
2020.02.24 15:24:37 LOG7[main]: ECDH initialization
2020.02.24 15:24:37 LOG7[main]: ECDH initialized with
curve prime256v1
2020.02.24 15:24:37 LOG5[main]: Configuration successful
2020.02.24 15:24:37 LOG7[main]: Binding service [https]
2020.02.24 15:24:37 LOG7[main]: Listening file descriptor
created (FD=292)
2020.02.24 15:24:38 LOG7[main]: Setting accept socket
options (FD=292)
2020.02.24 15:24:38 LOG6[main]: Service [https] (FD=292)
bound to 10.0.1.11:442
2020.02.24 15:24:38 LOG7[main]: Skipped SNI slave service
[domain]
2020.02.24 15:24:38 LOG7[cron]: Cron thread initialized
2020.02.24 15:25:38 LOG6[cron]: Executing cron jobs
2020.02.24 15:25:38 LOG6[cron]: Cron jobs completed in 0
seconds
2020.02.24 15:25:38 LOG7[cron]: Waiting 86400 seconds
Log Error with port 443:
Binding service [https] to 10.0.1.11:443: Permission denied
(WSAEACCES) (10013)
Conf:
sslVersion = TLSv1.2
--------------
Thanks,
Sean