I have an application that sends XML encrypted traffic over TCP to Stunnel.  Stunnel is supposed to unencrypt and send to backend application unencrypted, however no traffic is sent.  I have used wireshark and I do see the client hello for tls1.2 and the server hello for tls 1.2 so the cipher negotiation is completed. 

 

Here is my config:

sslVersionMax = TLSv1.2

options = -NO_SSLv3

 

[https]

accept  = 27015

connect = 27001

cert = cert.pem

key = key.pem

TIMEOUTclose = 0

 

STunnel Log in Debug 7

2023.01.13 14:03:42 LOG7[16572]: Service [https] started

2023.01.13 14:03:42 LOG7[16572]: Setting local socket options (FD=1888)

2023.01.13 14:03:42 LOG7[16572]: Option TCP_NODELAY set on local socket

2023.01.13 14:03:42 LOG5[16572]: Service [https] accepted connection from xx.xx.xx.xx:62478

2023.01.13 14:03:42 LOG6[16572]: Peer certificate not required

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): before SSL initialization

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): before SSL initialization

2023.01.13 14:03:42 LOG7[16572]: Decrypt session ticket callback

2023.01.13 14:03:42 LOG7[16572]: Initializing application specific data for session authenticated

2023.01.13 14:03:42 LOG7[16572]: SNI: no virtual services defined

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read client hello

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write server hello

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write certificate

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write key exchange

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write server done

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write server done

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read client key exchange

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read change cipher spec

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS read finished

2023.01.13 14:03:42 LOG7[16572]: Generate session ticket callback

2023.01.13 14:03:42 LOG7[16572]: Initializing application specific data for session authenticated

2023.01.13 14:03:42 LOG7[16572]: Deallocating application specific data for session connect address

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write session ticket

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write change cipher spec

2023.01.13 14:03:42 LOG7[16572]: TLS state (accept): SSLv3/TLS write finished

2023.01.13 14:03:42 LOG7[16572]:     33 server accept(s) requested

2023.01.13 14:03:42 LOG7[16572]:     33 server accept(s) succeeded

2023.01.13 14:03:42 LOG7[16572]:      0 server renegotiation(s) requested

2023.01.13 14:03:42 LOG7[16572]:      0 session reuse(s)

2023.01.13 14:03:42 LOG7[16572]:      1 internal session cache item(s)

2023.01.13 14:03:42 LOG7[16572]:      0 internal session cache fill-up(s)

2023.01.13 14:03:42 LOG7[16572]:      0 internal session cache miss(es)

2023.01.13 14:03:42 LOG7[16572]:      0 external session cache hit(s)

2023.01.13 14:03:42 LOG7[16572]:      0 expired session(s) retrieved

2023.01.13 14:03:42 LOG6[16572]: TLS accepted: new session negotiated

2023.01.13 14:03:42 LOG6[16572]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)

2023.01.13 14:03:42 LOG3[16572]: SSL_get_peer_tmp_key: Peer suddenly disconnected

2023.01.13 14:03:42 LOG7[16572]: Compression: null, expansion: null

2023.01.13 14:03:42 LOG7[16572]: Deallocating application specific data for session connect address

2023.01.13 14:03:42 LOG6[16572]: s_connect: connecting 127.0.0.1:27001

2023.01.13 14:03:42 LOG7[16572]: s_connect: s_poll_wait 127.0.0.1:27001: waiting 10 seconds

2023.01.13 14:03:42 LOG7[16572]: FD=1472 ifds=rwx ofds=---

2023.01.13 14:03:42 LOG5[16572]: s_connect: connected 127.0.0.1:27001

2023.01.13 14:03:42 LOG6[16572]: persistence: 127.0.0.1:27001 cached

2023.01.13 14:03:42 LOG5[16572]: Service [https] connected remote server from 127.0.0.1:56732

2023.01.13 14:03:42 LOG7[16572]: Setting remote socket options (FD=1472)

2023.01.13 14:03:42 LOG7[16572]: Option TCP_NODELAY set on remote socket

2023.01.13 14:03:42 LOG7[16572]: Remote descriptor (FD=1472) initialized

2023.01.13 14:03:42 LOG6[16572]: SSL_read: Socket is closed

2023.01.13 14:03:42 LOG6[16572]: TLS socket closed (SSL_read)

2023.01.13 14:03:42 LOG7[16572]: Sent socket write shutdown

2023.01.13 14:03:42 LOG5[16572]: Connection closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

2023.01.13 14:03:42 LOG7[16572]: Remote descriptor (FD=1472) closed

2023.01.13 14:03:42 LOG7[16572]: Local descriptor (FD=1888) closed

2023.01.13 14:03:42 LOG7[16572]: Service [https] finished (1 left)

 

Any assistance you can provide would be glorious!

_________________________________

Gary Jackson